
Defending financial infrastructure in the adversarial AI era
Brian Heemsoth, Chief Information Security Officer, FIS
Key takeaways
- AI has materially expanded the attack surface for financial services infrastructure, lowering the cost and raising the ceiling for attackers across every stage of the attack lifecycle.
- Sophisticated threat actors now use AI to accelerate phishing, automate vulnerability discovery and exploit generation, orchestrate denial-of-service attacks and probe fraud detection models, increasing the speed and scale of attacks.
- Trusted defensive practices that protected institutions in the past may not scale in the future. Reviewing resiliency plans, patching SLAs and detection capabilities is critical to staying ahead of AI-driven threats.
For the past several years, the dominant conversations around AI in the financial sector have focused on how emerging AI capabilities can be leveraged to improve the efficiency of operations – or sometimes from a risk lens, regarding how AI capabilities may be misconfigured, contain bias or be misused in some way. While these topics remain important, we must also now urgently focus on how sophisticated threat actors, including cybercriminals and nation-states, may leverage AI capabilities to attack our institution.
The position of FIS® Cybersecurity, based on our direct testing and engagement with the broader cybersecurity community, is that the attack surface for financial services infrastructure has expanded materially. The speed and scale of attacks have increased, and the trusted defensive practices that protected our institutions in the past may not scale effectively in the future.
How adversaries are using AI against financial infrastructure
AI has lowered the cost and raised the ceiling for attackers across every stage of the attack lifecycle – from initial attack reconnaissance through data exfiltration and evasion of detection.
What your institution should be doing now
Cybersecurity and the protection of our critical financial services platforms is a top priority for FIS. As such, we have spent the past few months iteratively improving our existing cybersecurity and technology management capabilities to stay ahead of increasing threats.
FIS recommends that the following control areas be thoroughly reviewed by our partner institutions:
- Build and maintain a comprehensive asset register, including AI systems
Defensive posture against adversarial AI starts with knowing your technology footprint. Each system, application, and network that your institution relies on must be inventoried and documented.
- Develop a comprehensive inventory of systems, networks, and applications, including cloud environments, SaaS services, and software provided by third parties. Establish clear ownership for each and ensure records are regularly updated.
- Specifically denote systems that are exposed to the internet or to external parties via B2B connections.
- Include specific inventory of AI capabilities, including AI systems developed internally and those sourced from third parties.
- Maintain Software Bill of Material (SBOM) documentation, detailing open and closed-source components composing your firm’s software.
- Review and re-attest to the completeness of this inventory, at least bi-annually; establish processes to automate updates as your technology footprint evolves.
- Establish an AI-ready patching policy
Traditional approaches to vulnerability management will not be sufficient as AI-driven vulnerability discovery and attacks continue to proliferate. Review patching policies to assure that appropriate mechanisms are in place to evaluate vulnerability exposures, triage risk and remediate with proper urgency. Leverage automation to improve the efficiency of vulnerability discovery and patch deployment.
- Harden external-facing infrastructure and enforce least-privileged access
Internet-facing systems – applications, APIs and corporate infrastructure – represent the most critical exposure surface and should be thoroughly reviewed and hardened.
- Disabling unnecessary services.
- Assuring that operating systems, software, and other components are up to date.
- Reviewing identity systems to assure that only the least-required privileges are issued for all user accounts, and that privileged and nonhuman identities are sufficiently managed.
- Defense-in-depth controls, including endpoint security platforms, intrusion prevention systems and web application firewalls are properly tuned and configured to automatically update defenses based on the latest threat intelligence.
- Exhaustively test systems using adversarial testing
Assure that all systems are subject to penetration testing at an appropriate cadence. More exposed systems (i.e. those on the internet) should be tested most frequently, including regular “red team” style testing leveraging the latest attack techniques exhibited by real-world attackers. Leverage AI-driven adversarial testing to expand the depth and breadth of your testing capabilities.
- Assure detection and monitoring capabilities are AI-ready
Existing security monitoring and response functions should be thoroughly evaluated to assure their capability in maintaining pace with the increased volume and sophistication of cyberattacks. Performance metrics, including handling SLAs, should be closely monitored to assure efficacy in maintaining pace. Monitoring and response workflows also represent great opportunities for implementing agentic AI capabilities to augment human defenders.
Leverage resources from FS-ISAC and other trusted industry sources to assure your firm is ingesting and actioning the latest available threat intelligence and readiness resources – allowing your firms to proactively prepare for increasing AI threats and remain tactically protected day-to-day.
- Strengthen third-party and supply chain risk management
AI security risks raise the stakes for managing third and fourth-party security risks. Ensure that your firms have effective mechanisms in place to understand supply-chain usage of AI and the capabilities your partners have in place to manage emerging AI-driven security risks.
Add AI-specific security questionnaires into third-party due diligence processes and consider contractual rights for the audit of AI components and cybersecurity capabilities.
- Collaborate
One of the true beauties of the financial services industry is that no one is left on an island when it comes to managing cyber risks – the collaboration across the sector on both tactical and strategic risks provides each firm with major benefits.
This holds true for managing AI security risks – groups such as FS-ISAC and BPI have bespoke assessment models to help firms understand exactly where they stand on readiness, as well as working groups and other resources to arm firms in best managing these emerging risks.
- Thoroughly review and test resiliency plans
Review resiliency plans to assure that appropriate procedural and technical controls are in place to achieve designated recovery SLAs. Leverage tabletop testing as a mechanism to evaluate efficacy of response to AI-driven security incidents, including ability to recover critical systems.
How FIS is handling this
At FIS, we recognize the critical role that we play in delivering resilient financial services systems. As such, over time we have worked diligently to assure ourselves we have the right level of cyber defenses, as well as leveraged recent risk trends to further increase our cyber defenses.
FIS capabilities include:
- 24/7 Cyber Defense Center, including usage of agentic AI capabilities for triage and remediation of incidents.
If you would like FIS to assist your financial institution to defend against AI attacks, please contact Dan Collins @ dcollins@nebrcul.org to learn more.


