{"id":2801,"date":"2024-03-27T15:53:02","date_gmt":"2024-03-27T20:53:02","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=79919"},"modified":"2024-03-27T15:53:02","modified_gmt":"2024-03-27T20:53:02","slug":"treasury-report-calls-out-cyber-risks-to-financial-sector-fueled-by-ai","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/03\/27\/treasury-report-calls-out-cyber-risks-to-financial-sector-fueled-by-ai\/","title":{"rendered":"Treasury report calls out cyber risks to financial sector fueled by AI"},"content":{"rendered":"<p><head> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"> <meta name=\"robots\" content=\"index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1\"> <!-- This site is optimized with the Yoast SEO Premium plugin v21.7 (Yoast SEO v21.7) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ --> <title>Treasury report calls out cyber risks to financial sector fueled by AI | CyberScoop<\/title> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/treasury-report-cyber-risks-ai-tools\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Treasury report calls out cyber risks to financial sector fueled by AI\"> <meta property=\"og:description\" content=\"The new report sounds the alarm on AI-specific cyber risks while highlighting best practices to combat them.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/treasury-report-cyber-risks-ai-tools\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-03-27T20:53:02+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/treasury-report-calls-out-cyber-risks-to-financial-sector-fueled-by-ai-2.jpg\"> <meta property=\"og:image:width\" content=\"1024\"> <meta property=\"og:image:height\" content=\"683\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"mbracken\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <!-- \/ Yoast SEO Premium plugin. --> <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1710875768g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css?m=1710299038g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1711491965g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=74528d75ce0daeb8628a\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/79919\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.4.3\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=79919\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Ftreasury-report-cyber-risks-ai-tools%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Ftreasury-report-cyber-risks-ai-tools%2F&amp;format=xml\"> <!-- Google Tag Manager --> <!-- End Google Tag Manager --> <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-79919 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/treasury-report-cyber-risks-ai-tools\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.358461538462\">\n<div class=\"single-article__header-content\" readability=\"30.830985915493\">\n<p> The new report sounds the alarm on AI-specific cyber risks while highlighting best practices to combat them. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"427\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/treasury-report-calls-out-cyber-risks-to-financial-sector-fueled-by-ai.jpg?resize=640%2C427&#038;ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/treasury-report-calls-out-cyber-risks-to-financial-sector-fueled-by-ai-2.jpg 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/treasury-report-calls-out-cyber-risks-to-financial-sector-fueled-by-ai-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/treasury-report-calls-out-cyber-risks-to-financial-sector-fueled-by-ai-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/treasury-report-calls-out-cyber-risks-to-financial-sector-fueled-by-ai-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/treasury-report-calls-out-cyber-risks-to-financial-sector-fueled-by-ai-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/treasury-report-calls-out-cyber-risks-to-financial-sector-fueled-by-ai-2.jpg?resize=505,337 505w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/treasury-report-calls-out-cyber-risks-to-financial-sector-fueled-by-ai-2.jpg?resize=1012,675 1012w\" sizes=\"(max-width: 1012px) 100vw, 1012px\"><figcaption> The front of the U.S. Treasury building on Jan. 3, 2024 in Washington, D.C. (Photo by J.David Ake\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"48.25752617801\"><body readability=\"97.954751131222\"><\/p>\n<p>The financial services industry could be increasingly vulnerable to cyber-enabled fraud perpetrated by threat actors leveraging artificial intelligence tools, according to a Treasury Department <a href=\"https:\/\/home.treasury.gov\/system\/files\/136\/Managing-Artificial-Intelligence-Specific-Cybersecurity-Risks-In-The-Financial-Services-Sector.pdf\">report<\/a> released Wednesday that examines AI-specific cyber risks to the critical infrastructure sector.<\/p>\n<p>The report, led by Treasury\u2019s Office of Cybersecurity and Critical Infrastructure Protection to fulfill a requirement in President Joe Biden\u2019s <a href=\"https:\/\/www.whitehouse.gov\/briefing-room\/presidential-actions\/2023\/10\/30\/executive-order-on-the-safe-secure-and-trustworthy-development-and-use-of-artificial-intelligence\/\">AI executive order<\/a>, delivers no cyber-related mandates to the financial services sector, nor does it recommend or argue against the use of AI in the industry\u2019s work. But the report, based in part on interviews with representatives from 42 financial services and tech-related companies, provides warnings to the industry at large about AI\u2019s potential to worsen fraud while also sharing best practices and AI use cases for cyber and fraud prevention.<\/p>\n<p>\u201cArtificial intelligence is redefining cybersecurity and fraud in the financial services sector, and the Biden administration is committed to working with financial institutions to utilize emerging technologies while safeguarding against threats to operational resiliency and financial stability,\u201d Under Secretary for Domestic Finance Nellie Liang <a href=\"https:\/\/home.treasury.gov\/news\/press-releases\/jy2212\">said in a statement<\/a>. \u201cTreasury\u2019s AI report builds on our successful public-private partnership for secure cloud adoption and lays out a clear vision for how financial institutions can safely map out their business lines and disrupt rapidly evolving AI-driven fraud.\u201d<\/p>\n<p>The fear of an uptick in cyber-enabled fraud is fueled by increased accessibility to emerging AI tools, the report notes, giving threat actors an \u201cadvantage by outpacing and outnumbering their AI targets,\u201d at least initially.&nbsp;<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>To combat that advantage, the report pushes financial institutions to \u201cexpand and strengthen their risk management and cybersecurity practices to account for AI systems\u2019 advanced and novel capabilities, consider greater integration of AI solutions into their cybersecurity practices, and enhance collaboration, particularly threat information sharing.\u201d<\/p>\n<p>Managing AI-related cyber risks should be akin to best practices in the protection of IT systems, the report said. Several of the participating financial institutions told the report\u2019s authors that their current practices match elements of the National Institute of Standards and Technology\u2019s <a href=\"https:\/\/www.nist.gov\/itl\/ai-risk-management-framework\">AI Risk Management Framework<\/a>, though \u201cmany also noted that it is challenging to establish practical and enterprise-wide policies and controls for emerging technologies like Generative AI.\u201d<\/p>\n<p>Other financial sector report participants said they were developing AI-specific risk management frameworks in-house, many of which are guided by the principles laid out in NIST\u2019s RMF as well as the Office for Economic Cooperation and Development\u2019s <a href=\"https:\/\/oecd.ai\/en\/ai-principles\">AI principles<\/a> and the Open Worldwide Application Security Project\u2019s <a href=\"https:\/\/owasp.org\/www-project-ai-security-and-privacy-guide\/\">AI security and privacy guide<\/a>.<\/p>\n<p>But the experimentation with and development of financial firms\u2019 in-house AI systems and frameworks underscores \u201ca widening capability gap\u201d between the biggest and smallest companies in the sector.<\/p>\n<p>\u201cOne firm has stated that it has approximately 400 employees working on fraud-prevention AI systems, and AI service providers noted being approached with thousands of use cases by larger firms,\u201d the report said. \u201cSmaller firms report that they do not have the IT resources or expertise to develop their own AI models; therefore, these firms solely rely on third-party or core service providers for such capabilities.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Many financial institution participants said they believed AI adoption was important because of the technology\u2019s potential to \u201csignificantly improve the quality and cost efficiencies of their cybersecurity and anti-fraud management functions.\u201d Among the ways in which cyber threat actors can utilize AI, the report specifically called out social engineering, malware and code generation, vulnerability discovery and disinformation. Cyberthreats to AI systems include data poisoning, data leakage, evasion and model extraction.&nbsp;<\/p>\n<p>The automation currently used by financial institutions for \u201ctime-consuming and labor-intensive anti-fraud and cybersecurity-related tasks\u201d will likely be enhanced by generative AI \u201cby capturing and processing broader and deeper data sets and utilizing more sophisticated analytics.\u201d Technologies of that kind, the report added, can also enable financial firms to take on \u201cmore proactive cybersecurity and fraud-prevention postures.\u201d&nbsp;<\/p>\n<p>Going forward, the financial services sector relayed that it would be helpful to have \u201ca common lexicon\u201d on AI tools to aid in more productive discussions with third parties and regulators, ensuring that all stakeholders are speaking the same language. Report participants also said their firms would \u201cbenefit from the development of best practices concerning the mapping of data supply chains and data standards.\u201d<\/p>\n<p>The Treasury Department said it would work with the financial sector, as well as NIST, the Cybersecurity and Infrastructure Security Agency and the National Telecommunications and Information Administration to further discuss potential recommendations tied to those asks.<\/p>\n<p>In the coming months, Treasury officials will collaborate with industry, other agencies, international partners and federal and state financial sector regulators on critical initiatives tied to AI-related challenges in the sector.&nbsp;<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"4.1467576791809\">\n<div class=\"author-card\" readability=\"15\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/treasury-report-calls-out-cyber-risks-to-financial-sector-fueled-by-ai-1.jpg?w=640&#038;ssl=1\" alt=\"Matt Bracken\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Bracken<\/h4>\n<p> Matt Bracken is the managing editor of FedScoop and CyberScoop, overseeing coverage of federal government technology policy and cybersecurity. Before joining Scoop News Group in 2023, Matt was a senior editor at Morning Consult, leading data-driven coverage of tech, finance, health and energy. He previously worked in various editorial roles at The Baltimore Sun and the Arizona Daily Star. You can reach him at matt.bracken@scoopnewsgroup.com. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p> <!-- .popular-stories__stories --> <\/div>\n<p><!-- .popular-stories__inner -->\n<\/div>\n<p><!-- .popular-stories --> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p> <!-- Start of HubSpot Embed Code --> <!-- End of HubSpot Embed Code --> <\/body> <a href=\"https:\/\/cyberscoop.com\/treasury-report-cyber-risks-ai-tools\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Treasury report calls out cyber risks to financial sector fueled<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[235,384,78,1585,509],"tags":[236,388,86,1589,511],"class_list":["post-2801","post","type-post","status-publish","format-standard","hentry","category-ai","category-artificial-intelligence-ai","category-cybersecurity","category-national-institute-of-standards-and-technology-nist","category-treasury-department","tag-ai","tag-artificial-intelligence-ai","tag-cybersecurity","tag-national-institute-of-standards-and-technology-nist","tag-treasury-department"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ai\/\" rel=\"category tag\">AI<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/artificial-intelligence-ai\/\" rel=\"category tag\">artificial intelligence (AI)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/national-institute-of-standards-and-technology-nist\/\" rel=\"category tag\">National Institute of Standards and Technology (NIST)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/treasury-department\/\" rel=\"category tag\">Treasury Department<\/a>","tag_info":"Treasury Department","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2801","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=2801"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2801\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=2801"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=2801"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=2801"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}