The Wakeup Call from AI Insiders

AI leaders are sounding the alarm that their own models can now help criminals find and exploit vulnerabilities in the financial system, and that’s exactly why banks and investment managers need partners like Conduit watching the wires.

In Washington this month, U.S. officials quietly summoned CEOs from top banks to warn them about a new Anthropic model that can systematically hunt for software vulnerabilities faster than human security teams. Executives were told that the same capability that helps defenders find bugs could be flipped by attackers to locate weaknesses in internal banking systems and expose sensitive customer data.

Treasury leadership and the Fed have made it clear: AI is lowering the barrier to sophisticated cyberattacks on the financial system and could make one of banks’ biggest existing risks - cyber and fraud – “worse,” not better, if it’s adopted without new defenses. One senior official underscored the urgency by pushing Anthropic to delay broad release of the tool until critical infrastructure players could prepare. Finding (and potentially exploiting) software vulnerabilities at speed and scale is clearly a severe risk to all technology systems. Software, infrastructure, and security teams need to be prepared for rapidly deploying and patching systems as these vulnerabilities are discovered.  

However, most security incidents occur not because of technical vulnerabilities, but rather social engineering (tricking humans).  While AI models are clearly strong at identifying software vulnerabilities, they are equally strong at crafting convincing social engineering scams.  Whether a simple email that sounds natural, or deep fake video, current and future models will continue to present an opportunity for criminals to refine their social engineering tactics. Conduit already protects many of the world’s largest investment managers across private equity, private credit, hedge funds, real estate, and venture capital, securing billions in transaction volume and preventing millions in losses from social engineering / wire fraud. In production, our platform has never lost a single dollar to wire fraud.

Deployments are built for the pace of today’s threat landscape: one private equity client was live within 48 hours, with automated validation on vendor and LP payments and zero disruption to treasury workflows.  

As AI arms both defenders and attackers, the question for banks and fund managers is no longer whether you’ll be targeted. It’s whether your payment process is ready when it happens. If you feel the same anxiety that AI executives now openly admit, that’s a sign it’s time to put a dedicated wire‑fraud defense between your people and the “Send Payment” button.

‍

‍