For the financial services industry, artificial intelligence has truly become the Holy Grail. Globally, banks are expected to spend as much as $5.6 billion on AI solutions in 2019, according to IDC.

According to McKinsey Global Institute, AI and ML will transform the banking sector though new applications around decision making and risk management, generating a value of more than $250 billion for the banking industry.

BFSI companies across the globe are now exploring beyond the basic applications of AI to much more matured use cases. Beyond digital marketing and chatbots, new applications in critical areas are emerging.

Quite often, AI is touted as the breakthrough technology that will redefine cybersecurity. Smart, autonomous security systems and tools are the need of the hour, certainly.

But, for a highly regulated industry that deals with massive volumes of critical data, does AI in itself present new security challenges?

Experts warn that artificial intelligence does introduce new vulnerabilities into the system.

“One of the biggest potential security risks comes right at the testing stage of AI applications,” says Sunil Mishra, Vice President Technology, Innoviti Payment Solutions.

“While developing a model using AI, the developers typically won’t be able to test it using dummy data. Unlike traditional applications, developers need large and real data sets with multiple dimensions to test AI applications to ensure better results. How does one create these data sets, how does one simulate that kind of volume and transaction size etc have always been a challenge,” he adds.

In the process, companies tend to use real data at the pre-production stage, which can cause serious security implications. This means that various stakeholders and systems involved in testing have access to sensitive data from the production servers!

Mishra feels that the existing controls and monitoring tools that companies have put in place will prove inadequate in an AI-driven environment. “IT teams today have plenty of monitoring, anti-hacker and compliance tools in place. But for an AI environment, these traditional tools won’t work as is. We normally don’t have proper data check-ups for each of the AI products that are capturing real data from the production systems,” says Mishra.

He also thinks that it’s important to ensure that all stakeholders and team members have a fair understanding about the implications of AI on data. The overall awareness around data classification, authentication, data protection and regulatory requirements etc needs to drastically improve as AI comes into picture. “Organizations need to put a very strict data governance structure in place, which clearly defines access controls and accountability.”

Many larger banks and financial services firms are actually refocusing on this aspect today. They are trying to enhance their systems and practices built for regular applications testing to address AI-driven applications.

“Many, for instance, have stand-alone environments and data partitioning for AI testing. I think as the technology evolves further and adoption matures, many of these attributes will be addressed” sums up Mishra.