Exploring AI's Role in Finance and Security

2025 03 27 AI Roundtable Panel 02

Estimated read time: 1:20

    Summary

    The 2025 AI Roundtable Panel 02, hosted by the U.S. Securities and Exchange Commission, delved into the evolving role of artificial intelligence in the realms of fraud, authentication, and cybersecurity, particularly concerning financial markets. Industry experts discussed the dual-edged nature of AI as both a tool for innovation and a potential avenue for sophisticated fraud and security breaches. Key topics included investment scams facilitated by AI, adaptive cancer prevention strategies, and the potential for AI-powered market manipulation. Panelists also explored current authentication challenges, corporate safeguards, and the necessity of regulatory collaboration to mitigate risks. The event highlighted the urgent need for educational initiatives to better inform investors and firms about AI-related risks and safeguards moving forward.

      Highlights

      • Investment scams often start on social media and evolve into sophisticated schemes using AI technologies like deep fakes. πŸ•΅οΈβ€β™‚οΈ
      • Agentic AI represents a more autonomous form of intelligence with implications for investment fraud and market manipulation. πŸ€–
      • Despite being a potent tool for fraud, AI equally serves as a formidable ally in cybersecurity strategies. πŸ”’
      • The rise of agentic AI means a shift from narrow, task-specific AI to systems capable of complex, interconnected operations. πŸ”„
      • Collaboration between regulatory bodies and industries is crucial to counteract evolving threats posed by AI. 🀝

      Key Takeaways

      • AI is transforming investment scams, often leveraging deep fakes and massive data breaches to deceive individuals. πŸ€–
      • Agentic AI poses new challenges, making tracking and accountability in complex financial systems tougher. 🧠
      • Despite the complexities, AI can also bolster cybersecurity, providing new tools to detect and respond to threats. πŸ›‘οΈ
      • A balance of robust regulatory frameworks and advanced AI tools is essential to protect markets and investor interests. βš–οΈ
      • Education and awareness are crucial for individuals to safeguard themselves against emerging AI-driven threats. πŸ“š

      Overview

      AI's ability to mimic and deceive through enhanced deep fake techniques has fundamentally altered the landscape of investment fraud. Scammers now utilize social media channels to engage targets before employing AI to build trust and conduct schemes. This evolution demands heightened vigilance and innovative defense strategies.

        The discussion highlighted the revolutionary yet risky nature of agentic AIβ€”systems capable of independently navigating and interacting within various environments. These systems herald the arrival of new fraud mechanisms, but also present opportunities for innovative defenses and regulatory advancements.

          As AI technologies advance, the importance of regulatory frameworks in safeguarding against market manipulation cannot be overstated. Detailed dialogues explored how AI can obscure fraudulent activities and the imperative to bolster cybersecurity measures. The consensus was clear: education and inter-industry cooperation are pivotal in adapting to AI’s rapid developments.

            Chapters

            • 00:00 - 01:30: Introduction and Panelist Backgrounds The chapter introduces the panel discussion focusing on artificial intelligence and its influence on fraud authentication and cyber security. Alexis Hall, the acting national associate director of the division of examinations technology controls program, opens the session and begins the introductions of the panelists. The next panelist introduced is Brad Erenss, noted as the senior vice.
            • 01:30 - 09:00: Investment Scams and AI Impacts The chapter titled 'Investment Scams and AI Impacts' includes insights from several experts, including Michael Wellman, a professor at the University of Michigan, and Kristen Mccoule, the chief information security officer for Edward Jones. The focus is on understanding how AI affects financial markets and the nature of investment scams. The discussion highlights the implications of AI technology in the financial system, analyzing both its benefits and potential threats, including how it may be used or misused in investment scams.
            • 09:00 - 16:00: Authentication and Impostor Techniques Alex Leang from the Department of the Treasury and Katherine Forest from Paul Weiss discuss their roles in cybersecurity and digital technology.
            • 16:00 - 19:40: Cybersecurity Threats and AI The chapter titled 'Cybersecurity Threats and AI' discusses the impact of AI on cybersecurity threats, specifically focusing on how AI has changed the nature of investment scams targeting investors. The chapter begins with a brief mention of a technical segment called 'Waking Up with AI' before diving into the main topic of fraud in investments caused by AI technologies.
            • 19:40 - 23:00: Cybersecurity and AI Defense Strategies This chapter discusses the prevalent issue of investment scams, particularly in the realm of cybersecurity and AI defense strategies. It highlights the techniques used by fraudsters who typically initiate contact through social media, establishing trust before presenting fraudulent investment opportunities. These scams are detailed as an emerging and concerning trend, emphasizing the need for heightened awareness and defense mechanisms in the digital age.
            • 23:00 - 29:20: Market Manipulation and AI Impact The chapter titled 'Market Manipulation and AI Impact' discusses schemes that often start with a focus on cryptocurrency. Participants typically use romance-themed conversations, which later shift to an encrypted chat application. The objective is to build trust and eventually request funds from the victim. The use of AI has changed these attacks in two significant ways, although the transcript does not specify how in the given text.
            • 29:20 - 35:00: Investor Protection and AI Tools The chapter 'Investor Protection and AI Tools' discusses how AI is used by threat actors and fraudsters to build trust with their victims, a key aspect in committing fraud. It highlights the use of AI technologies, such as deep fakes, which can alter appearances and voices in video communications, assisting fraudsters in overcoming language barriers and creating convincing personas. This illustrates the potential risk posed by AI in aiding fraudulent activities.
            • 35:00 - 42:30: Conclusion and Housekeeping The conclusion emphasizes the evolving tactics of perpetrators leveraging AI to appear more trustworthy to victims. It highlights that the effectiveness of AI is contingent on the quality of data it is built and used with. The chapter also underscores a significant concern across industries, including finance, which is the rising number of data breaches.

            2025 03 27 AI Roundtable Panel 02 Transcription

            • 00:00 - 00:30 well hello and welcome to panel 2 uh thank you for joining us for this important and timely discussion on artificial intelligence and its impact on fraud authentication and cyber security before we jump into the discussion I'll take a few moments just to introduce ourselves uh my name is Alexis Hall and I'm the acting national associate director of the division of examinations uh technology controls program and going down the line I'll pass it over to Brad hi hi I'm Brad Erenss i'm the senior vice
            • 00:30 - 01:00 president of advanced analytics at FINRA i'm Michael Wellman i'm a professor of computer science and engineering at the University of Michigan i've been an AI researcher my entire career uh for the last many years a lot of my work has been focused on trying to understand the implications of AI uh on financial markets and the financial system my name is Kristen Mccoule and I am the chief information security officer for Edward Jones
            • 01:00 - 01:30 hello my name is Alex Leang and I work at the Department of the Treasury in the office of cyber security and critical infrastructure protection hi I'm Katherine Forest and I am uh head of the uh digital technology practice group at Paul Weiss as well as the head of the uh artificial intelligence area i'm a former federal judge from the SDNY and have been working in AI since uh 2018 and have written a couple of books on uh algorithmic bias virtual reality augmented reality and have a podcast uh
            • 01:30 - 02:00 called waking up with AI which is very technical and uh only 10-minute segments and uh goes through some of the topics we'll be talking about today well well thank you all for joining us um and for sharing your views with us today uh shall we begin okay well we're going to start with uh fraud targeting investors uh how has GNI changed the nature of investment scams
            • 02:00 - 02:30 so I'll jump in here when we look at investment scams there's a number of um scams that we're seeing across the board but investment scams specifically what we're seeing is that the fraudsters or the scammers will reach out and they'll start by to targeting somebody through social media and building a relationship that way from there they'll entice them with some sort of investment scheme or or opportunity I should say an investment opportunity for them which really is a scheme on the back end and
            • 02:30 - 03:00 typically they're focused on cryptocurrency sometimes they can be more of a a romance themed opportunity but typically they're focused on cryptocurrency and then they'll shift the conversation over to using an encrypted chat application from there they'll continue to build trust and eventually request funds when these happen and this is what the typical scheme looks like how AI has changed that it's in two different ways the first is that these attacks are
            • 03:00 - 03:30 directly dependent on the threat actor or the fraudster being able to build trust with the victim and one of the ways that AI helps do that is by utilizing technologies such as deep fakes to potentially change an appearance as part of a video conversation to change a voice to even help assist with how those early communications may come across if there's a potential language barrier so they're using AI to help build a persona
            • 03:30 - 04:00 that's more appealing to their victim and that they can trust in that the victim finds trustworthy the other way that we're seeing this is that AI is typically only as as good as the data that those models are built on or the data that they're used in conjunction with and one of the things that the industry has seen and this is not specific to the financial industry but across all industries is an unprecedented amount of data breaches
            • 04:00 - 04:30 between the end of 2023 through 2024 and into 2025 those data breaches have resulted in more than what we've historically seen where it's typically you know a username a password maybe some light contact information where now it's health records it's family records it's tax information it's DMV information so the wealth of data that's out there on individual citizens and available to these fraudsters and these scammers is unlike it's ever been that's
            • 04:30 - 05:00 compounded by the fact that that culturally we're living in a time where people are putting more and more data and personal data onto their social media pages and making them publicly available so their presence is just out there in a larger way because this data is available to the attackers they're able to use it in either directly in kind of targeting and training the AI models or as part of the schemes to continue to to to pick better targets to
            • 05:00 - 05:30 continue to build better trust with those targets and make their schemes more effective overall one of the the interesting pieces when we talk about AI in terms of these though is that still right now the process is somewhat manual on the attacker side so it's still real time interaction between a an an attacker and a victim we haven't seen a lot yet where we're looking at artificial intelligence fully being used to automate the conversations to target the individual
            • 05:30 - 06:00 to start the conversation to shift the conversation to transfer the funds that's something that we believe though is is right on the horizon especially as we're looking more at um a future with aic AI being used by these fraudsters and scammers and so let me uh jump in there on aentic AI so uh we'll start with a little bit of definition because uh in the last panel I found it very interesting to uh to have the various definitions of
            • 06:00 - 06:30 artificial intelligence described but with a Gentic AI uh we have a kind of artificial intelligence which will uh actually auto have an automated uh process where you've got AI that can navigate a variety of different environments uh and it can do it seamlessly without the need for additional human interaction and it can do it solo or it can do it in groups so uh agentic AI I think of uh as the uh
            • 06:30 - 07:00 when we're looking back in a couple of years at the world of AI everything will be agentic we're not going to have sort of uh single uh narrow AI anymore everything will be uh handoffs with batons but what that means if you think about it in terms of the investment world and I deal all the time with financial services clients that are from uh of every shape and size is that you've got a kind of sophistication that's coming and that in some for some tools has arrived but you've also got a
            • 07:00 - 07:30 problem of traceability and responsibility because the traceability and responsibility for agentic AI uh is a different uh bird of a different color if you will uh than it is with narrow AI tools or uh even just generative AI tools that are sort of sitting there and are solitary and you've can find the model and you can trace it back with aentic AI you've essentially got a for I mean it's a very sophisticated audience listening to the various panels and so I hardly have to describe it to you but
            • 07:30 - 08:00 you've essentially got a series of baton handoffs between the various agentic models that are occurring and what that means and that's assuming that you've only not uh one baton handoff between each bead if you will you can also have groups uh with sort of a center hub with aentic AI but what that really means for uh various kinds of financial services uh potential scams or uh fraud is that the ability to trace
            • 08:00 - 08:30 back where the problem occurs becomes increasingly more complicated it's already complicated but it's increasingly more complicated particularly and we'll talk about this I know a little bit later on when you've got aic tools that are they've got a bunch of APIs that are coming off of them reaching into uh the outer world exiting the building if you will and going who knows where so
            • 08:30 - 09:00 you've got these incredible capabilities uh you've got this ability to have a baton handoff that will obscure the origin of the fraud and that is actually leading to uh the potential for increased not only increased fraudulent schemes but decreased uh ability to uh to find and hold folks responsible so one thing that I uh often
            • 09:00 - 09:30 say to people is you've got to understand the provenence of the tool that you're using as we start to move into the world of agentic AI the providence of the tool is critical uh to make sure that you've got the tool right and you've got the permissions right so Aentic AI is changing the game and and what is it that we're seeing is there a typical anatomy of an investment scam yeah I I I'd start with um perhaps an old school uh panel that was probably held here 10 years ago on big data
            • 09:30 - 10:00 talking about volume variety uh and velocity i think what we're seeing right now across the space in fraud um is all of the benefits that firms are going to see from the use of generative AI and more traditional AI which has been used in the industry for quite some time around efficiency and effectiveness are translating to our adversarial actors who are committing the fraud against u be it broker dealers investment advisors
            • 10:00 - 10:30 or the uh the investing public what what you're seeing is when you look at the common use cases of generative AI um what you're seeing is hyperpersonalization right a firm can use that for marketing uh a adversary that's committing fraud can use that for fraud they can scrape the internet uh find all your personal information find all the information about a member firm in about us right every website has an about us sort of page uh and they can
            • 10:30 - 11:00 use that to their advantage they can discover new info right they can draft uh emails that are more consistent and what this really means is that we're seeing now a scale and speed that is rapidly increasing we're seeing a hyperpersonalization we're seeing a consistency in approach to email communications and outreach that is pretty much unprecedented uh we've all gotten the I'm a prince from this one far-off land uh letter or email over the
            • 11:00 - 11:30 years with all sorts of typos errors all sorts of things uh now that can be crafted to the sort of native language of the target and very specifically against their own interest we're also seeing a realism and an authenticity to the messages that are out there um that are are quite spot-on uh they look more real than they ever had before and when you even start talking about Agentic you're going to see an uh adaptability
            • 11:30 - 12:00 for essentially the fraud to dynamically change and we'll get into this on the cyber side of how the fraud will change based on the way it can scan and when you think just broadly speaking of the the steps that it takes to actually execute fraud generative AI and AI can be used at all of those steps be it recon scraping websites be it development be it actual code development right um you're going to see adversaries that are developing code
            • 12:00 - 12:30 very very quickly or they're going to be scanning sites for vulnerabilities that can be done with smart contracts they're being scanned all the time for vulnerabilities and then you're going to see it in the way they move funds out the way they exfiltrate funds and etc and areas from that thank you so I think it's a good time to move on to authentication how are impostors circumventing current authentication processes
            • 12:30 - 13:00 so um one of the things that we're seeing and and this kind of goes back to how did they do it before AI and how are they doing it today typically when you look at how fraudsters are targeting funds from a client they're doing it in in one of two ways at the highest level either they're finding ways to access the client accounts and steal the funds or they're finding ways to trick the the client or the investor into turning over the funds when we look at that first case and what it looks like today or or
            • 13:00 - 13:30 previously and historically without AI they would they would either target vulnerabilities in the applications or the web pages that clients log in to manage their investments or they would essentially do something we call credential harvesting which is through social media through fishing through text messaging scams they would obtain the credentials of the the clients or the investors and then they would use those to log into the sites in either case the end result was the same they would log in to a site as a client or gain access to a client's account and
            • 13:30 - 14:00 they would transfer funds out whatever funds were available that they could how that um for for a fraudster by doing that by targeting the firms and the accounts with the firms they were able to have a broad broad impact so they didn't have to do a a hyperargeted or hyperfocused on a client attack to gain trust they were just able to find the vulnerability at at a corporate level and be able to exploit that that was more straightforward for them and they had they had great return and benefits
            • 14:00 - 14:30 on those attacks if you look at it with them targeting clients individually without the use of AI that was a lot harder because they had to without having personally identifiable information they had to be building trust they had to be it um taking the time to come up with these investment scams and opportunities or building relationships to get the client to a part where they were comfortable saying "Okay I I trust you i believe who you say you are i believe you have an investment opportunity or I
            • 14:30 - 15:00 believe you're a potential romantic partner and I'm going to give you money." That was always a lot more work for the threat actors or the fraud fraudsters to perpetrate what we're seeing is that due to some shifts with the controls that corporations have been able to put in place to protect their firms against those attacks on the front end as well as artificial intelligence as I mentioned earlier being making it easier for fraudsters and scammers to
            • 15:00 - 15:30 hyperarget individuals we're seeing the shift where it's not that that the fraudsters are going after authentication controls for corporations anymore they're simply bypassing them altogether by targeting the individual and not the company and by doing this it's it's going to continue to get more scalable through agentic AI but that shift that the industry is seeing is really going to be unique because those
            • 15:30 - 16:00 corporate controls are standing up to what we're seeing right now the weakness is in the individual the vulnerability is in the individual and their trust and AI is allowing the attackers and the fraudsters to exploit that at a speed and scale we haven't seen before well we do expect that there will they will eventually as we Harding controls there they will eventually shift their focus back to the corporate corporate controls and we know that they'll likely start to use things like deep fake to to bypass
            • 16:00 - 16:30 vocal recognition or voice recognition and things like that in the future really right now where we're sitting is the focus on on perpetrating fraud directly against the individuals thank you and and are there any potential safeguards are there any controls that firms can employ um so yeah I can talk about this question from from the perspective of of Treasury although I will clarify that these are just offering some insights that we've gained gained in our office and this doesn't represent the views of the administration um so cyber threats
            • 16:30 - 17:00 to the US financial sector are inherently global and I think it's we sort of what Christian is saying like if you're targeting individual and you're sort of going against these potentially global threat actors in these large networks so you know we're starting from a difficult spot um and at treasury we work working with the sector and crossber information sharing and try to arm firms with all the latest information that we can provide um to how to defend against um any sorts of cyber attacks um but I think what's
            • 17:00 - 17:30 interesting is when you think about AI AI is a tool um and it it can enable um malicious use by bad actors but a lot of what it's doing is just sort of improving these sorts of typologies or threats that maybe already existed um so one thing that we say at at Treasury is um the best practices cyber security best practices still apply um so this includes uh choosing strong authentication methods um criminals will as we've just been discussing will challenge effectiveness of current identity solutions um Treasury is not in
            • 17:30 - 18:00 the business of sort of like cataloging attacks on firms but we we talked to a lot of firms and we've seen instances I'm sure many of you all have seen in the news of criminals using different methods such as video fakes or voice fakes to commit um high-profile heists um and and bypass traditional authentication methods um so Treasury um we always promote that customers and users always like turn on multiffactor authentication use strong factors and and all factors are also um it's a little tech all factors are not created
            • 18:00 - 18:30 equal um NIST has actually recommended the deprecation of SMS-based uh multiffactor because it's easier for attackers um to intercept and get in the middle of those attacks um also we recommend a firm to sort of lean on latest technologies such as like location based factors there's um there's just other ways to detect fraud um and actually as I think they were talking about in the previous panel um AI can be very effective at detecting fraud um if it's given sort of enough information to sort of make uh make those determinations
            • 18:30 - 19:00 if I could uh just maybe jump in and try to tie the two uh parts together i mean fraud and and authentication really are are are go together um two sides of of the coin here um I think maybe what we need is a broader notion of um authentication and availability of authentication uh infrastructure i think we're used to thinking of it was you know you're sure um my financial institution needs to know needs to have strong safeguards that I'm the one asking it to to take some you know
            • 19:00 - 19:30 actions on my account um but it's actually I on the street need some help to know that who I'm dealing with is who they say they're dealing with uh and making that more of a routine uh process you know we it it happened on the web you know uh uh routinely we by using a browser we are automatically get authentication that the party that claims to be using our URL you know through the SSL protocol is verifying that it has some certificate that's a
            • 19:30 - 20:00 very you know small kind of thing I would I would like to see uh much more routine availability of authentication of parties that meet in a variety of places that have the ability to uh established credentials not just who they are who they're working on behalf of or other propositions that they that we had infrastructure the the the the uh issue is that we can do a lot to make people skeptical and make them ask more questions but if we don't also give them affirmative ways to get reliable answers to the questions there's going to be a
            • 20:00 - 20:30 lot of reason just to not bother asking the question because you know I'm not going to be able to do anything about it anyway i I really like that and to echo that something that I think Greg on the previous panel had said when they said how do you combat some of these he said in in this space it's as simple as asking for their registration information and often a fraudster or scammer won't have that so by asking that it's just another way that you can validate who's on the other side and and knowing that real business doesn't happen on encrypted off-ch applications
            • 20:30 - 21:00 right and so being smart about those kinds of things and validating those kinds of things are are absolutely an easy way for individuals to protect themselves Thank you i I think that this is a good time um Alex mentioned just a moment ago uh cyber security best practices are still good practices so I think it's a good time for us to pivot to cyber security now so my first question regarding cyber security is the growth and proliferation of AI creating new cyber security vulnerabilities unfortunately yes um I I think you're
            • 21:00 - 21:30 going to see an evolution right now and we're already starting to see it on like malware uh I think uh the days of capture are also suddenly coming to a close so we can all clap on that on one hand but on the other hand we shouldn't clap because it is a way to sort of deter certain types of fraud that are out there i think um like I mentioned earlier vulnerability scanning uh is going to become a more prevalent problem it already is a problem but I think it's
            • 21:30 - 22:00 going to only increase and get worse because of the capabilities that are now within generative AI again a lot of teams that are developing software are using generative AI in-house at their own firms to do vulnerability scanning there's nothing essentially stopping adversarial actors from doing the same thing but from a slightly different angle uh to see where the vulnerabilities are at your firm i think deep fakes have been noted all along there's a lot of technology that has been used to defer I mean to deter
            • 22:00 - 22:30 certain types of attacks before that may be sort of waning in terms of their effectiveness uh and then also I I think we're one of the things that was a great promise for uh fraud a few years ago was behavioral analytics the way we use websites the way we go and use our phone the way we go from screen to screen when we're doing certain activities at financial services firms we each have sort of our own signature but over time the behavioral analytics may start to
            • 22:30 - 23:00 break down as being an effective way to deter it because generative AI can again generate certain behaviors and can also get enough information where it might be able to start to figure out your behavior so behavioral mimicking is something that we probably need to start worrying about a little bit as a as another vector of attack yeah and and uh let me jump in here in terms of some of the technologies that are coming uh we talked just a few
            • 23:00 - 23:30 minutes ago about Agentic AI and uh to back up for a minute in terms of where we've started only two years ago and where we are today is really sort of an extraordinary journey in terms of generative AI we go we went from LLMs and the capabilities of LLMs and a hallucination rate that was really quite high to uh ever more powerful and highly capable models which really make uh there are some very serious implications in terms of ensuring that those are uh
            • 23:30 - 24:00 you know the models are uh able to be deployed uh safely and a lot of work that's being done on that but then we also went to multimodal LLMs uh where MLLM M ended up increasing the capabilities of LLMs and basically every LLM now is a multimodal LLM uh we went to large reasoning models which was mentioned just briefly on the first panel and those using a a sort of a chain of thought kind of reasoning uh has increased the ability uh for these
            • 24:00 - 24:30 models to do all kinds of in-depth research and really quite extraordinary and highly accurate uh kinds of work and then we've got aentic AI that really crosses over all of these okay so Agentic AI doesn't have to be just one or just the other but it allows for a kind of independent navigation and that leads to cyber security vulnerabilities in sort of the following way if you've got an agentic AI that's deployed within
            • 24:30 - 25:00 a tool and that agentic AI talks to and communicates with the outside world through APIs and so it's got a bunch of fishing line hooks uh off of it that allows it to communicate with the outside world you've opened the door to the firm and we're used to that with highly sophisticated software right people have been talking about and looking at uh how they can lock down their firm in terms of cyber security with API access uh now
            • 25:00 - 25:30 for several decades but what we've got now are new tools that are new to the people who are actually grappling with the tools and we don't always have uh the kinds of information and disclosures about what's inside of the tool and what the APIs are and how the permissions can be actually built around the tools to ensure that you've closed the door and sealed the door off so we've really got
            • 25:30 - 26:00 with aentic AI and with these fishing line APIs that are allowing the information to come into a building or to leave a building we've got another vector uh of risk that has to be taken into account and we have to have uh vigilance I think about again the kinds of tools the kinds of permissions uh and how the door does close and when the door should open uh otherwise we've opened up a whole new a whole new area
            • 26:00 - 26:30 so uh I see aentic AI as a really exciting kind of uh set of capabilities but also something that we're all going to have to be watching very very carefully and what are some challenges that firms face as threat actors increase their use of AI to accelerate and automate their their capabilities i I think you know one of the first questions that people people tend to ask or point out is well if
            • 26:30 - 27:00 threat actors are using artificial intelligence against firms and against individuals can't those firms firms turn around and use artificial intelligence against the attackers against the bad guys and and the answer quite simply is absolutely and we have been doing that for years maybe not in the agentic form but in your more traditional machine learning there are a number of vendor tools out there that are their whole purpose is to aggregate large volumes of data that represents the activity happening within an environment and doing close to near real-time analysis
            • 27:00 - 27:30 on that to to find anomalies in the environment and to be able to detect potentially malicious activity across a firm so that's something that that security practitioners have absolutely been using comfortably for years knowing that I I want to focus the rest of my answer more on that agentic aspect because I think that's going to be the far more interesting piece we see going forward and and what I mean by that is that you know as you put it it's that ability to independently navigate
            • 27:30 - 28:00 through certain scenarios and so the way that we would see an attacker potentially use that is they might scan the entire perimeter looking for the opportunities to get into a firm or into an environment and once they're through there today today this is what they're doing all manually um they'd have to then go continue to look for the weakest points to continue to move forward in their attacks this can be very timely for them with Agentic AI that's going to be happening instantaneously what's different though in the the practitioner the defender's
            • 28:00 - 28:30 purpose on on using these Agentic AI models is what we care about at the end of the day what a threat actor doesn't care about is any regulatory or compliance obligations they certainly don't care about keeping the client's data secure keeping the funds secure they don't care about their reputation they don't care about the availability of a system so when they set these things loose in into a corporate environment there's a lot of chances for things to go wrong what they do could
            • 28:30 - 29:00 bring down systems it could it could prevent a firm from trading the threat actor has no obligation to care about that and and quite frankly they'd probably be amused if they made that happen from a defender side while you can still use these tools to defend they potentially still have some of the same implications so if we think about a newly exploited vulnerability that we'd find in the environment you can say "Oh this vulnerability needs to be patched we know there's an issue why couldn't we use an agentic AI solution to defend against that to detect that the
            • 29:00 - 29:30 vulnerability exists automatically find the code where the vulnerability exists go ahead and patch that code to make it so it can't be exploitable but what the Agentic AI system might miss is that through patching that system they break something further down the chain and maybe all of a sudden a platform that is critical to a firm related to to trading or being able to have their clients log in and check the balance of their accounts becomes unavailable so we they
            • 29:30 - 30:00 they have they have the potential to create an adverse effect within an environment and where the attackers don't care about that the defenders and the cyber practitioners absolutely will have to now the general concept of threat actors you know security practitioners we find a way to harden our environments and threat actors find a new avenue or a way around it and it's a constant leveling up game between the two this this is not new this has been going on for for decades at this point what I think is going to be really
            • 30:00 - 30:30 different though when we look at it in relation to Agentic AI and where I think we're going to have to keep a close eye on it is making sure that their use of agentic AI doesn't put them so far ahead of the defenders and the practitioners that that we have a gap there i think we are going to have a gap there for a little while we have to be comfortable with that gap and we have to make sure the gap doesn't get too wide or else or else um practitioners going to have a harder time catching up with it and that's going to be something that is going to be really critical for for
            • 30:30 - 31:00 network defenders to look at going forward is how do we balance that risk versus reward with using agentic AI to to prevent to detect and respond to potentially some sort of broadscale cyber attack against a firm or an institution or an organization and and can I just jump in here one second Alexis which is uh emergent behaviors because one of the things I think that uh is so hard to defend against is uh
            • 31:00 - 31:30 are the various emergent behaviors that these highly capable models are now showing and when you have aentic uh models that are interacting with one another they also have emergent social behaviors if you will that as to one and as to the other that when they're actually interacting we start to see things uh in terms of for instance their ability to communicate with one another in non-human language uh which allows for efficient handing of the baton over
            • 31:30 - 32:00 if you will the one agentic aure actor actually handing the baton over to another but that communication can also mean that we don't have the same kind of insight into what is being communicated so if you have a malicious actor who has misaligned a model right which you can do uh we understand that they can be uh aligned and they can be misaligned you have the possibility with some of these emergent behaviors to also have models
            • 32:00 - 32:30 that we actually start to lose a little bit of our control over so that's one thing I wanted to sort of just put out there which is there are things that we just don't know that there's and there's great academic literature right now coming out on some of this uh on some of this the second piece is quantum computing because as we start to see uh the vulnerabilities being explored and we start to see the uh with with agents knocking on the doors but they can knock on the doors and then they can go find their own second door to go knock on
            • 32:30 - 33:00 that door and then they can go down the hallway and knock on that door then they can circle back and knock on the door downstairs because they can navigate that environment well once we've got the stability uh with quantum computing that allows there to be a deployed product there'll be an immediate ability to assess the cyber security holes and that with that combined with the computational power of the AI it's going to be a really uh a really uh
            • 33:00 - 33:30 interesting and difficult moment yeah one thing we actively from a regulatory perspective would encourage um member firms to do and also um the the parties involved in the transactions in terms of financial services is reach out to your regulators to have discussions of what you're seeing in terms of challenges um as this is advancing so quickly we must operate together to basically figure out what
            • 33:30 - 34:00 those threats are to the industry and then as a regulatory role what we do at FINRA is we actually communicate down to the member firms the threats that we're seeing across the industry something may pop up at one firm that may not be present at another at that moment in time but you can rest assured that eventually over time the entire industry will be uh feeling the impacts of that potential threat vector and the more we can do to share the intelligence out
            • 34:00 - 34:30 gather it from our members share it across the members the more we can be proactive in our approach to to dealing with adversaries across the space i I love that you actually I'm going to kind of double click on two of these first Katherine I love that you brought up the the quantum aspect because people always ask me "Aren't you afraid of what artificial intelligence is going to do in terms of cyber security?" And I say "I am afraid of it but what I'm terrified of is the convergence between artificial intelligence and quantum computing because that's where we're really going to see the gamecher and not
            • 34:30 - 35:00 just in cyber security across every industry and every aspect of our lives." Um and and Brad just to double click on something what you that you just said as well is you know I mentioned earlier artificial intelligence models are only as effective as the data sets they're trained on and one of the things that we're very protective of is our data it's our it's our client's data and our privacy and things like that all firms are very protective of those things but one of the things that that we're going to have to potentially think about and get comfortable with an industry as as an industry is right now we may share
            • 35:00 - 35:30 information verbally across our groups but it's very high level and hey we're seeing this trend and we want to make you aware of this that's very common through a number of different um information sharing centers that have been set up and coordinated across different sectors but for defensive AI solutions or agentic AI solutions that are focused on defense and and defending against cyber attacks and fraudulent attacks to be effective they need to be trained on a broader set of data than what's available at a single individual
            • 35:30 - 36:00 firm and so how do we combat that as an industry because now we're talking um about sharing a lot more to be effective as an industry than just there's a certain tactic that threat actors are using for us to have the most effective defensive tools financial institutions and and not just financial institutions because because attacks aren't targeted solely towards financial institutions it's it's healthcare it's industry it's across the board how do we get comfort
            • 36:00 - 36:30 in sharing enough information likely with vendors to be able to build in those more advanced models into tools that are going to be more capable and operating in in agentic AI manners and effective ways so we talked a little bit about or a lot actually uh good dialogue about the challenges um but how can AI bolster cyber security threat detection and responses um so I think one of the I mean this has been a very interesting conversation so far um in in my role as treasury I spent
            • 36:30 - 37:00 a lot of times just talking to different firms to sort of get a sense of the landscape um and when we talk about AI there's we we're saying a lot of different things a lot of conversation has been about a guy that's the the probably the new exciting thing that everyone's talking about for for good reason um but the financial sector has been using machine learning and sort of so-called traditional artificial intelligence for like an upwards of of 20 years um and one of the first cases especially considering the regulated environment where firms have felt comfortable using that is in cyber
            • 37:00 - 37:30 security and firms um I think successfully do use artificial intelligence in cyber defense um endpoint detection um in systems such as those and I really want to hit on Kristen's point that to have like an effective cyber defense and artificial intelligence um cyber security is a team sport with another you know catchphrase we love saying at Treasury um in cyber data the sharing of cyber data and coming up with ways to share cyber data safely um ways that firms are comfortable with but is useful to firms that you know maybe they may consider competitors um
            • 37:30 - 38:00 is very important um and the sector has organizations such as the financial sector um ISAC um and there also are vendors um which many firms will use and firms sort of negotiate relationship with their vendor where they're allowed to share some data up and the vendor uses that to sort of automatically up update their detection system to um protect the whole sector because I think with the with sector and financial sector like an incident at one firm can have casc cascading effects um and that's sort of from an operational risk perspective is something we're very concerned about at treasury um so we
            • 38:00 - 38:30 want to work hard to protect um all firms um in order to protect the the entire sector um so of course generative AI as we discussed introduces a lot of interesting possibilities um and treasury just hopes that firms are able to use it effectively um but it we're in in a very exciting space um and I think that the possibilities of cyber defense with generative AI are very interesting I mean this this form sort of touched on fraud um and one thing that I think we see at Treasury is firms are maybe more
            • 38:30 - 39:00 comfortable sharing cyber data than they are fraud data fraud data often involves more personal information so there's um clearly much more risk with sharing i think firms maybe consider fraud anti-fraud maybe more competitive advantage in certain business lines um but Treasury um would like to come up with a way to encourage the sector to also share fraud data in a way that again will protect the entire entire sector because as we've been discussing on this panel fraud is is a huge issue that we're very concerned about so I'd
            • 39:00 - 39:30 like to make a a broad point just about the use of machine learning in defense uh cyber defense and just really in any system um it's very powerful and it can you often really improve the adaptivity and the the power of a of a defensive uh approach but it also introduces new vulnerabilities into the system itself uh what you know they would say in cyber security is that the attack surface uh is is much uh broadened by the use of machine learning because one could uh
            • 39:30 - 40:00 try to affect a machine learning system by giving it bad data or otherwise uh finding the the cases where it go where it goes wrong that may have not have been caught in testing and other kinds of things there's a whole field called adversarial machine learning that that tries to address that uh and even in you know in the area of of generative AI uh there's a it's kind of a a sport to try to jailbreak models that's the the term is used to get beyond whatever guard rails or or um safety systems that have been put in to try to make them avoid
            • 40:00 - 40:30 the uh unintended behaviors well turns out it's it's often pretty easy to do uh and uh as these tools get in the hands of everyday people they're going to be using tools that have these extra vulnerabilities uh I would not be surprised I'm not making I I I agree with the pre panelists last time we said to avoid predictions but I wouldn't be surprised to see uh commercial products
            • 40:30 - 41:00 uh say that purport to give uh uh do algorithmic trading for retail investors or or or otherwise using genai tools scan news and give them suggestions whatever uh those are themselves going to be of course very risky systems but also uh vulnerable to uh to attacks including you know various uh fraud types attacks thank you um let's turn to our last topic which is uh market manipulation so
            • 41:00 - 41:30 what is the potential impact on financial markets from AID fakes and fake news uh so actually you know continuing along the the um many of the things that we've already been discussed we talked about the use of uh you know deep fakes and the things I just uh as fraud it it also is a vector for broader scale kind of market manipulation uh just stepping back a bit um really um you know any kind of existing strategies for market
            • 41:30 - 42:00 manipulation can be enhanced by uh by AI could be further automated and of course what what the thing that generative AI does is it opens up completely new kinds of abilities to uh automate interaction through language and Kristen talked about that extensively and the the new kinds of frauds we're seeing well those can also you know the the kinds of uh attempts to manipulate markets through language channels by human beings can now be performed by by bots
            • 42:00 - 42:30 very easily and and and and are uh similarly deep fakes you can have some you know influential person touting securities or doing other kinds of things that could u manipulate markets uh there's going to be counters to that and maybe we could avoid them you know the the consequences they have are the same kind of consequences that market manipulation has in general but I guess I would like to just say something about a broader um and maybe you deeper concern that uh I I think you know SEC
            • 42:30 - 43:00 and um government should be concerned about is we we can educate people to be more skeptical don't trust what you see because it could be a fake and actually people I think are much more skeptical uh today uh of what they see but the problem is is then they can think they could just believe nothing because uh there's no we what even if in a system where we are skeptical and we are on our guard and we avoid being fooled sometimes uh we have a general
            • 43:00 - 43:30 degradation uh of the information ecosystem it's really polluted and as we know for markets to work well we need good information that's what makes markets really uh operate well and so it's not just good enough to have counters to the bad information uh we need infrastructure that helps good information get out and survive and thrive uh and I think I think figuring out how to do that uh through infrastructure or you know and and and
            • 43:30 - 44:00 rule-based ways would be I think a tremendous contribution to trying to deal with these concerns and let me just uh jump in on theformational point because one thing that I've been uh very interested in is the movement away uh from information in terms of trading that right now there are so many models particularly uh some of those that are enabled by highly capable AI that are models effectively tracing models and a kind of movement
            • 44:00 - 44:30 away from anformationalbased uh ecosystem and so uh one of the ways in which uh we'll have nonfraudbased if you will investor losses potentially uh with generative AI and with other forms of uh non-generative AI non-generative but artificial intelligence is going to be with uh models chasing models in a non-informational way and there's nothing malicious about it but it can
            • 44:30 - 45:00 actually result in uh certain kinds of losses to one that may be gains to another um and so that is just one topic I just wanted to put out there because uh one wonders the extent to which our world is really based upon uh information uh and I don't mean information to train the model I mean market information that's moving a particular uh security in some way but the other thing that I wanted to mention in terms of um looking at ways in which
            • 45:00 - 45:30 uh we might have non-malicious uh losses to investors that can be enabled by these kinds of tools is also because we've got for instance so much code right now that's being written by generative AI huge amounts of code and really complicated code and more coming you know those of you who and I'm sure everybody in this room is probably familiar with you know the 03 model that's uh about to you know hit
            • 45:30 - 46:00 everybody it's hit your phone if you're willing to pay um uh pay for the um uh for the access and it's an extraordinary tool but it'll be coming out now in more and more tools but there are other of these highly capable models uh they their ability to generate code that's more sophisticated than the most sophisticated coder at many firms is extraordinary and what that does is it opens up the potential that we can't check the code in the same way so that
            • 46:00 - 46:30 can result in a potential error and then the error can result in a potential loss so finding the right tools that will be able to keep up with the coding capabilities of uh of the generative AI I think is going to be really an important an important piece of all of this there is an interesting question that now comes up on the code and the generation the automatic generation of the code is that the automatic generation of the code may not know the securityurities law it may actually engage itself in manipulative activity
            • 46:30 - 47:00 not knowing that the activity that the code is executing against could be manipulative so that is also sort of an over the horizon concern as these models become more advanced it's in the traditional we'll say older days you always had a trader that should have been well trained on the rules right do not engage in these types of manipulative activity but now where does that take place that
            • 47:00 - 47:30 responsibility does still fall to the let's say the member firm or the investment advisor or whichever firm is involved in the trading because I think there was the Air Canada case and not to speculate on where this is all going to go but the Air Canada case Air Canada tried to say that oh no it was the model not us and it actually was no it is actually you Air Canada people in charge so that it raises an interesting question of over the horizon of what's going to happen here
            • 47:30 - 48:00 thank you and I think we actually started to get into our our next topic which is um you know how might AI create avenues for non-fraudbased investor losses and we talked about the models chasing models and uh code written by AI but are there other examples um that we should cover here today yes and yes and both Katherine and Brad uh touched on this uh already and here by non fraud uh I I gather what is meant technically is that um things that it's unclear whether
            • 48:00 - 48:30 you can attribute the intent to manipulate behind the uh actual manipulation uh we've actually done some research on this and we um using uh deep reinforcement learning showed that it's possible to uh learn uh manipulative strategies so I'm not sure it's that far down the the road actually uh without explicitly giving uh any uh uh objective to manipulate so you basically say you're in this situation make some money and you explore the the the system explores around the policy space and it
            • 48:30 - 49:00 finds hey if I do this thing I can you know I can basically trigger this manipulation and it and it uh leads to a profit actually they may whether they realize it's a manipulation they do realize it they're getting rewarded by the profits and so they come up with that strategy and uh if our um uh regulatory regime is based on findings of intent there may there's new questions now of uh whether you can you attribute that intent so that that's what some an example of uh what I call an AI loophole uh a kind of behavior
            • 49:00 - 49:30 that if done by a person would be illegal but somehow you might get around it by having an AI uh do it for you so I would say we really want to generally try to look for those and and um and close them up where they exist uh but I think there's it's really not a surprise that you can really automatically learn these things there actually are really interesting opportunities for uh reconsidering how we judge intent uh there are some respects in which uh an AI system should be can be made more
            • 49:30 - 50:00 accountable or you could you could because you can not only say what did you do in the situation and it was pointed out in the previous panel you know what exactly the situation was and what the actions were taken you could also ask it what would you have done if the situation were somewhat different you can basically pose the counterfactual and get the actual answer that the code about what what the uh the program would have done and I think that may be a powerful tool but I think the main thing is to a uh make sure that you're not allowing the avoidance of accountability uh by the fact that something was generated either by
            • 50:00 - 50:30 automatic code or just through a a re a reinforcement learning system that learned a learned a policy just want to say one more thing about the models chasing models point i actually would view that that's I think a significant issue um for use of machine learning in uh building trading systems for financial markets probably even more from a financial stability kind of perspective than from a fraud security kind of perspective uh that is uh if if you get untethered from real information
            • 50:30 - 51:00 uh that's when uh the financial system can do really crazy things uh and let me add one uh one point uh which is um some in terms of uh the intent one of the things that's really uh quite getting more increasingly difficult is that we don't really have single models working in a standalone way we have text stacks and these text stacks have different layers and I when I talk to audiences I often talk about it as Lego bricks and you've got these Legos on top of each
            • 51:00 - 51:30 other right and in the enentic world what you're doing is you're actually having a a baton handoff into one of those tech stacks which may be its own tech stack and you may also have a group of uh agentic operators all at the same time so finding the moment of intent is an extraordinary uh is going to become an extraordinarily complicated exercise that's one thing it's just because uh it could be at
            • 51:30 - 52:00 multiple layers the last thing that I wanted to say was hallucinations another way in which you can end up having investor losses with no intent is while the capabilities of these models have made hallucinations a much much less of a problem for certain functionalities than they were before the capabilities have gotten so much better they're in so many ways better than most people at many many things but not all you can have a hallucination that can create an unintended consequence and so that's not
            • 52:00 - 52:30 anybody trying to do anything malicious or wrong or bad it's just an error i think it's um at this point a good idea maybe we could explore the other side of this so can AI be used to detect and combat market manipulation uh certainly and really this is really the same question that was discussed before in the areas of cyber security and um combating fraud uh really market
            • 52:30 - 53:00 manipulation is really just a flavor of misinformation uh being you know imposed in a in a market setting and all the same issues about trying to combat fake news or spam by detecting it and and uh using machine learning can be done and it should be done uh however I think it's really not um ultimately a complete solution uh because whenever you are doing this you're basically in an arms race between the manipulator or the fraudster and the
            • 53:00 - 53:30 detector or enforcer uh and any advance by the detector that has a great model that and you know to to try to distinguish the um the malicious or illegal behavior from the benign or or allowed behavior uh then the manipulator can use that advance to become a better at evading uh the the detection uh and this is kind of a it goes in a cycle just like in any kind of arms race uh
            • 53:30 - 54:00 and the end result of it is somewhat indeterminate we've done some some studies of this and we've you come through some scenarios where you know sure over time you get you uh in evading you also maybe degrade your potency and so you may not be as good a manipulator but you can't be sure this is always going to happen so I think ultimately we should we should do this but we should al also realize we need other approaches if you think about how um we're not as plagued by email spam as we used to be um not because the machine learning got
            • 54:00 - 54:30 better it's because we really abandoned that as the main approach and went to large collections of central that that centralized email processors used to uh uh to uh benefit from the aggregation of experience to protect both individuals uh from it uh I think we need to be looking to other non-machine learning solutions um as well for for market manipulation all right thank you so I'll throw out this this last question uh to the panel
            • 54:30 - 55:00 and that is what suggestions do you have for protecting investors and ensuring accountability for investor harm how do we want to go down the line um there are lots of opportunities here for this space to to really look at opportunities where we can bring additional tool sets additional systems to help protect investors across the
            • 55:00 - 55:30 wide spectrum whether it's onboarding whether we can use AI tools and generative AI tools to assist members uh not from a regulatory perspect perspective but whether members can use this technology to improve onboarding to reduce fraud within onboarding uh there's other places when you look through the entire customer life cycle where we can uh adopt and deploy speaking sort of across the
            • 55:30 - 56:00 entire financial industry various types of AI technology within the life cycle so there's the onboarding through KYC or perhaps risk scoring there's the transaction monitoring of money moving in and out of the account there's uh AI that can be used in we just sort of talked about it market manipulation but we can also use it where perhaps in the life cycle an account has been taken over and the money's either going out or there's trading activity in the account that's going to result in losses to the
            • 56:00 - 56:30 customer there's other other opportunities to look at at transfer of securities across the industry space and then there's opportunities to look at it from the firm operational perspective of how they handle customers so there's some really good opportunities all across the space when you start going across the entire life cycle of the customer and also how the firm interacts with the customer throughout those stages uh so I've already you mentioned I think a couple of the the key suggestions that I would put forth about uh uh
            • 56:30 - 57:00 inventorying uh the regulations system for AI loopholes and trying to close them uh when you can uh for building better infrastructure to support uh broader kinds of authentication uh to uh allow safer uh interactions in the financial system um I think there's a really important uh regulatory role for trying to basically improve the uh environmental quality of the information
            • 57:00 - 57:30 ecosystem uh that is through uh supporting providing and uh enabling uh people to find good information uh as well as uh tools for combating the bad information uh in the area of protecting uh investors i want to raise a point that really hasn't come up um uh elsewhere uh that is posed an issue that's potentially posed by generative AI uh we uh are in a system where we you know
            • 57:30 - 58:00 keep seeing a you know very strong competition among different models and building bigger ones and more capable ones in various ways using more and more uh data information and it's really key that it's really it's really clear that um having large bodies of information is strategically uh important uh and there are um you know actors that have access to large bodies of non-public information and uh that is and to the extent that that is overly concentrated
            • 58:00 - 58:30 that also I think poses a risk to inventors of just a generally uneven information uh landscape and you know I don't think that uh insider trading law has you know advance of far to really uh understand the implications of this kind of massive amounts of uh non-public information that an entity may have acquired for some other reasons that may also provide advantages for uh for trading in financial markets or for uh otherwise exploiting investors or um
            • 58:30 - 59:00 uh uh going to purposes that are not in the you know general um interest of a well functioning financial system so if we're talking about really protecting the investor I'm going to kind of lean back into some of what what we've been saying in this panel but I think historically what we've been pushing for which is really centered and focused around education and awareness and finding that right balance of the little things that individuals can do to protect themselves protect their
            • 59:00 - 59:30 identities protect their financial futures a lot of that um you know we work with our our the from a firm side it's the the know your client the know your customer and making sure but but it's the flip of that as well it's know your firm know your adviser know what they're doing it's making sure to know that the person on the end other end of the phone is who you think they are and so there's a lot of little things you know I one of the not that it's financial related but it's a great example of um mass mass amounts of text
            • 59:30 - 60:00 messages have been going around lately purporting to be reporting to be from toll companies saying you have like an outstanding toll right anytime you get something like that you never click on the link you go who's my toll provider what is their website let me go to them directly let me log into my account from there if it's somebody calling up and saying you have a balance on your credit card if it's somebody calling up saying they're from your bank you hang up and then you you go and you call the number that you know is your bank um you hang up and you call the number that's on the back of your credit card it's being a little bit more proactive in situations
            • 60:00 - 60:30 like that um all of those things can really just just go very far and then being diligent about about watching your accounts about making sure you have all available security controls set up on them making sure you are checking and you are monitoring manually to say is are the you know are there trades going on in my account that I'm not expecting is there money moving in and out of my account that I'm expecting it's it's being v being v vigilant to be able to kind of take that that personal aspect
            • 60:30 - 61:00 and protecting the customer and protecting yourself um into their own hands a little bit from the educational and awareness to supplement what the firms and the companies are doing on their behalf as well yeah if I could just add on the education side the the education is going to take a village some of the type of frauds that we would talk about here have been going on for hundreds if not thousands of years and it really gets into making sure that there's an awareness across the customer base so collectively um both the SEC and
            • 61:00 - 61:30 FINRA have numerous investor education resources that investors can go to we also encourage firms themselves to actually also do the outreach to the customers to make them aware uh and get a message from another party another trusted party uh regarding you know fraud schemes where they where they may be susceptible to fraud uh where uh they can take additional action like you like you noted Kristen to to really protect themselves because it does take a larger
            • 61:30 - 62:00 group uh everywhere from the firm to the investor to the markets themselves elves to to really protect uh customers and firms and and the entire industry from fraud um so you when Treasury looks at um protecting investors I think there's there's the individual level and there's the firm level i a lot of what my colleagues up here have said applies to the firm level um but one thing I do want to mention is the treasury does have a program fortress um which provides threat information to feed data
            • 62:00 - 62:30 to uh US financial sector firms we do already have a thousand participants but um if your firm is not signed up you can reach out to Treasury and we can get you on board because just having up-to-date threat information is key for protecting from all these threats um I think also sort of in terms of the investor education and just sort of you know speaking as treasury but also just like empathizing on a personal level it's very hard like um we all exist in this world i won't name the institution but recently I was dealing with a a bank on a credit card and I was trying to
            • 62:30 - 63:00 authenticate a certain purchase and then the person on the phone is like "Okay I'm going to send you a message you have to read it back to me." Um but then in the text message you get it and it says "Don't ever share this code." So I'm on the person just like professionally like "No I can't tell you this code." Like it would just go against my entire career so I told the woman like "I'm sorry it says not to tell you this i'm I'm not going to tell you this number." and I was we were able to find another way but that that institution probably should update their systems i was found some edge case where they wanted to send me this thing and it it didn't they
            • 63:00 - 63:30 shouldn't have done that um but but it's acknowledging on that institution's part too like people can get in these fraud departments from various ways and various reasons so it's just a constant um a constant effort to sort of update our fraud protocols and make things as resilient um and as effective as possible and let me just uh uh throw out two uh ideas uh that are really uh aimed at firms uh one is to diligence the tools uh there's a lot of snake oil out there and a lot more snake oil coming and uh
            • 63:30 - 64:00 diligencing the tools is going to be and and already is uh a huge focus uh for firms uh and the other is that there's al a lot of investment right now uh with incredibly sophisticated departments uh within uh financial services firms uh to uh identify and protest protect the various you know risk services that they have and that continued investment uh and continued work uh to identify and
            • 64:00 - 64:30 protect the risk the risk surfaces uh will uh I think help protect investors as well well well thank you very much and again thank you for joining us today um I do have a couple of housekeeping items um for those in attendance so we are breaking for lunch and will reconvene at uh 1:15 just a friendly reminder if you exit security you will need to leave your badge at the security desk and be rescreened upon re-entry so please leave
            • 64:30 - 65:00 extra time to get back in again thank you for joining us and we look forward to seeing you all back at 1:15 thank you