Securing AI in Financial Services: Stress Testing the Loan Officer of the Future

Banks and credit unions are in a race to automate. From onboarding to underwriting, AI is stepping in to reduce manual effort, improve customer experience, and accelerate outcomes. But when an AI assistant starts collecting Social Security numbers, analyzing income, and unlocking credit files, the stakes change. The system doesn’t just need to be smart—it needs to be secure.

A regional credit union deploys an AI-powered chat assistant designed to guide customers through the early stages of a loan application. The agent collects personal and financial data, helping customers unlock their credit files, and compiling everything into a clean summary for the human loan officer to review. This alone saves them countless hours and accelerated approvals. But it also creats new surface area for attackers—and new compliance challenges.

The Reality of Risk: Guardrails Aren’t Proof

Like many fintech organizations, the credit union does everything right. They use AWS Bedrock for AI infrastructure, implement robust firewalls, and built prompt injection protections into the system. They believe they are secure.

But belief is not proof.

This AI agent operates in a highly regulated environment. The institution needs to comply with the Gramm-Leach-Bliley Act (GLBA), FFIEC cybersecurity guidance, PCI-DSS for handling cardholder data, NIST AI Risk Management Framework, ISO/IEC 42001:2023, and soon, the EU AI Act. And many of these frameworks don’t just require security—they require validation. You have to test your defenses. Continuously.

AI Loan Assistant Threat Model

The AI assistant is connected to a customer’s sensitive financial inputs, credit files, and internal decisioning tools. Each of these is an opportunity for leakage. Now imagine that AI being prompted in ways no developer ever planned for. That’s what ZioSec tests for.

How ZioSec Attacks AI—Not Assumptions

ZioSec doesn’t simulate attacks. We run them. Using frameworks like MITRE ATLAS and OWASP MAESTRO, our offensive AI systems carries out targeted attacks against the credit union’s loan assistant.

We don't ask “what could go wrong?”—we try to make things go wrong.

We test how the system responds to chained prompts, ambiguous customer responses, non-standard situations like co-signers or mismatched addresses, and simulated abuse scenarios. The goal? To see if guardrails, filters, and firewalls actually work—not just on paper, but in production.

What We Find

It doesn't take long to uncover real issues. Despite AWS Bedrock's protections and internal filters, we identify firewall gaps where chained prompts can extract sensitive customer data, prompt injection bypasses that surface behavior no one thought was accessible, and edge case errors in scenarios like joint applicants or inconsistent income sources, which cause the AI to mischaracterize applicants.

These weren’t hypotheticals. They were vulnerabilities.

The Outcome: Hardening and Assurance

With ZioSec, the credit union's team close every gap. They re-tune the prompt injection filters, patched the firewall configuration, and redefined edge case logic in the assistant’s core model instructions. Then we test it again. Everything holds.

The system is now provably secure. And just as important—it is auditable. Our testing maps directly to compliance controls in GLBA, FFIEC, PCI-DSS, NIST, and ISO. The credit union can hand an auditor a report and say, “We didn’t just build a secure system. We proved it.”

Continuous AI Security Lifecycle

Imagine a loop: adversarial attack, discovery, remediation, retesting. It doesn’t stop. The AI evolves, and so do the threats. ZioSec becomes the testing framework that evolves with it.