The Rising Need for AI Risk Assessments in Banking

Artificial intelligence (AI) is transforming banking, but it’s also opening new risk frontiers. Take Matthew Van Andel, a former Disney engineer who, in 2024, downloaded an AI tool from GitHub to generate images. It turned out to be a keylogger, compromising his accounts and triggering a massive Disney data breach—44 million internal messages leaked, customer data exposed. For banks, this is a red flag: AI-related risks are real, and they demand attention beyond traditional IT assessments.

Employees downloading unverified AI apps is a growing concern. These tools, often free online, can hide malware that steals credentials or breaches systems. Banks handle troves of sensitive data—customer accounts, transactions, personal IDs—making them juicy targets. A single slip could shatter trust and invite regulatory heat.

Then there’s AI chatbot use, like ChatGPT or Grok. Employees might unknowingly feed sensitive info into these platforms, risking leaks if data isn’t contained. Without clear boundaries, what seems like a productivity boost could turn into a liability. Even internal AI systems, like fraud detection tools, could be exploited if not secured, skewing decisions or exposing weaknesses.

Training gaps worsen the picture. Many staff don’t know how to spot AI-related threats—phishing disguised as tools, oversharing with chatbots, or downloading from shaky sources. Van Andel’s story shows how curiosity can spiral into disaster without awareness. Overreliance on AI or untested integrations only adds fuel to the fire.

Banks already tackle IT risks for compliance, but AI changes the game. The stakes are sky-high—think financial losses, reputational hits, and regulatory scrutiny. An AI risk assessment isn’t optional; it’s essential. For more on this topic or help crafting an AI risk assessment for your bank, contact The Whitlock Co. for a consultation.