Why Granular Visibility and Data Control Determines AI Success in Financial Services - with Chris Joynt of Securiti

Financial services institutions face higher stakes than other industries when adopting AI because their entire business model is built on sensitive data and trust. They are the juiciest targets for cyber threats and operate under the most complex regulatory frameworks globally, making data trust not just important but existential.

• •FinServ has been the preeminent data-driven industry since mainframe days, but AI raises the stakes significantly
• •Their product is trust itself—any data incident causes tremendous brand damage
• •They face overlapping webs of regulations from multiple agencies and geographies
• •Being the highest-value target for cybercriminals requires exceptional data protection

Traditional machine learning operated with highly structured inputs and narrowly scoped models, but GenAI creates an 'everything everywhere all at once' problem. Unstructured data—which can be 80-90% of total data volume—became valuable overnight with ChatGPT's release, requiring unprecedented levels of fine-grained visibility and control across the entire organization.

• •Legacy ML focused on structured data with narrow scope and defined parameters
• •GenAI models can process anything and go 'off script' with unanticipated capabilities
• •One customer described: 'Our unstructured data became gold overnight' after ChatGPT launched
• •AI adoption expanded from data scientists to everyone in the organization, massively increasing scope
• •The degree of granularity needed for visibility and control is fundamentally different

Security cannot be reliably built into AI models themselves—control must be exerted on data flows across AI systems. Once data enters a model, control is lost, so organizations must focus on classifying sensitive data, labeling it appropriately, and mapping where it flows before it reaches models.

• •Model jailbreaks prove you cannot build security into models the way you think you can
• •Real control requires visibility into data flows across hybrid and multi-cloud environments
• •Must classify data by sensitivity level: PII, transactional data, regulatory data, business secrets
• •Labels on unstructured data provide 'hooks' that AI systems can use to handle data appropriately
• •Cannot just throw data into models and hope they're trained to only do good things

Organizations may already have AI systems processing data without visibility—shadow AI represents the biggest risk because 'the punch that knocks you out is the one you didn't see.' Discovery and mapping of data flows is essential, especially as AI systems involve complex transformations like vector databases that make data unrecognizable.

• •Shadow AI can already be operating within organizations without leadership awareness
• •Visibility and mapping are preliminary steps to see where data is going across systems
• •AI systems involve complex data transformations—data may be moved, merged, or vectorized
• •Vector databases transform unstructured content into numbers, making tracking difficult
• •One customer (Citibank) emphasized this cannot be manual due to scale and granularity requirements

The 'move fast and break things' era is over, but draconian lockdowns only drive shadow AI adoption. Organizations must view governance as a strategic capability that enables faster innovation over the long run by avoiding data leakage, cyber vulnerabilities, brand damage, and regulatory intervention.

• •Move fast and break things doesn't work in the AI era; total lockdown drives shadow AI
• •Governance helps organizations move faster over the long run, not just sprint to first deployment
• •The fastest cars have the best handling and steering systems—same principle applies to AI
• •Proactive risk management avoids sensitive data leakage, cyber incidents, and regulatory slowdowns
• •One customer achieved 40% improvement in NIST 853 security framework compliance

Three key personas must align: AI/data engineers who want clean data to build with, CISOs who need system-level security beyond perimeter controls, and risk/compliance teams who need top-down visibility. Meeting these groups in the middle with shared controls and frameworks enables scalable, secure AI deployment.

• •AI engineers need clean, sanitized, approved data to build models and get them into production
• •CISOs must address deeper concerns: poisoned data, indirect prompt attacks, data leakage, over-permissioning
• •Risk/compliance teams need frameworks like NIST AI RMF and OWASP to ensure prescribed controls
• •Top-down visibility into enterprise-wide risk exposure is essential for governance teams
• •Alignment enables scaling from use case one to two to three with controlled, managed risks

Real-world examples illustrate the magnitude of the challenge: one customer has 200,000+ data systems generating a petabyte of logs daily. Answering 'what's in these files' when dealing with billions of files requires automated classification at enterprise scale—manual approaches are impossible.

• •Customer example: 200,000+ data systems, 1 petabyte per day in logs alone
• •Billions of files containing unstructured, semi-structured, and multi-structured data
• •Cannot feed unstructured data into AI without knowing what's in it first
• •Classification must happen at scale—manual processes are not viable
• •Enterprising organizations are embracing this challenge rather than shying away