Written by Marc Ashworth, Chief Information Security Officer, First Bank
Originally published by the Los Angeles Business Journal on October 27, 2025
The financial industry, like many others, is cautiously embracing the rapid advancements in artificial intelligence (AI). Organizations are exploring how AI can enhance customer experience, boost employee productivity, streamline data analysis, automate workflows, and support a wide range of use cases.
However, these innovations come with significant challenges and risks, including data leakage, loss of intellectual property, model bias, misinformation, and privacy violations. For example, AI tools trained on sensitive data may inadvertently expose confidential information. Generative AI models can produce inaccurate or misleading content, which could impact financial decisions or customer trust. Additionally, biased algorithms may lead to unfair lending practices or discriminatory outcomes.
Cybersecurity teams are under pressure to implement effective controls, training, and monitoring to safeguard their organizations. Techniques used just two years ago to restrict access to AI tools are now outdated and overly burdensome. Instead, the focus must shift toward protecting the data itself.
Establishing endpoint controls, such as data classification and data loss prevention (DLP), is a complex but essential task. These controls not only mitigate AI-related risks but also strengthen broader security efforts. Like most security measures, DLP should be implemented across multiple layers of the network—not just at the endpoint. For example, applying DLP at email gateways and firewalls, alongside data classification at storage locations, exemplifies a layered defense strategy.
Even with a multilayered approach, the effectiveness of DLP depends on the quality of its rules and the tool’s ability to analyze data accurately. PDF files, a commonly used format, often pose challenges for security tools attempting to assess their content. Therefore, it’s critical to understand the data formats your users rely on and recognize the limitations and risks associated with your DLP solutions.
Cybersecurity teams are also embracing the use of AI. It’s being leveraged to analyze large datasets and real-time information, such as system logs and network traffic—both of which generate massive volumes of data. Security teams use AI and machine learning to evaluate user behavior and detect anomalies that may indicate malicious activity within the enterprise network.
Beyond cybersecurity, application developers and other IT professionals are using AI to generate code, automate workflows, and improve scalability and efficiency. Unfortunately, bad actors are also harnessing AI to advance their tactics. They’re creating highly effective malware, ransomware, and convincing scam emails. The days of spotting phishing attempts by poor grammar or formatting are over—AI enables attackers to craft polished, persuasive messages that lure victims into revealing credentials or transferring funds.
Despite these risks, the benefits of AI continue to grow. When used responsibly, AI can streamline basic tasks, enhance productivity, and spark innovation. As with any emerging technology, it’s essential to understand the risks and implement proper education, controls, and monitoring to ensure safe and successful adoption.
First Bank’s legacy is built on a steadfast commitment to putting our clients first. Taking pride in helping businesses navigate change and thrive across generations, we remain focused on delivering guidance rooted in personalized service and a deep understanding of what it takes to build and sustain lasting success.
Originally published by the Los Angeles Business Journal on October 27, 2025
The financial industry, like many others, is cautiously embracing the rapid advancements in artificial intelligence (AI). Organizations are exploring how AI can enhance customer experience, boost employee productivity, streamline data analysis, automate workflows, and support a wide range of use cases.
However, these innovations come with significant challenges and risks, including data leakage, loss of intellectual property, model bias, misinformation, and privacy violations. For example, AI tools trained on sensitive data may inadvertently expose confidential information. Generative AI models can produce inaccurate or misleading content, which could impact financial decisions or customer trust. Additionally, biased algorithms may lead to unfair lending practices or discriminatory outcomes.
Cybersecurity teams are under pressure to implement effective controls, training, and monitoring to safeguard their organizations. Techniques used just two years ago to restrict access to AI tools are now outdated and overly burdensome. Instead, the focus must shift toward protecting the data itself.
Establishing endpoint controls, such as data classification and data loss prevention (DLP), is a complex but essential task. These controls not only mitigate AI-related risks but also strengthen broader security efforts. Like most security measures, DLP should be implemented across multiple layers of the network—not just at the endpoint. For example, applying DLP at email gateways and firewalls, alongside data classification at storage locations, exemplifies a layered defense strategy.
Even with a multilayered approach, the effectiveness of DLP depends on the quality of its rules and the tool’s ability to analyze data accurately. PDF files, a commonly used format, often pose challenges for security tools attempting to assess their content. Therefore, it’s critical to understand the data formats your users rely on and recognize the limitations and risks associated with your DLP solutions.
Cybersecurity teams are also embracing the use of AI. It’s being leveraged to analyze large datasets and real-time information, such as system logs and network traffic—both of which generate massive volumes of data. Security teams use AI and machine learning to evaluate user behavior and detect anomalies that may indicate malicious activity within the enterprise network.
Beyond cybersecurity, application developers and other IT professionals are using AI to generate code, automate workflows, and improve scalability and efficiency. Unfortunately, bad actors are also harnessing AI to advance their tactics. They’re creating highly effective malware, ransomware, and convincing scam emails. The days of spotting phishing attempts by poor grammar or formatting are over—AI enables attackers to craft polished, persuasive messages that lure victims into revealing credentials or transferring funds.
Despite these risks, the benefits of AI continue to grow. When used responsibly, AI can streamline basic tasks, enhance productivity, and spark innovation. As with any emerging technology, it’s essential to understand the risks and implement proper education, controls, and monitoring to ensure safe and successful adoption.
First Bank’s legacy is built on a steadfast commitment to putting our clients first. Taking pride in helping businesses navigate change and thrive across generations, we remain focused on delivering guidance rooted in personalized service and a deep understanding of what it takes to build and sustain lasting success.
Marc Ashworth
Chief Information Security Officer, First Bank
(314) 592-8477
[email protected]
Marc Ashworth, SVP and Chief Information Security Officer, is a respected IT executive with over 30 years of experience in cyber and physical security, IT/security architecture, and management. Marc is a published author, public speaker, and hosts the “The Cyber Executive” podcast. In addition, he is the Chairman of the Missouri Bankers Association Technology Committee, Webster University Cyber Advisory board, Co-Founded the State of Cyber annual security conference, and a Lifetime member of FBI Citizens Academy. He is a former board officer and treasurer for the St. Louis InfraGard Alliance. Possessing security certifications in CISSP, CISM, CRISC, Security+ and other certifications, Marc currently oversees First Bank’s information security, financial crimes unit, physical security, and the network services departments.