AI Risk Modeling: Securing Identity with Zero Trust in 2025

Financial services companies are fighting against identity-based attacks that are meant to steal billions and disrupt transactions, ultimately destroying trust that took years to build.

Cybercriminals continue to sharpen their craft, targeting industry gaps in identity security. From trying to military LLMs to use the latest enemy AI techniques to steal identities and will synthetic fraudcybercriminals, crime syndicates and nation state actors all target financial services.

This is how it is Rate companies (formerly Guaranteed Rate) is fighting back against these increasingly sophisticated identity-based attacks – and what businesses and other enterprise leaders can learn from the pre- their technique.

How Companies Are Defending Against AI-Driven Threats

Financial institutions face more $3.1 billion in exposure from synthetic identity fraud, which grew 14.2% in the past year, while deep jump 3,000% and are expected to rise another 50 to 60% in 2024. Not to mention that fire texts, MFA fatigue and in-depth reporting have become incredibly common.

As the second largest retail mortgage lender in the US, Rate has billions of sensitive transactions flowing through its systems every day, making the company a prime target for cybercriminals.

VentureBeat recently sat down (almost) with Katherine Mowen, the financial institution's SVP of information security, to get insight into how she's driving AI across Rate's infrastructure, with a strong focus on protecting customer identities , employees and partners.

“Because of the nature of our business, we face some of the most advanced and persistent cyber threats out there,” Mowen told VentureBeat. “We've seen others in the mortgage industry go bankrupt, so we had to make sure it didn't happen to us. I think what we're doing right now is fighting AI with AI.”

Mowen explained that AI threat modeling is essential to protect the identity of customers and the billions of dollars in transactions that the company does each year. She also emphasized that “even the best endpoint protections are of no use if an attacker simply steals user credentials. ”

This achievement pushed Phase to enhance identity-based anomaly detection and integrate real-time threat response mechanisms. The company has adopted a trustless framework and mindset, basing all decisions on identity and ongoing verification.

Today, Rate works with a “never trust, always verify” approach to verifying identity, which is a core concept of zero trust. Using AI threat modeling, Rate can define the most privileged access and monitor all activities and workflows in real time, two additional cornerstones of a strong zero-trust framework.

The company recognized the importance of addressing the increasingly short window for detection and response – the average e-Crime breach time is now just 62 minutes. To meet this challenge, the organization adopted the “1-10-60” SOC model: 1 minute to detect, 10 minutes to triage and 60 minutes to contain threats.

Lessons learned from Level 1 build AI threat modeling defenses

To scale and deal with the cyclical nature of the mortgage industry – employees can grow from 6,000 to 15,000 depending on demand – Level needed a cybersecurity solution that could easily scale franchises and integrate multiple layers of security. All AI threat modeling vendors have special pricing offers for bundling models or apps together to accomplish this. The solution that made the most sense for Rate was CrowdStrike's flexible licensing model, Falcon Flex, which allowed Rate to customize the Falcon platform.

Mowen explained that Rate also faced the challenge of securing all regional and satellite offices with least privilege access, monitoring their relative identities and privileges and setting time limits on resource access. while they kept a constant eye on all the transactions. The standard relies on AI threat modeling to define the most privileged access in detail, monitoring all transactions and workflows in real time, which are the two cornerstones needed to build a scalable zero trust framework.

Here's a breakdown of Rate's lessons learned from using AI to prevent sophisticated identity attacks:

Identity and certificate checking are table stakes and that's where security teams need to win fast

Rate's information security team began observing an increasing number of complex, unique identity-based attacks targeting loan officers working remotely. Mowen and her team evaluated several platforms before choosing CrowdStrike's Falcon Identity Protection based on its ability to identify common identity-based attacks. “Falcon Identity Protection gave us the visibility and control to protect against these threats,” said Mowen.

Using AI to reduce noise-to-signal ratio in the (SOC) and on endpoints must be a high priority

Rate's previous dealer was generating more noise than actionable alerts, Mowen noted. “Now, if we get a page at 3 a.m., it's almost always a legitimate threat,” she said. Rating based on CrowdStrike's Falcon Complete Next-Gen managed detection and response (MDR) and Falcon LogScale security intelligence and Falcon Next-Gen and event management (SIEM) to centralize and analyze log data in real time. “Falcon LogScale reduced our total cost of ownership compared to our previous clunky SIEM, and it's much simpler. integration,” said Mowen.

Define a clear, measurable strategy and roadmap to achieve cloud security at scale

As the business continues to grow organically and through acquisitions, Level needed cloud security that could expand, contract and adapt to market conditions. There was a need for real-time visibility and automated detection of misalignments across cloud assets. Level also required integration across a diverse base of cloud environments, including real-time visibility across its entire information security technology stack. “We manage a workforce that can grow or shrink quickly,” Mowen said.

Look for every opportunity to consolidate tools to improve end-to-end visibility

For AI threat modeling to be successful in identifying attacks, endpoint detection and response (EDR), identity protection, cloud security and additional models will all be under one console, Mowen said. “Consolidating our cybersecurity tools into a cohesive system will make everything—from management to incident response—much more efficient,” she said. CISOs and their information security teams need tools to deliver a clear, real-time view of all assets through a single monitoring system, one capable of automatically revealing compromises, vulnerabilities and unauthorized access. mobile

“The way I think about it is, your attack surface is not just your infrastructure – it's also your time. How long do you have to answer? ”, said Mowen, stressing that accuracy, precision and speed are essential.

Redefining resilience: identity-based zero trust and AI defense strategies for 2025

Here are some key takeaways from VentureBeat's interview with Mowen:

• Identities are under siege, and if your business doesn't see it yet, it will in 2025: Identity is considered a weak point in many tech stacks, and attackers are constantly fine-tuning crafting techniques to exploit them. AI threat modeling can protect credentials through continuous validation and anomaly detection. This is essential to keep customers, employees and partners safe from deadly attacks.

• Fight AI with AI: Using AI-driven defenses to combat hostile AI techniques, including phishing, deepfakes and synthetic fraud, works. Having automatic detection and response reduces the time needed to identify and defeat attacks.

• Always prioritize real-time responses: Follow Mowen's lead and adopt the “1-10-60” SOC model. Speed ​​is of the essence as attackers are setting new records based on how quickly they can access a corporate network and install ransomware, detect identity management systems and redirect transactions.

• Make zero trust at the heart of identity security, implementing the most privileged access, continuous identity verification and monitoring all actions as a breach that has already occurred: Each organization must define its own unique approach to zero trust. The concepts continue to prove themselves, especially in highly concentrated industries including financial services and manufacturing. Zero-based trust assumes that a breach has already occurred, making it an essential check in any zero-trust framework.

• Whenever possible, automate SOC workflows to reduce alert fatigue and free up analysts for level two and three intrusion analysis.: A key takeaway from Level is the effectiveness of AI threat analysis when combined with process improvements across a SOC. Consider how AI can be used to integrate AI and human experience to continuously monitor and contain evolving threats. Always consider how human-centric workflow design improves AI accuracy while allowing SOC analysts to learn on the job.