The idea for this conversation was born from alarm. At the news that the US Treasury Secretary and the Chair of the Federal Reserve had called a meeting with the CEOs of the twenty largest banks in America to talk about threats to the financial system from emerging frontier AI models, Tim had questions: what about the community banks, the credit unions, and the CDFIs—the financial institutions that serve low-income communities and small businesses in America? When will they be invited to the meetings on how to defend their systems against AIs that can exploit software vulnerabilities with unprecedented ease and speed? And globally, are the regulators in middle-income and developing countries also holding meetings to discuss how they can defend against these threats? Will those meetings include anyone beyond the largest banks?
Over the last few decades we’ve seen tremendous progress in financial inclusion. This happened not because some central committee(s) planned it but because a wide range of organizations in many different corners of the world innovated and pushed and collaborated until hundreds of millions of people gained access to useful financial tools.
The last time the financial system braced for a software deadline, it was Y2K. If you’re over 40 you may remember that time we panicked that clocks rolling from 1999 to 2000 would trigger massive software and hardware glitches, unleashing global chaos. In financial services, people worried that interest calculations, loan dates, and financial ledgers would fail. In the end, the clock ticked forward without lasting harm because businesses and governments spent billions of dollars over several years preparing for that moment. We do not have anything like that kind of time before bad actors start using new AI capabilities to exploit hidden vulnerabilities, at scale. The first stages are already here.
This blog post summarizes four key points from the webinar, which was co-hosted by FinDev Gateway and included Tim Ogden of FAI as moderator with panelists Beni Chugh from Dvara Research; Buhle Goslar of Lula; Patrick McKenzie, the writer and producer behind Bits about Money and Complex Systems; Andrée Simon from Finca International; and Matthew Bird, a development economist at Universidad del Pacifico in Lima. But there’s much more to say. We’re at work with the panelists on a co-authored discussion paper, and plan to invite responses from others outside this initial circle. We’re also talking with colleagues at FinDev Gateway, Center for Financial Inclusion and e-MfP to make sure knowledge and information is shared as widely as possible. Get in touch if you’d like to be involved.
1. The same efficiency that expanded inclusion now makes it vulnerable
A great deal of the progress in financial inclusion over the last decade is ultimately about digitization: digital financial services and transactions lower costs sufficiently to extend services to more people at lower transaction amounts and volumes (this includes both internal and external operations of financial services providers).
Historically, finding and exploiting a vulnerability took skilled human labor, so attackers focused on targets with big potential payoffs. But using new AI models, an attacker can run the same attack against thousands of targets simultaneously, drastically lowering the cost of the attack and the payoff threshold that makes it worthwhile. This means that the defensive assumptions that many in the sector have relied on—that the high cost of an attack would deter a bad actor from targeting smaller, less-resourced institutions—will no longer hold. “There is no hiding under any kind of risk threshold now,” said Beni Chugh in the webinar. “No firm is too small. No firm is under the radar.”
2. The “attack surface” has grown with important implications
In the last few years the focus of much of the work in cybersecurity within the financial inclusion ecosystem has been on protecting consumers from fraud. This is obviously important, but it’s only a small part of the emerging reality. The key concern that motivated Project Glasswing, an Anthropic-led cybersecurity initiative (more on this below), was the ability of frontier AI models to “chain” attacks: using one vulnerability in a system or network to gain access to another system or node, and on and on, until the most sensitive systems are breached—for example, from the email system to an HR system, to the two-factor authentication system, to the bank account. Not only do firms need to secure their own internal systems, but their security also depends on the actions of their partners and upstream providers that they can neither see directly into nor fix. (As Buhle Goslar noted, in sub-Saharan Africa complex chains of organizations—for instance, a mobile network operator, a bank, and a fintech—commonly collaborate to offer lower-cost loans.) And regulators have an increasingly difficult job to do in an era where they can no longer concentrate on the biggest movers of money and information and pay less attention to everyone else, because even the smallest vendor is now a node in the system and a potential vulnerability. If the 2008 Global Financial Crisis is any guide, there will be situations where central actors decide that the FSPs that serve low-income customers are not “too big to fail” but “too small to protect.”
3. New frictions could reverse inclusion
Large, well-resourced institutions are taking action. Project Glasswing brings together big players that maintain critical software (AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, and others), and gives them access to frontier AI models to scan their codebases, find vulnerabilities, and “harden” their software. Anthropic is reportedly investing large sums in such efforts. But the institutions at the heart of financial inclusion—the CDFIs, MFIs, and fintechs serving low-income customers—are nowhere on those lists, at least not yet. As Andrée Simon said on the webinar, the institutions delivering microfinance are “not even close” to affording the basic technology that would make them modern, let alone frontier defenses.
For institutions that serve low-income customers, rising fraud makes operations much more expensive. This includes IT costs, staff costs, and funding costs (to prove to funders that an organization can prevent fraud). This ripples through the system, ultimately to the cost to customers.
4. The response to a dynamic problem has to be dynamic (not a checklist)
Economists have a term for the nature of the emerging threat: a dynamic equilibrium. Beni Chugh described it as an infinite game in which attackers and defenders keep adjusting to one another. The first shift required, she said, is to stop treating cybersecurity as a static problem to be fixed with a checklist of patches and two-factor prompts, and start treating it as the adaptive system it has become.
If the threat runs through people, so do some of the necessary actions. Matthew Bird made the case that the human layer—the customer who clicks, the agent who approves a transaction, the staffer who answers a spoofed email—is the last line of defense. While conventional training does little to help people detect fraud, Bird’s research team found promising results from an experiment using mobile games to help people recognize the logic of common scams.
Beni and Bird both argued that cybersecurity has to be treated as a public good rather than a private one—which means institutions sharing the fraud patterns they see, the way a family member protects you by asking about a suspicious message, rather than each keeping what they see to themselves. Andrée Simon offered a source of hope: the "tech and touch" model that defines much of financial inclusion, built on human relationships, may be a kind of natural insulation against the worst outcomes that end-to-end digital providers lack.
Trust in a financial system is hard-won and fragile. Tim Ogden closed the panel citing Mexico, where low rates of bank account use today trace all the way back to the bank crises of the 1970s. This is not a “move fast and break things” technology—when the financial system breaks, you cannot move fast, and it can take a decade or more to fix.
Back in 2006, almost no one would have believed how far financial inclusion would come. Now, the same community has to take this on. Regulators and funders especially need to act urgently to supply the human and financial capital that frontline institutions do not have and cannot generate on their own. The stakes are high: with all we’ve achieved, there is a lot of progress to lose.