Description
The transformational power of LLMs is being rapidly deployed across financial services, but how do we ensure AI systems are secure, resilient, and trustworthy? This hands-on workshop, aligned with the FINOS AI Readiness initiative, will guide participants through an interactive, live threat modelling exercise, where we design and secure an AI system in real-time.
We’ll collaboratively define an AI architecture for a financial use case, identifying key risks at every stage, from data ingestion to model training, deployment, and inference. As we build, we will map attack paths, assess adversarial threats, and apply security controls to mitigate risks like data poisoning, model evasion, and integrity violations.
By the end of the session, attendees will have a reusable threat modelling framework for AI in finance, gaining practical strategies to build assured AI systems, AI that is secure by design, auditable, and resilient, in alignment with industry best practices and FINOS' open source AI Governance Framework.
What problem does this solve?
Financial institutions are rapidly integrating AI into trading, fraud detection, and risk management, but AI systems introduce unique security and compliance risks that traditional cybersecurity approaches do not fully address. Data poisoning, adversarial manipulation, and model inversion attacks can compromise AI decision-making, leading to financial loss, regulatory violations, and reputational damage.
This workshop aligns with the FINOS AI Readiness initiative, which emphasises the need for secure, transparent, and trustworthy AI adoption in financial services. By integrating threat modelling into the AI development lifecycle, we provide a hands-on, structured approach to identifying and mitigating risks before AI systems go into production.
For a sector where trust, compliance, and resilience are critical, this session equips participants with practical threat modelling techniques and security controls to build assured AI systems, secure by design, auditable, and aligned with financial industry best practices.
Speakers 
CEO, ControlPlane
Andrew has an incisive security engineering ethos gained building and destroying high-traffic web applications. Proficient in systems development, testing, and operations, he is at his happiest profiling and securing every tier of a cloud native system, and has battle-hardened experience...
Read More →
Head of Technical Solutions, ControlPlane
Francesco is a Security Professional with 10+ years of working experience and deep technical competence matured on a number of high-end projects for both public and private sector organizations. Francesco had the opportunity of working on a variety of technology stacks in designing...
Read More →
