Financial services companies are fighting increasingly sophisticated identity-based attacks that aim to steal billions and disrupt transactions, ultimately destroying the trust that took so long to build.

Cybercriminals continue to sharpen their tradecraft, targeting gaps in the identity security industry. From trying to arming LLMs to use the latest adversarial AI techniques to steal identities and commitment synthetic fraudcybercriminals, crime syndicates and nation-state actors are all targeting financial services.

Here’s how Rate Companies (formerly Guaranteed Rate) combats these increasingly complex identity-based attacks – and what other industries and business leaders can learn from their strategy.

How Rate Companies Defend Against AI-Driven Threats

Financial institutions face more than $3.1 billion in exposure from synthetic identity fraud, which grew 14.2% last year, while deepfakes jumped 3,000% and is expected to rise another 50 to 60% by 2024. Not to mention that smishing texts, MFA fatigue and deepfake impersonation are becoming alarmingly common.

As the second largest retail mortgage lender in the US, Rate has billions of sensitive transactions flowing through its systems every day, making the company a prime target for cybercriminals.

VentureBeat recently sat down (virtually) with Katherine Mowen, the financial institution’s SVP of information security, to gain insights into how she’s orchestrating AI in Rate’s infrastructure, with strong focus to protect the identities of customers, employees and partners.

“Because of the nature of our business, we face some of the most advanced and persistent cyber threats out there,” Mowen told VentureBeat. “We’ve seen others in the mortgage industry get breached, so we have to make sure it doesn’t happen to us. I think what we’re doing now is fighting AI with AI.

Mowen explained that AI threat modeling is essential to protecting customers’ identities and the billions of dollars in transactions the company makes each year. He also emphasized that “even the best endpoint protections don’t matter if an attacker just steals user credentials.”

This realization drove Rate to improve identity-based anomaly detection and integrate real-time threat response mechanisms. The company adopts a zero-trust framework and mindset, which anchors every decision about identity and continuous verification.

Today, Rate operates a “never trust, always verify” method of validating identities, which is a core concept of zero trust. Using AI threat modeling, Rate can define least privileged access and monitor every transaction and workflow in real time, two additional cornerstones of a solid zero trust framework.

The company recognizes the importance of responding to the extremely short window for detection and response – the average time for an eCrime breakout is just now. 62 minutes. To meet this challenge, the organization adopted the “1-10-60” SOC model: 1 minute to detect, 10 minutes to test and 60 minutes to contain threats.

Lessons learned from Rate to build an AI threat modeling defense

To scale and meet the cyclical nature of the mortgage industry — staff can grow from 6,000 to 15,000 dpending on demand — Rate needed a cybersecurity solution that could easily scale licensing and integrate multiple layers of security . Each AI threat modeling vendor has special pricing offers for integrating modules or apps to achieve this. The solution most important for Rate is CrowdStrike’s customized licensing model, Falcon Flex, which allows Rate to standardize on the Falcon platform.

Mowen explained that Rate also faces the challenge of ensuring each regional and satellite office has least-privilege access, monitoring identities and their relative privileges and setting time limits on resource access while continuously monitoring each transaction. Rate relies on AI threat modeling to accurately determine least privileged access, monitoring every transaction and workflow in real time, which are two fundamentals needed to create a scalable zero trust framework.

Here’s a breakdown of Rate’s lessons learned from using AI to prevent sophisticated identity attacks:

Identity and credential monitoring are the stakes on the table and where security teams need a quick win

Rate’s information security team began tracking increasingly complex, unique identity-based attacks targeting loan officers working remotely. Mowen and his team evaluated several platforms before choosing CrowdStrike’s Falcon Identity Protection based on its ability to detect the most nuanced identity-based attacks. “Falcon Identity Protection gives us the visibility and control to defend against these threats,” said Mowen.

Using AI to reduce the noise-to-signal ratio of (SOC) and endpoints should be a high priority

Rate’s previous vendor generated more noise than alert actions, Mowen said. “Now, when we page at 3 in the morning, it’s always a legitimate threat,” he said. The rate is settled by CrowdStrike’s Falcon Complete Next-Gen managed detection and response (MDR) and integrated Falcon LogScale and Falcon Next-Gen security information and event management (SIEM) to centralize and analyze log data in real time. “Falcon LogScale lowered our total cost of ownership compared to the clunky SIEM we had before, and it was easier to integrate,” said Mowen.

Define a clear, measurable strategy and road map to get cloud security at scale

As the business continues to grow organically and through acquisitions, Rate needs cloud security that can expand, contract and change with market conditions. Real-time visibility and automated detection of misconfigurations in cloud assets is a must. The rate also requires integration with various cloud-based environments, including real-time visibility of the entire information security tech stack. “We’re managing a workforce that can grow or shrink quickly,” Mowen said.

Look for every opportunity to integrate tools to improve end-to-end visibility

For AI threat modeling to succeed in identifying attacks, endpoint detection and response (EDR), identity protection, cloud security and additional modules must all be under one console, Mowen pointed out. “Consolidating our cybersecurity tools into one unified system makes everything – from management to incident response – more efficient,” he said. CISOs and their information security teams need tools to provide a clear, real-time view of all assets through a monitoring system, one that can automatically flagging misconfigurations, vulnerabilities and unauthorized access.

“The way I think about it is, your attack is not only your infrastructure – it’s also time. How long do you have to respond?”, said Mowen, stressing that accuracy, precision and speed are important .

Resilience: Identity-centric zero trust and AI defense strategies for 2025

Here are some key insights from VentureBeat’s interview with Mowen:

• Identities are being mined, and if your industry hasn’t seen it yet, they will be in 2025: Identities are considered a weak point in many tech stacks, and attackers are constantly fine-tuning the tradecraft to exploit them. AI threat modeling can protect credentials through continuous authentication and anomaly detection. This is essential to keep customers, employees and partners safe from increasingly deadly attacks.

• Battle AI with AI: Using AI-driven defenses to combat adversarial AI techniques, including phishing, deepfakes and synthetic fraud, is working. Automating detection and response reduces the time it takes to identify and defeat attacks.

• Always prioritize real-time responses: Follow Mowen’s lead and adopt the “1-10-60” SOC model. Speed ​​is critical as attackers set new records based on how quickly they can access a corporate network and install ransomware, find identity management systems and redirect transactions.

• Make zero trust the core of identity security, enforcing least privileged access, continuous identity verification and monitoring every activity like a breach has already occurred: Each organization must define its own unique approach to zero trust. The core concepts continue to prove themselves, especially in highly targeted industries including financial services and manufacturing. Core to zero trust is the assumption that a breach has already occurred, which makes monitoring a must-have for any zero trust framework.

• Where possible, automate SOC workflows to reduce alert fatigue and free up analysts for level two and three penetration checks: A key takeaway from Rate is the effectiveness of AI threat monitoring when combined with process improvements in a SOC. Consider how AI can be used to combine AI and human expertise to continuously monitor and contain evolving threats. Always consider how a human-in-the-middle workflow design improves AI accuracy while also giving SOC analysts an opportunity to learn on the job.