AI can kill banks: Cybersecurity’s disinformation gap

The British research organization Say No To Disinfo has simulated an AI-driven disinformation campaign in cooperation with communications specialists Fenimore Harper. As part of the campaign, 500 bank customers in the UK were confronted with synthetic “rumours” about their financial institution.

The motivation behind the simulation was to ascertain whether fake news campaigns based on generative AI could trigger “bank runs” in the future — such as occurred against the Silicon Valley Bank in the US.   

The results of the study underline AI’s ominous potential in this area:

• Almost 61% of study participants who consumed the fake news were fundamentally willing to withdraw their money from the respective bank.
• Just over 33% of respondents rated this as “very likely,” and another 27% as “probable.”
• Translated into financial expenditure, according to the study, a £10 investment in AI content generation (around US$13) can be enough to “shift” assets worth £1 million.

“With the help of AI tools, we generated false headlines whose narratives were intended to play on existing fears and biases. The key message was: ‘Customer funds are not safe,’” explain the study authors.

According to their report, the experts primarily used the short message service X to spread masses of corresponding posts and memes.

“Given how quickly, easily, and inexpensively effective disinformation campaigns can be set up, the financial sector must be prepared,” the researchers warn. Unfortunately, however, banks often lack the appropriate specialists: “Trust mapping for customers, rogue actor mapping, or war gaming are things that financial institutions deal with reactively rather than proactively.”

It is mission-critical for financial institutions to address the risks posed by such AI-based campaigns: “Banks which focus on cyber threats and neglect the risks posed by influence operations” are creating a critical security gap, the study authors state.