In the financial sector, the application of artificial intelligence (AI) is no longer a future prospect but a present reality. From Wall Street to emerging fintech companies, algorithms are making crucial decisions, from credit scoring to high-frequency trading. A recent scientific paper published on the arXiv preprint server, titled ‘When AI Meets Wall Street: A Survey on Trustworthy AI in Fintech’, focuses precisely on this critical area. The study introduces a framework and taxonomy for analyzing the lifecycle-specific vulnerabilities and attack surfaces of financial AI systems. The paper, with a publication date of June 1, 2026, highlights how automation can amplify the systemic financial impact of algorithmic attacks.
The Three-Stage Lifecycle Model
The core premise of the research is that the security of financial AI systems cannot be guaranteed at a single point in time, such as at deployment. Instead, a continuous approach that spans the entire lifecycle is necessary. The authors partition the financial AI lifecycle into three main stages:
Do you have a question about AI security? You can reach us here:
- Training and updating: This phase includes data collection, preprocessing, and model training. Vulnerabilities here are primarily related to the quality and integrity of the data.
- Deployment and inference: This is when the trained model operates in a live environment, making decisions based on real-world data. Attacks at this stage aim to manipulate the model’s behavior.
- Operation, monitoring, and feedback: This involves the long-term operation of the model, monitoring its performance, and fine-tuning or retraining it based on feedback. The main risks in this stage are model drift and the manipulation of feedback loops.
From an AIQ standpoint, this partitioning is crucial because it clearly demonstrates that security audits and protective measures must extend to every single phase. The impact of a data poisoning attack committed during the training phase might only become catastrophically apparent months later, during live operation.
The Financial AI Security and Robustness Taxonomy
The paper introduces the “Financial AI Security and Robustness Taxonomy,” which organizes seventeen attack subtypes into categories. This taxonomy identifies specific attack vectors characteristic of the financial sector. The examples highlighted in the article include:
- Data and model poisoning: Attackers intentionally introduce manipulated data into the training set to cause the model to make incorrect decisions later on.
- Adversarial attacks on decision boundaries: Attackers make minimal, human-imperceptible modifications to input data (e.g., details of a transaction) to deceive the model.
- Prompt injection in LLM-mediated workflows: In the case of financial advisory or customer service systems built on Large Language Models (LLMs), attackers use hidden instructions to compel the model to perform unintended actions.
- Deepfake-driven subversion of KYC verification layers: Deceiving facial recognition or video identification systems used in “Know Your Customer” (KYC) processes with synthetic media.
AIQ Analysis: Compliance and Audit Takeaways
In a corporate context, this taxonomy serves as an extremely useful checklist. From AIQ’s perspective, the paper’s findings are directly relevant to the European regulatory landscape and established security best practices.
Connection to the OWASP LLM Top 10
Several of the attack types mentioned in the study are featured on the OWASP LLM Top 10 list. Prompt injection corresponds directly to the LLM01: Prompt Injection risk. Data and model poisoning are closely related to LLM04: Model Poisoning. Furthermore, deepfake-based attacks exploit weaknesses in input validation and system integrity, which touch upon multiple OWASP categories.
EU AI Act and GDPR Compliance
The EU AI Act imposes strict requirements on high-risk AI systems—a category that includes most financial applications—regarding robustness, accuracy, and security. The lifecycle-based approach outlined in the paper is practically indispensable for achieving compliance. A successful model poisoning attack not only causes business damage but also violates the provisions of the AI Act, which can lead to severe fines. Moreover, the deepfake-based subversion of KYC processes violates the data security and accuracy principles of GDPR, as it could allow unauthorized individuals to access personal and financial data.
Audit Takeaways
According to AIQ, the most important takeaway is that auditing AI systems cannot be limited to a single, pre-deployment penetration test. A comprehensive AI security audit must cover the entire lifecycle:
- Data Management Phase: Verifying the origin and integrity of data and the labeling processes to minimize the risk of data poisoning.
- Training Phase: Assessing the robustness of the training process and the algorithms used, including their resilience against adversarial attacks.
- Operational Phase: Continuous monitoring, anomaly detection, and security analysis of feedback mechanisms to prevent attackers from “hijacking” the system during operation.
The taxonomy proposed by the study provides an excellent foundation for LLM red teaming exercises tailored to the financial sector. It allows us to systematically simulate the seventeen identified attack subtypes, uncovering hidden vulnerabilities before malicious actors can exploit them.