On the 40th episode of Enterprise AI Defenders, host Mike Britton (CIO, Abnormal AI) is joined by Keith Gordon, Chief Security Officer at CIBC. CIBC is defending against AI-enabled attacks on two fronts at once: clients and third parties on the outside, and the bank's own AI deployments on the inside. Keith governs both halves with one principle: AI for security, and security for AI.
The most exposed surface is no longer the bank. It is the client. Phishing now arrives with credible voice and video, and the attacks land directly with the people the bank is trying to protect. Keith describes one commercial account that took a video call from a fraudster who "did a deepfake of who they thought was their CEO," asking for money movement. Back-office detection caught it. The harder problem is the scam, where the client is being coached by the threat actor on what the bank will say. Keith's framing is direct: the client is the path of least resistance.
CIBC's response inside its own boundary is a set of behavioral biometric models the bank's data science team has been evolving for two years. The models are built in-house, not purchased. They ask whether the client at the other end is acting like the client, and whether similar behavior is showing up across other accounts that look defrauded or scammed. The outcome is asymmetric. Fraud losses are slightly dipping. Scam losses are going through the roof. The bank can defend its own transactions; defending the client from being talked into the transaction is the harder half.
The next exposed layer is harder still. When Keith's CEO recently asked him what kept him up at night, the answer was not the bank. It was the third-party ecosystem, what Keith calls "the unknown unknown." Contracts can only go so far. Third parties do not carry the same security budgets banks do, and as AI-enabled attacks accelerate, Keith expects third-party service providers to become one of the most exposed areas in financial services over the next couple of years. What he wants from those partners is concrete: a faster patching cadence and a perimeter layer that watches for behaviors that look like attack vectors rather than fraud.
Inside the bank, CIBC built its own AI instance from scratch a couple of years ago. Every employee has access. Developers have their own environment. Direct external use of any AI models is not allowed. The result is the thing Keith reaches for first: visibility. The bank knows what is being built and which recipes have been published. Adjacent to that, the security team had already done four years of work on non-human identities after self-identifying a noncompliance gap, which gave the bank an inventory and an automation model for service accounts. With agentic AI now arriving, that foundation is what lets the team add a behavior layer on top of the identity layer, rather than starting from zero.
The principle Keith returns to for agentic governance is borrowed from the network era. Ten to fifteen years ago, the industry moved from segmentation to micro-segmentation, narrowing wide lanes into smaller ones within the same logical architecture. Keith calls the agentic version "kind of micro-segmentation in the AI age." The idea is to constrain what an agent can reach without smothering its ability to grow inside that boundary. He acknowledges plainly that the bank has controls in this space, but in this new age they are not yet adequate. AI for security is well underway in the SOC, in insider threat, and in fraud. Security for AI is where the next several years of work will be.
Listen to Keith's episode here and read the transcript here.
