AI Threat Modeling: Securing Identities Without Trust in 2025

Financial services companies are battling increasingly sophisticated identity-based attacks aimed at stealing billions and disrupting transactions, ultimately destroying the trust that took years to build.

Cybercriminals continue to hone their craft and target the industry’s identity security gaps. From attempts to weaponize LLMs to using the latest hostile AI techniques to steal identities and commit synthetic fraud, cybercriminals, crime syndicates and national actors are all targeting financial services.

Here’s how Rate companies (formerly Guaranteed Rate) is fighting back against these increasingly complex, identity-based attacks – and what other industries and business leaders can learn from their strategy.

How Rate Companies Defends Against AI-Driven Threats

Financial institutions have to deal with more $3.1 billion in exposure to synthetic identity fraud, which has increased by 14.2% in the past year, while deepfakes jumped by 3,000% and is expected to increase by another 50 to 60% by 2024. Not to mention that smishing texts, MFA fatigue, and deepfake impersonations have become alarmingly common.

As the second-largest private mortgage lender in the US, billions of sensitive transactions flow through its systems every day, making the company a prime target for cybercriminals.

VentureBeat recently spoke (virtually) with Katherine Mowen, the financial institution’s SVP of information security, to gain insight into how she orchestrates AI across Rate’s infrastructure, with a strong focus on protecting the identities of customers, employees and partners.

“Due to the nature of our business, we face some of the most sophisticated and persistent cyber threats out there,” Mowen told VentureBeat. “We saw others in the mortgage industry get hacked, so we had to make sure this didn’t happen to us. I think what we are doing now is fighting AI with AI.”

Mowen explained that AI threat modeling is critical to protecting customer identities and the billions of dollars in transactions the company makes annually. She also emphasized that “even the best endpoint security doesn’t matter if an attacker simply steals user data.”

This realization prompted Rate to improve identity-based anomaly detection and integrate real-time threat response mechanisms. The company has adopted a zero-trust framework and mentality, anchoring every decision around identity and continuous authentication.

Today, Rate works with a “never trust, always verify” approach to validating identities, which is a core concept of zero trust. Using AI threat modeling, Rate can define least privileged access and monitor every transaction and workflow in real time, two additional cornerstones of a solid zero trust framework.

The company recognized the importance of addressing the increasingly short window for detection and response; the average eCrime outbreak time is now only 62 minutes. To address this challenge, the organization adopted the ‘1-10-60’ SOC model: 1 minute to detect threats, 10 minutes to assess, and 60 minutes to manage threats.

Lessons learned from Rate on building a defense model for AI threat modeling

To scale and address the cyclical nature of the mortgage industry – headcount can increase from 6,000 to 15,000 depending on demand – Rate needed a cybersecurity solution that could easily scale licensing and unify multiple layers of security. Every AI threat modeling vendor has special pricing offers for bundling modules or apps to achieve this. The solution that made the most sense for Rate is CrowdStrike’s customizable licensing model, Falcon Flex, which allowed Rate to standardize on the Falcon platform.

Mowen explained that Rate also faced the challenge of securing each regional and satellite office with the least privileged access, monitoring identities and their relative privileges, and setting time limits on access to resources, while continuously monitoring every transaction . Rate relies on AI threat modeling to precisely define least privileged access and monitor every transaction and workflow in real time, which are two cornerstones needed to build a scalable zero trust framework.

Here’s a look at Rate’s lessons learned from using AI to thwart advanced identity attacks:

Identity and credential monitoring are important issues and this is where security teams need a quick win

Rate’s information security team began tracking a growing number of complex, unique, identity-based attacks targeting loan officers working remotely. Mowen and her team evaluated several platforms before choosing CrowdStrike’s Falcon Identity Protection based on its ability to identify often nuanced identity-based attacks. “Falcon Identity Protection gave us visibility and control to defend against these threats,” said Mowen.

Using AI to reduce the noise-to-signal ratio in the (SOC) and at endpoints should be a high priority

Rate’s previous vendor generated more noise than actionable alerts, Mowen noted. “When we’re called at 3 a.m., it’s almost always a legitimate threat,” she said. The rate was determined based on CrowdStrike’s Falcon Complete Next-Gen managed detection and response (MDR) and integrated Falcon LogScale and Falcon Next-Gen security information and event management (SIEM) to centralize and analyze log data in real time. “Falcon LogScale has reduced our total cost of ownership compared to the clunky SIEM we had before, and it is much easier to integrate,” said Mowen.

Define a clear, measurable strategy and roadmap to achieve cloud security at scale

As the company continues to grow organically and through acquisitions, Rate needed cloud security that could expand, contract, and evolve with market conditions. Real-time visibility and automated detection of misconfigurations in cloud assets were must-haves. Rate also required integration into a diverse base of cloud environments, including real-time visibility across the entire information security technology environment. “We manage a workforce that can grow or shrink quickly,” Mowen said.

Take every opportunity to consolidate tools to improve end-to-end visibility

For AI threat modeling to succeed in attack identification, endpoint detection and response (EDR), identity protection, cloud security and additional modules all had to happen under one console, Mowen pointed out. “Consolidating our cybersecurity tools into a cohesive system makes everything – from management to incident response – much more efficient,” she said. CISOs and their information security teams need tools to provide a clear, real-time view of all assets through a single monitoring system, one capable of automatically flagging misconfigurations, vulnerabilities and unauthorized access.

“The way I think about it, your attack surface isn’t just your infrastructure – it’s also time. How long do you have to respond?,” Mowen said, emphasizing that accuracy, precision and speed are critical.

Redefining Resilience: Identity-Centric Zero Trust and AI Defense Strategies for 2025

Here are some key insights from VentureBeat’s interview with Mowen:

• Identities are under threat, and if your industry isn’t seeing this yet, it will be in 2025: Identities are considered a weakness in many tech stacks, and attackers are constantly refining their skills to exploit them. AI threat modeling can protect credentials through continuous authentication and anomaly detection. This is essential to protect customers, employees and partners from increasingly deadly attacks.

• Fight AI with AI: Using AI-powered defenses to combat hostile AI techniques, including phishing, deepfakes, and synthetic fraud, is working. Automating detection and response reduces the time it takes to identify and defeat attacks.

• Always prioritize real-time responses: Follow Mowen’s lead and adopt the “1-10-60” SOC model. Speed ​​is critical as attackers set new records based on how quickly they can gain access to a corporate network and install ransomware, probe identity management systems, and redirect transactions.

• Make zero trust the core of identity security, enforce least privileged access, continuous identity verification, and audit every activity as if a breach has already occurred: Each organization must define its own unique approach to zero trust. The core concepts continue to prove themselves, especially in highly targeted industries including financial services and manufacturing. The core of zero trust assumes that a breach has already occurred, making monitoring a must-have in any zero trust framework.

• Automate SOC workflows where possible to reduce alert fatigue and free up analysts for level two and three intrusion analysis: An important conclusion from Rate is how effective AI threat monitoring is in combination with process improvements within a SOC. Consider how AI can be used to integrate AI and human expertise to monitor and manage constantly evolving threats. Always consider how a human-in-the-middle workflow design improves AI accuracy while giving SOC analysts the opportunity to learn on the job.