Architecting a human-centric AI strategy for fintech security

Every company today is exploring the potential of artificial intelligence, and the fintech sector is no exception. Keen to harness this new technology, firms are looking for a competitive edge. But in a domain as sensitive as security, how can organizations design an approach that successfully leverages AI without introducing new risks?

To get an insider’s perspective, we spoke with Ciaran Luttrell, Vice President of Global SOC Operations at eSentire. From his vantage point overseeing the protection of over 2,000 organizations—including some of the world’s largest hedge funds, wealth management firms, and fintech companies—Luttrell argues that the answer lies not in replacing human expertise, but in scaling it. For security teams in fintech and banking, the core mission is clear: discover threats fast and shut them down even faster. However, the path to achieving this mission is fragmenting. While large banks may have extensive, dedicated security teams, smaller fintechs often operate with leaner resources, making AI an attractive force multiplier.

The challenge is that threat landscapes are not one-size-fits-all. A retail bank securing customer accounts and payment systems faces different Tactics, Techniques, and Procedures (TTPs) than a hedge fund protecting investment strategies or a wealth management firm safeguarding intellectual property.

AI as an Investigative Engine

At eSentire, this philosophy has led to the development of Atlas Expert AI, a multi-agent, generative AI system embedded across its security operations. The system is purpose-built to mimic the investigative process of a human Security Operations Centre (SOC) analyst.

“When a security signal is triggered, our SOC analysts don’t just follow a checklist,” explains Luttrell. “They form hypotheses, test assumptions, and dig through context to determine if a signal is a real threat. Atlas Expert AI now automates that initial, time-intensive process.”

The AI system investigates security events by reviewing case details, asking investigative questions, and enriching the data using more than 50 pre-built actions. This cycle continues until the AI reaches a conclusion, compiling its findings into a comprehensive report.

“What would have taken a human analyst an average of five hours of work can now be delivered in under seven minutes,” Luttrell notes. This report is then presented to a human SOC analyst for validation and action. The analyst, armed with a near-instantaneous investigation summary, can make a final decision and execute remediation steps far more quickly.

This model was put to the test with private equity firm Thomas H Lee Partners (THL). The firm observed a spike in cyberattacks whenever news of its investments or exit strategies became public, with threat actors targeting its portfolio companies. By using eSentire’s 24/7 Managed Detection and Response (MDR) services, which integrate this AI-assisted model, THL was able to secure its own operations and extend that protection across its investments, demonstrating the power of combining human oversight with AI-driven speed.

New Metrics for AI in Security

Simply deploying AI is not enough; measuring its effectiveness is crucial for ensuring a return on investment. This requires a shift in how security leaders think about performance metrics.

“A lot of the marketing around AI security focuses on replacing the simpler tasks a tier-one analyst would handle,” says Luttrell. “We don’t believe in replacing analysts, but in scaling their expertise. Our metrics reflect that.”

eSentire has developed new ways to track AI’s real-world impact:

• Analyst Alignment: This metric tracks how often senior SOC analysts agree with the AI’s findings and recommendations. Before its formal launch, Atlas Expert AI achieved a 95% alignment with Tier 3 SOC analysts across hundreds of real-world investigations. Luttrell points out that 100% alignment is neither expected nor desired, as “analysts will always know more about the customers’ systems, understand their nuances, and then make changes as appropriate that the AI might not yet understand.”
• First-Host Containment: A critical indicator of success is preventing lateral movement. Using the AI-assisted workflow, eSentire stops 99.3% of threats at the first host, demonstrating how speed directly reduces business impact.

To further bolster trust, an “AI Auditor” reviews escalations before they are delivered to clients, checking for logical consistency and clear, actionable advice. This quality assurance gate enhances the credibility of every threat investigation.

The Human-in-the-Loop Imperative

For fintech teams embarking on their AI journey, Luttrell offers practical advice. The key is to map existing human-led workflows and identify steps that can be augmented with AI.

“When an attack starts, an analyst asks key questions,” he says. “Is a user signing in from a new IP? Is it a known bad location? AI can compile that report in minutes. The pivotal question is, what do you do with that report?”

While some may be tempted to fully automate the response, Luttrell advocates for keeping a human-in-the-loop for the final decision. The SOC analyst, with their contextual knowledge, should have the final say on actions like isolating an endpoint or resetting user credentials.

This approach also addresses a looming industry challenge: the skills gap. “If AI replaces entry-level roles, it leads to fewer people entering the industry and getting those foundational skills,” Luttrell warns. “Over time, this reduces the number of experienced professionals who can validate AI results.” He suggests that some of the efficiency savings from AI should be reinvested into staff training to maintain a high level of skill independent of the technology.

The Future Widespread Adoption and Smarter Defense

AI adoption is already well underway. According to the Bank of England, 75% of UK financial firms are using AI, with 37% already applying it to cybersecurity.⁵ Luttrell predicts this will accelerate over the next three years, with a shift towards AI recommending specific actions.

However, he also foresees a learning curve. “I think we’ll see evidence of how AI deals with false positives that cause problems in production,” he says. “That will demonstrate why human analysts are so valuable.” This may even lead to regulations mandating human oversight for critical security decisions.

Threat actors are also adopting AI to craft better phishing emails and code new exploits. To counter this, defenders must collaborate and share best practices for AI-driven defense. The most resilient security posture will come from combining the best of what AI can deliver—speed and scale—with the irreplaceable value of human expertise. For the fintech sector, which sits at the epicenter of innovation and risk, leading the way in developing this human-centric AI model is not just an opportunity, but a necessity.