KYC’s Insider Problem and the Case for Confidential A.I. |
As breaches mount and identity data proves irreversible, confidential A.I. challenges the assumption that verification requires visibility. Unsplash
Modern Know Your Customer (KYC) systems were sold as a trust upgrade for financial services. In practice, however, they have become one of the industry’s most fragile trust assumptions. The greatest risk no longer comes from anonymous hackers probing the perimeter, but from insiders and vendors who now sit squarely inside the system.
Sign Up For Our Daily Newsletter
Sign UpThank you for signing up!
By clicking submit, you agree to our terms of service and acknowledge we may use your information to send you emails, product samples, and promotions on this website and other properties. You can opt out anytime.
See all of our newslettersAs KYC programs expand across banks, fintechs and crypto platforms, industry access is still treated as an acceptable cost of regulatory compliance. That level of tolerance is increasingly indefensible, especially given that insider-related activity accounted for roughly 40 percent of incidents in 2025.
At the same time, KYC workflows routinely require highly sensitive materials—identity documents, biometric data and account credentials—to move across cloud providers, verification vendors and manual review teams. Each additional person, tool or system granted access widens the blast radius. The uncomfortable reality is that many KYC stacks are architected in ways that make leaks not just possible, but likely.
Recent breach data bears this out. Roughly half of all incidents last year stemmed from two classic indicators of poorly designed KYC infrastructure: misconfiguration and third-party vulnerabilities. Misconfiguration alone accounted for an estimated 15 to 23 percent of all breaches in 2025,........