Agefi Luxembourg - décembre 2025

Décembre 2025 43 AGEFI Luxembourg Informatique financière ByDorianKEULLER,Manager,BusinessElementsReply B usiness is entering a newoperating era. After decades of digital optimisation, organisations nowhave the ability to delegate entire streams ofwork toAI agents capable of gathering information, analysing it, drafting content, triggering actions and coordinatingworkflows. This shift is giving rise to a neworganisational archetype: the Frontier Firm. These companies use human– AI collaborationnot as an add-on, but as the foundationof howworkhappens. Mostorganisationstodayfeelthepressureofawiden- ing capacity gap: workloads grow faster than teams can keep up, coordination remains slow, and pro- cesses are heavilydependent onhuman effort. GenerativeAIassistantshelpindividualsworkfaster, buttheydonottransformhowthebusinessoperates. Theymake the oldway of workingmore efficiently. The true performance leapoccurswhenAI becomes partoftheoperatingmodel.Thisiswheremanyearly AI initiatives fail. Leaders approachAI as a technol- ogy rollout (deploying tools, offering training and launching small pilots) without redefining the busi- ness outcomes they expect to change. Without that clarity, organisations fall into“pilot purgatory”: scat- tered experiments with little measurable impact. Transformation requires a different starting point. Frontier Firms begin with a performance ambition: reducing cycle time, improving decision speed, ele- vating quality or accelerating innovation and re- designing work around that outcome. Technology follows strategy, not the reverse. A Frontier Firm is distinguished by how it operates. Humansledthere.Theyprovidejudgment,creativity, ethical reasoning, and oversight. AI agents operate. hey gather information, prepare data, draft material, monitor workflows and execute tasks. Roles are re- designed,sorepetitiveworkisdelegatedtoagents,al- lowingpeopletofocusonhigher-valuecontributions. Processes are re-engineered end-to-end so that AI agentscoordinatestepsacrossteams,reducingfriction and collapsing delays. Continuous experimentation becomes part of normal work, not an occasional ac- tivity. And the organisation aligns incentives so that employees are rewarded for adopting newways of working rather thanmaintaining legacy behaviour. AI agents fit into this operatingmodel at several lev- els. Task-level agents automate micro-activities such as summarisation, extraction, and monitoring. Role-level agents act as copilots tailored to specific professions, helping salespeople, HR specialists, an- alystsorprojectmanagersfollowconsistentbestprac- tices.Process-levelagentscoordinatecross-functional workflows, transforming areas such as forecasting, onboarding, or procurement.Above these layers, or- chestratoragentssuperviseotheragents,manageex- ceptions, and maintain flow across systems. Together, they form a digital workforce embedded within the enterprise. TransformingitsorganisationintoaFrontierFirmre- quiresthreecomplementaryapproaches,usedinpar- allel depending on the challenge. The first is persona-based transformation, which focuses on im- provinghowspecificrolesworkwithAI.Byanalysing a role’s real daily tasks, organisations can design prompts, micro-agents and workflow patterns that deliver immediate value. The second is end-to-end process reinvention, which re-architects entirework- flows using AI agents to remove bottlenecks and handoffs. This is where organisations unlock signifi- cant improvements inspeed, cost, andreliability. The third is the AI-first incubator, in which a small team steps out of daily operations for a short period to re- build a workflow from scratch withAI at the centre. Thismethodgeneratesbreakthroughinnovationsthat incremental improvementwouldnever surface. Noneofthisispossiblewithoutexecutiveleadership. Technology teams can build tools, but only execu- tives can transform the business. Leaders must set the performance ambition before choosing technol- ogy; make knowledgework visible bymapping the reality of howwork happens; redesign roles so hu- mans and agents collaborate clearly; foster a culture where experimentation is safe and expected; and align incentives so that future-oriented behaviours are rewarded. People follow what organisations measure andvalue, and incentives ultimatelydeter- minewhether transformation succeeds. Executives do not need a massive programme to start the journey. They need a clear decision: choose one performance metric to improve, one workflow to analyse, one team to empower and one transfor- mation recipe to apply. The journey toward becom- ing a human-led, AI-operated organisation begins with a single step taken with clarity and intention. The shift toward Frontier Firms is the most signifi- cant operating transformation since the arrival of computing. Organisations that limit themselves to AI assistants will gain productivity. Organisations that redesign their operating models around AI agents will gain competitive advantage. They will operate faster, coordinate better, innovate sooner, and adapt more rapidly than their peers. The next great transformation: HowAI is redefining the way businesses work ©Freepik By Maurice SCHUBERT, Cyber Partner & Yasser ABOUKIR, CyberDirector, Deloitte Luxembourg F inancial institutions are investing heavily onGenerativeAI (GenAI) andLarge LanguageModels (LLMs). Fromfrauddetection to auto- mated customer support, these technologies are already deli- vering results. Yet many of the deployments ex- pose attack surfaces that institu- tions do not fully comprehend. Unlike traditional software,AI-en- abled interfaces introduce awhole new world of attack vectors (e.g., prompt injection, model poisoning, or unauthorizeddataextraction)thatmostconventional security testing approaches donot address. For Luxembourg’s financial sector, where regulatory scrutiny around digital resilience is intensifying, this gapgoesbeyond technical issues, primarily togover- nance and compliance. Real-world testing provides theinsightsrequiredtounderstandandsafelyharness this technology. What is anLLM? It is an AI system trained on vast text data to understand and generate human-like responses. Infinance for instance, LLMs power chatbots, transaction analysis, compliance monitoring, and document review. HowaboutAI agents? These are autonomous systems usingLLMs to perceive en- vironments,makedecisions,andexecuteactionswithexter- nal tools. Unlike traditional software programmed with explicit rules, both AI agents and LLMs introduce unique security challenges that institutions must understand and manage. LLMs:Anewattack surface Traditional cybersecurity focuses onprotecting infra- structure elements leveraging foundational controls, such as network, firewalls, identity and access man- agement(IAM),applicationsecuritycontrols,encryp- tion, etc. These fundamentals remain essential since gettingyourcyberhygienerightisnon-negotiable.But LLMsecurity requires a different lens, as new attack surfaces are emerging and adversaries can sidestep conventional defenses. One key risk for example is prompt injection attack, whichmanipulatesuserinputstooverridemodelsys- teminstructions,potentiallyforcingafinancialchatbot to disclose customer data or approve unauthorized transactions. Another sophisticated threat is model poisoning, which occurs when adversaries corrupt training data to embed hidden behaviors into the model itself. Information disclosure poses particular risk in financial industry. Publicly exposed LLMs without additional security technology could easily result in large volumes of information leakage. Traditional risks also persist, nowat greater speed.A poorlyconfiguredLLMapplicationprogrammingin- terface (API) or vector database storing transaction embeddings could leak sensitive customer data. An agent querying multiple systems simultaneously could exfiltrate farmore data, far faster. Integrityrisksareequallycritical.Unauthorizedmod- ificationstocode,models,ordatapipelinescouldpro- duce unreliable outputs, creating regulatory and operational headaches. On the other hand, Agentic AI requires new archi- tecturalpatterns.Autonomousagentstypicallybegin as prototypeswith insufficiently refined access con- trols, often inheritingbroadsystemprivileges, hence creating challenges duringproductiondeployment. Governance models are therefore challenged. Who decideswhat agents cando, howdoyouaudit deci- sions, what happens if an agent fails? A permissive IAM role that might pose minimal risk in a tradi- tional system can have severe consequences when assigned to an autonomous agent, amplifying exist- ingweaknesses. These threats are not hypothetical. In recent years, fi- nancial institutions havediscoveredLLMmisconfig- urations exposing customer records, unauthorized extraction of proprietary models, and prompt injec- tion attacks against deployed systems. These threats demand new competencies (prompt engineering, agent validation, dynamic access management, etc.) whicharecurrentlyoutofreachformanyinstitutions. Case study one: Fromthreatmodeling to penetration testing, a practical framework Addressing LLM security requires a structured ap- proach. The fintechwe workedwith built anAI-dri- ventransactionmonitoringsystemusingcloud-native architecture and serverless infrastructure. Before ac- ceptingrealcustomerdatafortraining,wefirsthadto decide howto validate its security. Inourexperience,threatmodelingisthestartingpoint. Using methodologies like STRIDE combined with emerging AI-specific frameworks (OWASP AI Top 10, MITREATLAS, etc.), we mapped out po- tential attack paths, including spoofing API credentials, tamperingwith training datasets, information disclosure via misconfigured cloud storage, elevation of privilege through IAMweaknesses,anddenialofserviceattacks againstmodel inference. This threat modeling exercise turns abstract risks into concrete scenarios. A high- likelihood information disclo- surebecomes a specific test case, posing the question of whether anadversary canexfiltrate trans- actiondataviatheAPI.Andmore importantly, whether attackers can craft prompts overriding in- structions, manipulate agents into unauthorized transactions, and ex- tractmodelweights. Threat modeling thus bridges the gap between gov- ernance challenges and technical testing, helping re- mediation efforts focus on genuine business risks rather than theoretical or purely technical threats. After threat modeling, penetration testing helps con- firmthe risks and assumptions: -Black-boxtestingsimulatesanexternalattackerwith no systemknowledge. - Grey-box testing assumes a compromised insider withpartial access. For LLMsystems, testingmust cover the entire stack, likeAPI endpoints, authenticationmechanisms, data ingestionpipelines,modeltraininginfrastructure,and inference endpoints.A singlemisconfiguration, such as anunprotecteddata store, ahard-codedcredential inCI/CD, or aprompt filter that canbebypassed, can compromise the entire system. Case study two:A financial institution strengthensGenAI security One major financial institution we partnered with was deployingGenAI acrossmultiple internal sys- tems, including a centralizedAI design platform, a scalabledata lake for datasets, structureddatabases, containerized application environments, and inte- grationwith advancedLLMservices. Security lead- ers needed to identify vulnerabilities before rolling these systems out at scale. StructuredpenetrationtestingandAIredteamingad- dresses this by breaking down the architecture into testable pieces: -GenAIapplicationtesting: Black-boxandgrey-box testing of front-end applications, APIs, and model endpoints probes for business logic bypasses, unau- thorizeddataexposure,andpromptinjectionvectors. Ascenario-basedapproachtestsreal-worldusecases. Cananattackermanipulate a chatbot toaccessfinan- cial data? Can they trigger unauthorized model ac- tions through function calling? - LLMbehavior assessment: Testing the LLM itself, nottheinfrastructure,focusesonpromptinjection,jail- breaks, and context poisoning. Does the model’s safety layer prevent an attacker from crafting inputs thatoverridesystemprompts?Cananattackerextract proprietarymodelweightsorfine-tuningdata?These questions guide focused testing that validates model resilience. -Cloudintegrationhardening: Authenticationmech- anisms,role-basedaccesscontrol,andpromptfiltering mechanismsarevalidatedtoensurenetworkisolation andleast-privilegeaccess.Loggingcapabilitiesareas- sessed against the visibility you need for incident re- sponse and compliance audits. Lessons learned Across the financial sector, a clear pattern emerges: without strong fundamentals, AI tends to magnify cyber risk. -Configurationleadsmostproblems: Vulnerabilities typicallystemfrommisconfiguration,overlypermis- sive access roles, unencrypteddata in transit, and ex- cessive API logging permissions, rather than fundamental architectural flaws. These can be ad- dressed throughgovernance and reviewcycles. -Datasensitivityrequiresspecialfocus: Financialin- stitutions handling customer transactiondata or per- sonally identifiable information face heightened information disclosure risk. Vector databases storing embeddings, API responses, and model inference cachingmustbeprotectedwiththesamerigorascore productiondatabases. - Testing must be contextual: A security assessment of an AI-driven AML system differs fundamentally fromtestingacustomer-facingGenAIchatbot.Threat models and test scenarios should reflect the specific data types, user roles, and operational constraints of eachuse case. - Remediation is iterative: LLMsecurity is not a one- time engagement. As models evolve, attack tech- niques mature, and integration patterns change, security postures need to be reassessed. A purple- teaming approach, where offensive and defensive teams collaborate in real time, builds institutional knowledge and lasting securitypractices. Conclusion AI in financial services is already a business and operational necessity. Security architecture and “shift left” security integration directly into the de- velopment pipeline are required for competitive advantage, reducing bothdetection latency and re- mediation costs. Leading institutions shouldmake security testing part of deployment rather than an afterthought. Threat modeling, structured assess- ments, and AI red teaming move LLM security from theory to a practical plan. By identifying real attack paths, validating defenses, and remediating gaps before production deployment, financial in- stitutions can realizeAI’s benefitswhilemanaging genuine risks. The debate is no longer “Shouldwe test LLM security?” but “How thoroughly and how often?” For Luxembourg’s financial sector, the answer points to comprehensive, regularly scheduled testing that is integrated into the prod- uct lifecycle from day one. Safeguarding GenerativeAI and Large Language Models: Lessons learned from the field