AI is rapidly advancing and financial institutions need to train their employees to use it securely.  

As more FIs incorporate AI and machine learning into their operations, it is imperative that they educate workers on best uses, data safety and company policy, Troy Leach, chief strategy officer at the nonprofit Cloud Security Alliance, told FinAi News. 

“We’ve just accelerated the technology so fast and not given our staff the time to respond,” he said. “That skill gap has definitely climbed the technology stack to the top.” 

FI professionals identified human error as the third greatest security risk to their cloud infrastructure, just behind third-party risks and cloud misconfigurations, according to a CSA survey report, “The State of Cloud and AI for Financial Services,” released this month.  

As AI systems move from advisory roles into active roles within FIs, human oversight is crucial. But because many employees do not understand how AI works, they do not properly restrict its actions or access to sensitive financial information, Leach said. 

Misunderstanding leads to cloud misconfiguration

An improperly configured network puts confidential information and an institution’s system at risk. If those overseeing technology have a skills gap and carte blanche, they inadvertently can create system vulnerabilities. 

This occurs when “we’ve given a human too much privilege and not enough oversight,” Leach said. “Then [the human has] given a non-human identity too much privilege and not enough oversight. It’s cascaded.” 

Employees too often don’t know their company’s AI policies and don’t understand its capabilities, Leach said. 

Sensitive financial data can be exposed through ordinary AI use, such as prompts, chat history and system training.  

A lack of AI and ML expertise was identified as the second largest barrier to implementing these technologies behind data privacy concerns, according to the survey.  

Ongoing education is vital

While “humans will never be perfect,” FIs should strive to educate employees as much as possible, Leach said. The CSA offers AI training courses and resources in partnership with universities. 

Many larger banks already have gotten the memo that education is imperative. For example, Citizens Bank in March 2025 gave all employees access to Microsoft Copilot Chat, an AI feature that spans the Microsoft 265 suite.   

Since then, Citizens has “taken a structured, enterprise-wide approach to building AI skills and promoting responsible use from the start,” Michael Ruttledge, chief information officer and head of enterprise technology and security at Citizens Financial Group, told FinAi News.

Ruttledge said training includes: 

• Role-based learning; 

• AI skill certification and academies; 

• Live training sessions, often led by Microsoft; and 

• A monthly discussion series based around sharing ideas and learning from real use cases. 

“The training is practical and easy to access, helping colleagues build confidence while reinforcing human judgment and accountability,” he said. “These efforts help us scale AI in a disciplined way, with clear guardrails and a focus on long-term value.” 

Register here for the FinAi Lending Summit, set for Oct. 7-8 in Las Vegas.