*The views and opinions expressed by Todd Smith are their own and do not necessarily represent those of any former or current employers.

The fight against financial crime is increasingly asymmetrical. Attackers, unburdened by rules, are using generative AI to probe, deepfake, and overwhelm institutional defenses with automated speed. For them, success is a numbers game requiring only a single vulnerability. Financial institutions, however, are caught in a web of regulations, audits, and governance, forcing them to defend every possible front. The result is a fundamental imbalance of speed, freedom, and risk.

For Todd Smith, Senior Vice President and Director of Customer IAM and Threat Intelligence at Ameris Bank, managing this asymmetry is more than a job. A veteran of the front lines, Smith has built and led cyber-fraud fusion centers for major financial institutions, including SoFi, Barclays UK, and Citi. For him, a simple mantra must guide every decision in the security world: "Know the threat, understand the threat, beat the threat."

• The Trojan horse: Defending against AI-powered threats requires a specific, adversarial mindset built on experience, Smith explains. Because often, the most dangerous threats are the ones we don't even know to look for, he says. "The fundamental threat of enterprise AI is the Trojan horse: something you let in because you think it's good, but it's actually full of bad. If you're experienced, you know to be vigilant. But if you've never seen one before, you could willingly open the gates and let the danger inside."

AI is supercharging the attacker's playbook, Smith continues. By automating the hunt for weaknesses, what used to take weeks of manual effort now happens in minutes. From network attacks to more subtle insider infiltration, constant probing threats challenge the very foundation of traditional "know your customer" (KYC) systems.

• Testing the fences: The attack is not a single test, he explains. Instead, it's a relentless, high-volume barrage designed to overwhelm both automated and manual review systems. "Attackers are constantly testing your defenses for a single vulnerability. Once they find it, they attack. In the past, you might have had time to react, but with AI, that window is gone. The attack is instant." One unintended consequence of this new reality is immense and constant pressure on security teams, he continues. "We have to be right all the time. But from a security standpoint, attackers only have to be right once."

Constant probing creates a critical dilemma for modern financial institutions: striking the right balance between the need for multi-layered identity verification and the demand for frictionless user experiences. Now a widely recognized challenge, it's forcing businesses to rethink identity verification and find new ways to improve the customer experience with AI-driven fraud prevention, Smith says.

• A zero-trust future: As AI advances, the threat becomes customers themselves using autonomous AI agents to manage their finances, he explains. Now, a new frontier of risk is emerging, one that prompts inherent distrust by default. But for Smith, a default posture is just the start. "Our starting point is zero trust. We must assume that any AI interacting with us on a customer's behalf is malicious until we can prove otherwise. It's a guilty-until-proven-innocent model, but the risks are too high for anything less."

The twist is that the best defense against bad AI could be good AI, Smith says. By leveraging AI in areas like customer service, institutions can offer the speed customers need without compromising security. Here, AI parses requests, instantly handling simple tasks like reissuing a debit card, and seamlessly escalating higher-risk issues to a human agent, he explains.

• Threading the needle: To manage the balance, Smith suggests a dynamic, risk-based approach where security measures are calibrated to the specific transaction. Meanwhile, institutions can focus human scrutiny where it matters most. "Our job is to thread that needle. Customers demand speed and ease, but if you create too much friction, they will abandon your service and open an account elsewhere.

With the same AI tools used for consumer scams threatening the enterprise, the fast-changing field of identity verification has become a top priority today. The capital required to implement these advanced frameworks, however, raises a critical systemic risk for the industry, Smith says. As the resource gap grows wider between large institutions and smaller ones, he questions whether smaller banks and community institutions will have the bandwidth to keep pace. In a modern version of the classical Trojan horse threat, the greatest danger will come from what is let willingly inside the walls.

Given the stakes, how do leaders stay ahead? Smith offers a proactive and collaborative mindset as the solution. Explaining why defenders can no longer afford to operate in silos, he uses the Roman army as a metaphor for the power of coordination against a disorganized enemy. "Look at how the Roman army was so effective. They all worked together. Otherwise, you had individuals, just melee. And then they go up against the Romans, who were coordinated. Boom. Romans took over the world."

Get the balance between risk and opportunity wrong, however, and the consequences can be personal, Smith concludes. "This isn't just about data. It's about people's lives. A single failure is when someone loses their life savings or the down payment on a house. It can turn their entire world upside down."