The problem
AI is simultaneously lowering the cost of attacks (more convincing phishing, faster reconnaissance, automated exploitation) and raising the ceiling on defense (anomaly detection, triage, synthesis). Most organizations are reacting to one side and ignoring the other.
The approach
I treat AI security as a multi-year strategic track, not a one-off project: monitoring how offensive capabilities are evolving, evaluating defensive tooling, and thinking through governance for AI-driven decisions in a consumer-finance context where fairness and explainability matter.
The outcome
A forward-looking posture that aims to keep the program ahead of the curve rather than scrambling to catch up.
