AI Threat Modeling: Securing Identities with Zero Trust in 2025

Financial services companies are fighting back against increasingly sophisticated identity-based attacks that aim to steal billions of dollars and disrupt transactions, ultimately destroying trust that has been built over years.

Cybercriminals are continuing to hone their craft and are specifically targeting gaps in the industry’s identity security. From the attempt to Weaponize LLMs to take advantage of the latest opponent AI techniques for identity theft and commit synthetic fraudCybercriminals, crime syndicates and nation-state actors are targeting financial services.

Here’s how Rate companies (formerly Guaranteed Rate) is fighting these increasingly complex identity-based attacks – and what other industries and business leaders can learn from their strategy.

How Rate Companies defends itself against AI-driven threats

Financial institutions face more than $3.1 billion in exposure to synthetic identity fraud, which increased by 14.2% last year, and deepfakes increased by 3,000% and are expected to increase by another 50 to 60% in 2024. Not to mention, smishing texts, MFA fatigue, and deepfake impersonations are worryingly widespread.

As the second-largest residential mortgage lender in the U.S., Rate billions of sensitive transactions pass through its systems every day, making the company a prime target for cybercriminals.

VentureBeat recently sat down (virtually) with Katherine Mowen, the financial institution’s SVP of information security, to gain insight into how she orchestrates AI across the rate infrastructure, with a strong focus on protecting customers -, employee and partner identities.

“Due to the nature of our business, we face some of the most advanced and persistent cyber threats,” Mowen told VentureBeat. “We have seen others in the mortgage industry fall victim to security breaches, so we needed to ensure that this did not happen to us. I think what we’re doing right now is fighting AI with AI.”

Mowen explained that AI threat modeling is critical to protecting customer identities and the billions of dollars in transactions the company makes each year. She also emphasized that “even the best endpoint protection doesn’t matter if an attacker simply steals user credentials.”

This insight led Rate to improve identity-based anomaly detection and incorporate real-time threat response mechanisms. The company has adopted a Zero Trust framework and mindset that anchors every decision around identity and continuous verification.

Today, Rate validates identities based on the “never trust, always verify” principle, a core concept of Zero Trust. Using AI threat modeling, Rate can define least privilege access and monitor every transaction and workflow in real time – two more cornerstones of a solid zero trust framework.

The company recognized the importance of addressing the ever-shrinking detection and response window – the average breakout time for eCrime attacks is now just under 62 minutes. To address this challenge, the organization adopted the 1-10-60 SOC model: 1 minute for detection, 10 minutes for triage, and 60 minutes for threat containment.

Lessons learned from Rate to build an AI threat modeling defense

To scale and address the cyclical nature of the mortgage industry – headcount can be increased from 6,000 to 15,000 as needed – Rate needed a cybersecurity solution that could easily scale licensing and unify multiple layers of security. To achieve this, each AI threat modeling provider offers special pricing offers for bundling modules or apps. The solution that made the most sense for Rate is CrowdStrike’s customizable Falcon Flex licensing model, which allowed Rate to standardize on the Falcon platform.

Mowen explained that Rate also faced the challenge of securing all least privileged regional and satellite offices, monitoring identities and their relative privileges, and setting time limits for resource access, while continuously monitoring every transaction. Rate uses AI threat modeling to precisely define least privilege access and monitor every transaction and workflow in real time. These are two cornerstones required to build a scalable zero trust framework.

Here’s a breakdown of the lessons Rate has learned from using AI to prevent sophisticated identity attacks:

Identity and credential monitoring is at stake and security teams need quick success

Rate’s information security team began tracking a growing number of complex, unique identity-based attacks on loan officers working remotely. Mowen and her team evaluated multiple platforms before choosing CrowdStrike’s Falcon Identity Protection because of its ability to detect often nuanced identity-based attacks. “Falcon Identity Protection gave us visibility and control to combat these threats,” said Mowen.

Using AI to reduce the noise-to-signal ratio in (SOC) and endpoints must be a high priority

Mowen noted that Rate’s previous provider caused more excitement than actionable warnings. “Now when we get a call at 3 a.m., it’s almost always a legitimate threat,” she said. Rate selected CrowdStrike’s Falcon Complete Next-Gen Managed Detection and Response (MDR) and integrated Falcon LogScale and Falcon Next-Gen Security Information and Event Management (SIEM) to centralize and analyze log data in real-time. “Falcon LogScale has reduced our total cost of ownership compared to the cumbersome SIEM we previously had and is much easier to integrate,” said Mowen.

Define a clear, measurable strategy and roadmap to achieve cloud security at scale

As the company continues to grow organically and through acquisitions, Rate needed cloud security that can adapt, expand, contract and adapt to market conditions. Real-time visibility and automatic misconfiguration detection across all cloud assets was a must. Rate also required integration into a variety of cloud environments, including real-time visibility across the entire information security technology stack. “We manage a workforce that can grow or shrink quickly,” Mowen said.

Look for every opportunity to consolidate tools to improve end-to-end visibility

For AI threat modeling to be successful in identifying attacks, endpoint detection and response (EDR), identity protection, cloud security and additional modules all needed to be available under one console, Mowen emphasized. “Consolidating our cybersecurity tools into one cohesive system makes everything from management to incident response far more efficient,” she said. CISOs and their information security teams need tools to provide a clear, real-time view of all assets through a single monitoring system capable of automatically flagging misconfigurations, vulnerabilities and unauthorized access.

“In my opinion, your attack surface is not just your infrastructure, but also your time. “How long do you have to respond?” Mowen said, emphasizing that accuracy, precision and speed are crucial.

Redefining Resilience: Identity-Centric Zero Trust and AI Defense Strategies for 2025

Here are some key takeaways from VentureBeat’s interview with Mowen:

• Identities are under attack, and if your industry doesn’t see it yet, they will in 2025: Identities are considered a vulnerability in many technology stacks, and attackers are constantly honing their craft to exploit them. AI threat modeling can protect credentials through continuous authentication and anomaly detection. This is essential to protect customers, employees and partners from increasingly deadly attacks.

• Fight AI with AI: Using AI-driven defenses to combat adversarial AI techniques, including phishing, deepfakes and synthetic fraud, is working. Automating detection and response reduces the time it takes to detect and mitigate attacks.

• Always prioritize real-time responses: Follow Mowen’s example and adopt the “1-10-60” SOC model. Speed is critical as attackers are setting new records based on how quickly they can access a corporate network and install ransomware, search for identity management systems and redirect transactions.

• Make Zero Trust the core of identity security, enforce least privilege access, continuous identity verification, and monitor every activity as if a breach had already occurred: Each organization must define its own approach to Zero Trust. The core concepts prove themselves time and time again, especially in highly specialized industries such as financial services and manufacturing. The essence of Zero Trust is to assume that a breach has already occurred. Therefore, monitoring is a must in any zero trust framework.

• When possible, automate SOC workflows to reduce alert fatigue and give analysts more time for level two and three intrusion analysis: A key insight from Rate is how effective AI threat monitoring is when combined with process improvements across the SOC. Consider how AI can be used to integrate AI and human expertise to continuously monitor and mitigate evolving threats. Always consider how human-in-the-middle workflow design improves AI accuracy while giving SOC analysts the opportunity to learn on the job.