As the financial sector's reliance on Know Your Customer (KYC) systems continues to grow, so too does the risk of breaches and insider misuse. What was once thought to be a trust upgrade has become one of the industry's most fragile assumptions, with 40% of incidents in 2025 attributed to insiders and vendors who now sit squarely inside the system.
The problem is twofold: KYC workflows require highly sensitive materials to move across cloud providers, verification vendors, and manual review teams, widening the blast radius. Moreover, many KYC stacks are architected in ways that make leaks not just possible but likely. This was starkly illustrated by last year's breach of the "Tea" app, which exposed passports and personal information after a database was left publicly accessible.
The scale of vulnerability is now well-documented, with over 12,000 confirmed breaches last year resulting in hundreds of millions of records being exposed. Supply-chain breaches were particularly damaging, with nearly one million records lost per incident on average. Identity data is uniquely permanent, and when KYC databases are copied or accessed through compromised vendors, users may have to live with the consequences indefinitely.
Weak identity checks are a systemic risk, as recent law-enforcement actions have underscored how fragile identity verification can become when treated as a box-ticking exercise. Lithuanian authorities' dismantling of SIM-farm networks revealed how weak KYC controls and SMS-based verification were exploited to weaponize legitimate telecom infrastructure.
A.I.-assisted compliance adds another layer of complexity, with many KYC providers relying on centralized, cloud-hosted A.I. models to review documents and flag anomalies. In default configurations, sensitive inputs are transmitted beyond the institution's direct control, raising concerns about insider misuse and vendor compromise.
However, there is a way forward: confidential A.I. challenges the assumption that verification requires visibility by starting from a different premise – sensitive data should remain protected even from those who operate the system. Confidential computing enables this by executing code inside hardware-isolated environments known as trusted execution environments (TEEs). Data remains encrypted not only at rest and in transit but also during processing.
Research has demonstrated that technologies such as Intel SGX, AMD SEV-SNP, and remote attestation can provide verifiable isolation at the processor level. Applied to KYC, confidential A.I. allows identity checks, biometric matching, and risk analysis to occur without exposing raw documents or personal data to reviewers, vendors, or cloud operators. Verification can be proven cryptographically without copying sensitive files into shared databases.
Reducing insider visibility is not an abstract security upgrade – it changes who bears risk and reassures users that submitting identity documents does not require blind trust in unseen employees or subcontractors. Institutions shrink their liability footprint by minimizing plaintext access to regulated data, while regulators gain stronger assurances that compliance systems align with data-minimization principles rather than contradict them.
The time for a shift in KYC thinking is overdue. The industry cannot continue to normalize insider risk, given current breach patterns. Confidential A.I. does not eliminate all threats, but it challenges a long-standing assumption and offers a way forward – one that prioritizes data protection and user trust over outdated notions of verification and compliance.
The problem is twofold: KYC workflows require highly sensitive materials to move across cloud providers, verification vendors, and manual review teams, widening the blast radius. Moreover, many KYC stacks are architected in ways that make leaks not just possible but likely. This was starkly illustrated by last year's breach of the "Tea" app, which exposed passports and personal information after a database was left publicly accessible.
The scale of vulnerability is now well-documented, with over 12,000 confirmed breaches last year resulting in hundreds of millions of records being exposed. Supply-chain breaches were particularly damaging, with nearly one million records lost per incident on average. Identity data is uniquely permanent, and when KYC databases are copied or accessed through compromised vendors, users may have to live with the consequences indefinitely.
Weak identity checks are a systemic risk, as recent law-enforcement actions have underscored how fragile identity verification can become when treated as a box-ticking exercise. Lithuanian authorities' dismantling of SIM-farm networks revealed how weak KYC controls and SMS-based verification were exploited to weaponize legitimate telecom infrastructure.
A.I.-assisted compliance adds another layer of complexity, with many KYC providers relying on centralized, cloud-hosted A.I. models to review documents and flag anomalies. In default configurations, sensitive inputs are transmitted beyond the institution's direct control, raising concerns about insider misuse and vendor compromise.
However, there is a way forward: confidential A.I. challenges the assumption that verification requires visibility by starting from a different premise – sensitive data should remain protected even from those who operate the system. Confidential computing enables this by executing code inside hardware-isolated environments known as trusted execution environments (TEEs). Data remains encrypted not only at rest and in transit but also during processing.
Research has demonstrated that technologies such as Intel SGX, AMD SEV-SNP, and remote attestation can provide verifiable isolation at the processor level. Applied to KYC, confidential A.I. allows identity checks, biometric matching, and risk analysis to occur without exposing raw documents or personal data to reviewers, vendors, or cloud operators. Verification can be proven cryptographically without copying sensitive files into shared databases.
Reducing insider visibility is not an abstract security upgrade – it changes who bears risk and reassures users that submitting identity documents does not require blind trust in unseen employees or subcontractors. Institutions shrink their liability footprint by minimizing plaintext access to regulated data, while regulators gain stronger assurances that compliance systems align with data-minimization principles rather than contradict them.
The time for a shift in KYC thinking is overdue. The industry cannot continue to normalize insider risk, given current breach patterns. Confidential A.I. does not eliminate all threats, but it challenges a long-standing assumption and offers a way forward – one that prioritizes data protection and user trust over outdated notions of verification and compliance.
. We've seen way too many breaches where insiders or vendors have exploited weaknesses to expose sensitive info. It's getting to the point where we should be worried about what happens when these databases get compromised... it can be really bad, with hundreds of millions of records exposed 
.
. And with A.I.-assisted compliance, we're adding another layer of complexity... how can we trust that our identities are being verified properly when sensitive data is being transmitted around?
It's all about executing code inside trusted execution environments (TEEs) and keeping data encrypted during processing. This way, we can ensure that identity checks don't expose raw documents or personal info to reviewers... it's a game-changer for user trust 
.
. It's time for the financial sector to shift its thinking around KYC systems... we can't keep normalizing insider risk 
.
the fact that A.I.-assisted compliance can be exploited too is really concerning 
and those supply-chain breaches are literally devastating for people's lives 
anyway, it sounds like confidential A.I. could be a game-changer in terms of protecting our info 
, like they're trying to be secure but are actually just asking for trouble... and now it's getting worse with all these breaches and insider threats. I mean, 40% of incidents are from insiders and vendors? That's crazy talk! 
. 
. We need to make sure institutions are minimizing plaintext access to regulated data, not just relying on blind trust in employees or subcontractors.
.
It's crazy to me how we're still relying on KYC systems that are basically just asking for trouble 
Especially when it comes to insiders and vendors who have access to sensitive info 
We need a new approach, like confidential A.I. 
. It's wild to think that something meant to improve security is actually making things worse. I mean, who thought it was a good idea to make insiders and vendors vulnerable? 
We're basically relying on people we don't even know to keep our info safe... it's like asking a stranger to babysit your kid 
.
That's what we need more of.
. It's time to rethink how we do security and prioritize user trust above all else 
. I mean, who would've thought that trusting our digital systems with sensitive info would lead to more problems? 
. Confidential computing is like a whole new level of encryption security... but it's also kinda scary 
, its like they're treating identity checks as a box-ticking exercise 
, it enables verifiable isolation at the processor level which means sensitive info remains encrypted even during processing 
. The notion that KYC upgrades enhance trust has been upended by the alarming rise of insider breaches and vendor mishaps, with 40% of incidents now attributed to these very parties 
. This not only reduces insider risk but also minimizes liability for institutions and provides regulators with stronger assurances that compliance systems align with data-minimization principles 
. We can no longer normalize the notion of blind trust in unseen employees or subcontractors – it's time to rethink KYC and prioritize security over outdated notions of verification and compliance 
.
. It's not like we're seeing a lot of breaches that are unexpected or outside of expected channels, it's more like insiders and vendors who have access to these systems are the ones causing all the problems 
. I mean, have you seen those breach numbers? 12,000+ confirmed breaches last year alone?! That's just insane 
. By executing code in hardware-isolated environments, sensitive data can actually remain protected even from those who are operating the system 
. And the scale of vulnerability is insane - 12k+ breaches last year and hundreds of millions of records exposed... it's like, what's going on? 
. we can't keep normalizing insider risk, it's time for a change! using confidential ai could help minimize plaintext access to regulated data & reduce liability footprint 
.
. I mean, 40% of incidents are now coming from insiders and vendors who have access to sensitive info 
. We're relying on these centralized models that send sensitive info out into the wild, waiting to be exploited. And what's with the weak identity checks? It's like we're just ticking boxes without actually verifying anything 
.
. We can't keep normalizing insider risk and expecting everything to be okay 
. Confidential A.I. might not solve all the problems, but it's a start 
- they're always borrowing your stuff without asking 
the kyc system is so broken 
but really, we shouldn't be relying on the good intentions of our employees and vendors to keep us safe. 
