Trusting AI Series | Blog 2
Trusting AI Series | Blog 2

Information Security: The Price of Admission for AI

Matt Scarborough CEO and Co-Founder
June 30, 2026 | 6 min read

In my first blog of this series, Can AI Be Trusted in High-Stakes Credit Reporting and Dispute Processes?, I wrote that the first steps to answering “Can I trust AI?” are to extend the question with two key parts:

  • To do what?
  • How well?

With this blog focusing upon the information security aspects of using AI to help in credit data furnishing and disputes, I said that we would start with the question: “Can I trust AI tools to keep our data secure with as much confidence as I have today in other technologies?”

This critical question must be addressed before the business outcomes can even be considered.

We will supplement that question with “Can I trust AI tools to stay in their lane as well as I can other parts of my infrastructure?”

There are, of course, many more questions that we could ask, but these strike a balance between being broad enough to cover many sub-categories and focused enough to address in a blog.

At the end of this blog are a couple links to additional resources for those of you who are interested in going deeper.

Let’s take these questions in order.

Data Security

“Can I trust AI tools to keep our data secure with as much confidence as I have today in other technologies?”

To answer this question, you must first take a step back from the AI itself, considering the full solution and environment in which the AI operates. Information security is only as strong as its weakest attack vector, so an AI solution cannot be secure without securing the databases, data flows, authentication, and other critical InfoSec considerations that must be in place. This may be stating the obvious, but it’s critical to not lose the foundations when evaluating new types of tools.

Moving to the AI-specific considerations, the first question that many people jump to when thinking about AI tools is some version of “What model are you using?”

From a data security perspective, however, the better question is “What access are model providers getting to my data, and how are they using it?” The answers to those questions can be very different.

The best way to make sure that the companies building LLMs do not use your data is to make sure that they never receive it in the first place. That is why, at Bridgeforce Data Solutions, we wanted to keep the data within our secure environment regardless of the models we used.

To do this, we started using Amazon Bedrock in 2024 and it remains a key part of our infrastructure.

Model Access

For Bedrock, AWS has brought copies of dozens of AI models into their data centers.

Data Location

Those models can then be used without the data ever leaving the AWS data center, in our case US East in Northern Virginia.

Secure Perimeter

Bedrock enables us to work with the models available, with over 100 to choose from at this point, while keeping all data within our PCI-DSS perimeter.

In our case, we were operating PCI-DSS and SOC 2 audited environments for years before adding AI tools to the mix. The AI-enabled solutions that we have developed are in-scope for those audits. By having our AI tools in-scope for our PCI-DSS audits, we are treating all inputs and outputs to those tools with the same care as is industry-standard for things like credit card numbers and expiration dates.

Now let’s move on to the next question.

AI Staying in Its Lane

“Can I trust AI tools to stay in their lane as well as I can other parts of my infrastructure?”

There have been many newsworthy instances at this point of AI models behaving differently than expected, so people are rightfully concerned about keeping any solution within its intended lane and also making sure that they can shut it down if they want.

Ensuring this is true starts with the solution design. Our AI solutions are narrowly focused and operate in a request-based way, which shapes how they behave from the ground up:

Narrow Focus

The tools and permissions available to our solutions are very limited, in some cases limited to read-only.

Request-Based

Operating in a request-based way means that the tools take action only once called upon.

Simple Kill Switch

The concept of a “kill switch” is simple: it involves the cessation of making requests.

Lower Inherent Risk

This structure keeps the inherent risk for our solutions low from this perspective.

The picture looks very different for solutions with much greater agency. An AI solution designed to handle a wide array of tasks and overcome obstacles would require capabilities that could be harder to contain. This would greatly increase the inherent risk from this perspective, and make shutting it down potentially harder.

Solution design and build is then followed by testing. This involves scanning for vulnerabilities in code and the environment, logging, and 24/7 monitoring to ensure that any unusual activity is quickly detected.

Next Steps

I’ll pull up here to keep this blog at a reasonable length, but there’s much more underneath. We’ve documented it in depth for our clients, and I’d welcome the chance to walk you through any of it.

If you’re sorting through these same questions at your financial institution or are interested in learning more about our solutions, please reach out below. I am always happy to talk through what we’ve learned.

Reach Out to Matt

Sorting through similar AI questions?

There is much more underneath the security, governance, and implementation questions covered in this blog.

If your financial institution is working through similar questions, or if you are interested in learning more about our solutions, please reach out below.

Share a few details and we will follow up to continue the conversation.

Reach Out to Matt

Send your name, business email, and any short notes or questions.

We do not sell or share your information.

The Next Blog

Business Outcomes and Compliance Questions

The next blog will focus on business outcomes and compliance questions. I’m covering them together rather than splitting them up, since I think they’re better understood side by side. That does mean the next one will run a bit longer.

Thank you for following along, and I look forward to sharing more on this topic.

Author

About the Author

Matt Scarborough

CEO and Co-Founder

Matt Scarborough is the CEO and Co-Founder of Bridgeforce Data Solutions, a RegTech SaaS company helping financial institutions, credit unions, and fintech lenders improve credit reporting accuracy and automate dispute resolution. Since co-founding the company in 2016, Matt has helped lead the development of industry-leading solutions built around the complexities of Metro 2® data, credit bureau disputes, and regulatory compliance.

More recently, he has guided the team on the thoughtful development of new optional AI capabilities designed to help clients address these challenges more effectively.

Matt is an active speaker on AI applications in credit reporting and compliance, including sessions connected to the AI-Native Banking & FinTech Conference, ACU’s Regulatory Compliance School, and CDIA Connect. His talks focus on practical AI implementation, iterative deployment, and regulatory alignment in consumer credit and dispute management.

Related speaking-session articles

Complaint monitoring and regulatory change New AI findings from ACU FCRA, dispute abuse, and AI insights

Frequently Asked Questions

Can AI tools be trusted to keep credit data secure?
Yes, when deployed inside an already-secure environment with the right architecture. At Bridgeforce Data Solutions, we use Amazon Bedrock to keep data within our AWS environment and include all AI inputs and outputs in our PCI-DSS and SOC 2 audits. The security of an AI solution depends as much on the surrounding infrastructure as on the model itself.
What’s the most important question to ask an AI vendor about data security?
Not “What model are you using?” but “What access are model providers getting to my data, and how are they using it?” The best way to prevent LLM providers from using your data is to ensure they never receive it. Architectures like Amazon Bedrock let you use leading models while keeping data inside your own secure perimeter.
How do you keep an AI solution from acting outside its intended scope?
Through narrow design, limited permissions, and request-based operation. Our AI solutions are narrowly focused, sometimes read-only, and only act when called upon, which makes the “kill switch” as simple as ceasing requests. Solutions with greater agency carry significantly higher inherent risk and are harder to contain.