Artificial intelligence is reshaping the threat landscape for financial institutions and accelerating the pace of cyber crime, and Wells Fargo now sees people rather than systems as the most exposed part of the bank’s defensive perimeter. 

That is the message from Sarah Gosler, the bank’s head of cyber human defense, who said AI has lowered the barrier to entry for attackers and made cybersecurity an enterprise wide challenge.

Gosler joined Wells Fargo earlier this year after leading similar programmes at BNY. She said the evolution of cyber threats over the past three decades has transformed the sector’s priorities. 

In the nineties, cyber was framed as a government espionage concern. In the 2000s, it became an IT domain. In the 2010s, it emerged as a business issue. Today, she said, it affects everyone in an organisation regardless of role or seniority.

Speaking to banking Dive, Gosler warned that cyber-crime is expected to impose an economic impact of more than ten trillion dollars this year, driven largely by AI systems that allow criminals to target victims at scale with convincing, automated content. 

The old era of obviously fraudulent emails is over, she said, replaced by sophisticated psychological manipulation.

Around ninety five percent of successful breaches stem from human behaviour rather than purely technical flaws, according to Gosler. That reality has pushed banks to increase their focus on cyber human defense, an area that examines how employees recognise threats, interpret signals and respond to unusual activity.

She said that while technical controls remain vital, people form the largest attack surface for any organisation. 

Social engineering techniques exploit this directly, blending technology with behavioural manipulation. That trend has intensified with the rise of deepfakes, voice spoofing and synthetic identities.

Gosler’s remit at Wells Fargo spans awareness, training and communication, focusing on making cyber education accessible to non specialists. 

She said the challenge is translating technical concepts into plain language so employees understand the risks and know how to protect themselves.

Her team also trains the organisation to identify phishing, voice phishing and deepfakes. 

The bank runs immersive cyber war gaming sessions, adapted from military practice, that simulate incidents and pressure executives to make rapid decisions. 

These exercises take place in what she calls a safe to fail environment, where teams can stress test processes without real world consequences.

Wells Fargo is also extending support to clients by offering elements of its cyber advisory programme as a value add service. Gosler said she recently partnered on a social media campaign aimed at helping the public recognise banking scams.

On the threat side, she said financial institutions remain acutely aware of nation state activity, including attempts by adversaries to infiltrate firms with false identities. She also emphasised the importance of understanding the entire vendor chain. 

The recent CrowdStrike incident was not a cyberattack, but it underscored how third party failures can cascade into wider operational risk. Banks must also consider fourth party and nth party exposures.

AI is not only a tool for attackers. Gosler said Wells Fargo uses it defensively for activities such as automated perimeter scanning and rapid incident detection. The bank also uses AI creatively in its training programmes. 

For Cyber Awareness Month, her team used AI to generate an immersive spy novel themed field guide to engage staff.

She said maintaining engagement is essential to avoid security fatigue. Training must be relevant, interesting and empowering rather than punitive. Cybersecurity, she argued, should help people protect themselves both at work and at home.

Gosler believes that collaboration across the industry is strong and will be increasingly necessary. Large financial institutions and government teams are already sharing information and working together to anticipate the next generation of threats.

She said the mission now is to evolve at the pace of attackers and to ensure that every person in a bank understands the role they play in its defence.