Skip to content

Commit ef97ccd

Browse files
committed
feat: upgrade SAFE-UC-0011 (Banking virtual assistant) from seed to full draft
Seven-stage kill chain with novel stages for identity / step-up auth bypass, unauthorized action authorization, and disclosure / advice failure. SAFE-MCP mapping covers 20 techniques. Evidence spans OWASP LLM Top 10, NIST AI 600-1, CFPB Chatbots in Consumer Finance, FFIEC authentication guidance, NIST SP 800-63B, GLBA Safeguards Rule, Regulation E, and public precedents including the Air Canada Civil Resolution Tribunal decision. Crosswalk promoted to draft with fintech-inclusive NAICS coverage. Signed-off-by: arjunastha <arjun@astha.ai>
1 parent 3862e8e commit ef97ccd

3 files changed

Lines changed: 685 additions & 22 deletions

File tree

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -82,7 +82,7 @@ Quick contributor workflow:
8282
| [SAFE-UC-0008](use-cases/SAFE-UC-0008/) | Over-the-air vehicle software update orchestration | [Manufacturing (31–33)][naics-31-33] | Seed |
8383
| [SAFE-UC-0009](use-cases/SAFE-UC-0009/) | Manufacturing line visual inspection assistant | [Manufacturing (31–33)][naics-31-33] | Seed |
8484
| [SAFE-UC-0010](use-cases/SAFE-UC-0010/) | In-vehicle voice assistant for local controls | [Manufacturing (31–33)][naics-31-33] | Seed |
85-
| [SAFE-UC-0011](use-cases/SAFE-UC-0011/) | Banking virtual assistant | [Finance and Insurance (52)][naics-52] | Seed |
85+
| [SAFE-UC-0011](use-cases/SAFE-UC-0011/) | Banking virtual assistant | [Finance and Insurance (52)][naics-52] | Draft |
8686
| [SAFE-UC-0012](use-cases/SAFE-UC-0012/) | Interactive fraud alert & card controls assistant | [Finance and Insurance (52)][naics-52] | Seed |
8787
| [SAFE-UC-0013](use-cases/SAFE-UC-0013/) | Virtual card number generation & checkout assistant | [Finance and Insurance (52)][naics-52] | Seed |
8888
| [SAFE-UC-0014](use-cases/SAFE-UC-0014/) | Digital dispute/chargeback intake assistant | [Finance and Insurance (52)][naics-52] | Seed |

use-cases.naics2022.crosswalk.json

Lines changed: 71 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -132,15 +132,84 @@
132132
{
133133
"id": "SAFE-UC-0011",
134134
"title": "Banking virtual assistant",
135-
"status": "seed",
135+
"status": "draft",
136+
"maturity": "draft",
136137
"repo_path": "use-cases/SAFE-UC-0011/README.md",
137138
"naics_2022": [
138139
{
139140
"code": "52",
140141
"name": "Finance and Insurance"
142+
},
143+
{
144+
"code": "522",
145+
"name": "Credit Intermediation and Related Activities"
146+
},
147+
{
148+
"code": "5221",
149+
"name": "Depository Credit Intermediation"
150+
},
151+
{
152+
"code": "5222",
153+
"name": "Nondepository Credit Intermediation"
141154
}
142155
],
143-
"summary": "Banking assistant for account info, troubleshooting, and guided actions with strong authentication and disclosure controls."
156+
"summary": "Consumer-facing conversational AI deployed by banks, credit unions, neobanks, and fintechs for account queries, transfers, card controls, disputes, and guided product discovery. Primary risks: customer impersonation and social engineering, regulated-data disclosure, unauthorized action authorization, step-up authentication bypass, and hallucinated disclosures or advice.",
157+
"workflow_family": "Consumer-facing financial services",
158+
"operating_modes": [
159+
"manual",
160+
"hitl",
161+
"autonomous"
162+
],
163+
"tags": [
164+
"banking",
165+
"consumer-facing",
166+
"conversational-ai",
167+
"step-up-auth",
168+
"regulated-disclosure",
169+
"social-engineering"
170+
],
171+
"evidence": [
172+
{
173+
"label": "OWASP Top 10 for LLM Applications (2025)",
174+
"url": "https://genai.owasp.org/llm-top-10/"
175+
},
176+
{
177+
"label": "NIST AI 600-1 — AI Risk Management Framework: Generative AI Profile (July 2024)",
178+
"url": "https://nvlpubs.nist.gov/nistpubs/ai/NIST.AI.600-1.pdf"
179+
},
180+
{
181+
"label": "CFPB — Chatbots in consumer finance Issue Spotlight (June 2023)",
182+
"url": "https://www.consumerfinance.gov/data-research/research-reports/chatbots-in-consumer-finance/"
183+
},
184+
{
185+
"label": "FFIEC — IT Examination Handbook: Information Security booklet",
186+
"url": "https://ithandbook.ffiec.gov/it-booklets/information-security/"
187+
},
188+
{
189+
"label": "NIST SP 800-63B — Digital Identity Guidelines: Authentication and Lifecycle Management",
190+
"url": "https://pages.nist.gov/800-63-3/sp800-63b.html"
191+
},
192+
{
193+
"label": "FTC — Safeguards Rule: What Your Business Needs to Know (GLBA, 16 CFR Part 314)",
194+
"url": "https://www.ftc.gov/business-guidance/resources/ftc-safeguards-rule-what-your-business-needs-know"
195+
},
196+
{
197+
"label": "CFPB — Regulation E (Electronic Fund Transfer Act, 12 CFR 1005)",
198+
"url": "https://www.consumerfinance.gov/rules-policy/regulations/1005/"
199+
},
200+
{
201+
"label": "Bank of America — BofA's Erica Surpasses 2 Billion Interactions (April 2024)",
202+
"url": "https://newsroom.bankofamerica.com/content/newsroom/press-releases/2024/04/bofa-s-erica-surpasses-2-billion-interactions--helping-42-millio.html"
203+
},
204+
{
205+
"label": "Klarna — AI assistant handles two-thirds of customer service chats in its first month (February 2024)",
206+
"url": "https://www.klarna.com/international/press/klarna-ai-assistant-handles-two-thirds-of-customer-service-chats-in-its-first-month/"
207+
},
208+
{
209+
"label": "BBC Travel — Airline held liable for its chatbot giving passenger bad advice (Air Canada Civil Resolution Tribunal ruling, February 2024)",
210+
"url": "https://www.bbc.com/travel/article/20240222-air-canada-chatbot-misinformation-what-travellers-should-know"
211+
}
212+
]
144213
},
145214
{
146215
"id": "SAFE-UC-0012",

0 commit comments

Comments
 (0)