AI is transforming the way accounting firms operate, but it's also creating new cybersecurity risks. From phishing scams to deepfakes, these threats exploit sensitive financial data, putting firms at financial and regulatory risk. Here's a quick rundown of the key dangers:
- AI-Enhanced Phishing: Sophisticated, personalized phishing emails with a 60% higher success rate.
- Deepfake Impersonation: Fake voices or videos used to authorize fraudulent transactions.
- Credential Stuffing: Automated attacks using stolen credentials to access sensitive systems.
- Data Poisoning: Corrupting AI models to bypass fraud detection or generate false reports.
- Prompt Injection: Manipulating AI tools to perform unintended actions, like unauthorized payments.
- AI-Powered Ransomware: Faster and more targeted attacks on financial data.
- Third-Party AI Risks: Vulnerabilities in AI tools and vendor supply chains.
Quick Comparison
| Threat | Primary Risk | Potential Cost | Key Defense |
|---|---|---|---|
| AI-Enhanced Phishing | Credential theft, fraud | $5.56M per breach | Email authentication, MFA |
| Deepfake Impersonation | Fraudulent wire transfers | $25M+ documented cases | Verbal passphrases, dual approval |
| Credential Stuffing | Account takeovers | $4.4M per breach | Zero Trust, FIDO2 keys |
| Data Poisoning | Corrupted AI decision-making | Litigation risks | Audits, anomaly detection |
| Prompt Injection | Misuse of AI systems | Variable | Access limits, human oversight |
| AI-Powered Ransomware | Data encryption/extortion | $5.08M per attack | Backups, endpoint detection |
| Third-Party AI Risks | Vendor-related breaches | $46K per infraction | Vendor audits, data usage policies |
Accounting firms must act now by updating security protocols, training staff, and implementing advanced safeguards like FIDO2 keys and Zero Trust frameworks. Staying ahead of these threats is critical to protect sensitive client data and ensure compliance.
7 AI Cybersecurity Threats for Accounting Firms: Risks, Costs & Defenses
3 AI Cyber Threats Hitting CPA Firms
sbb-itb-17e8ec9
1. AI-Enhanced Phishing and Business Email Compromise
AI is now taking phishing attacks to a whole new level by creating emails that perfectly mimic trusted contacts. As the CybelAngel REACT Team bluntly stated: "The 'poorly written email equals phishing' filter is obsolete."
What makes these attacks so dangerous is their level of personalization. Cybercriminals are using information from LinkedIn, company websites, and public records to reference real projects and use internal terminology. The result? Emails that feel completely authentic because they’re tailored to the recipient. In fact, AI-generated phishing emails have a 60% higher click rate than traditional ones. Phishing also remained the top method for initial access in Q1 2026, responsible for 35% of all compromises.
For accounting firms, the financial risks are massive. Business email compromise (BEC) alone caused nearly $2.8 billion in losses in 2024. During tax season, a successful attack could redirect wire transfers, change vendor payment instructions, or even compromise tax software like Drake or Lacerte. Stolen credentials can also be used to file fraudulent returns under a firm’s Electronic Filing Identification Number (EFIN), potentially leading to an IRS suspension that could shut down the entire operation.
Even multi-factor authentication (MFA), once a reliable safeguard, is no longer foolproof. Advanced Adversary-in-the-Middle (AiTM) tools like Tycoon2FA and EvilProxy can intercept authentication tokens in real-time, bypassing SMS or app-based MFA entirely. For example, between April 14 and 16, 2026, one campaign using "Code of Conduct" themed PDF lures and multi-stage Cloudflare CAPTCHAs targeted over 35,000 users across 13,000 organizations to steal session tokens.
"Identity is a huge, huge target. As an adversary, I don't want to use an exploit. I would much rather compromise your email account or compromise your credentials." - Nick Biasini, Senior Technical Leader, Cisco Talos
To counter these threats, firms need to combine advanced technology with strict processes. Upgrading to FIDO2 hardware security keys (like YubiKeys) is a must. These keys are tied cryptographically to the legitimate domain, making them immune to proxy-based attacks. Additionally, any request to change banking details or authorize a wire transfer should always be verified using a trusted phone number - not the contact information provided in the email. Enforcing email authentication protocols such as DMARC, DKIM, and SPF can also help prevent attackers from spoofing the firm’s domain to trick clients.
Next, we’ll dive into how deepfake voice and video impersonation are adding another layer of complexity to verifying executive and client identities.
2. Deepfake Voice and Video Impersonation of Executives and Clients
While phishing scams rely on text to deceive, deepfakes take manipulation to another level by targeting what we see and hear. Imagine this: with just 3 seconds of audio - perhaps from a public speech or interview - cybercriminals can clone a CFO's voice. That cloned voice can then be used in real time to authorize fraudulent wire transfers. The cost to create such a voice clone? Under $2. The potential financial loss? Easily in the millions.
The statistics paint a chilling picture. Deepfake-related fraud cases skyrocketed from a mere 0.1% in 2022 to an estimated 6.5% by 2025 - a staggering 2,137% jump. In North America alone, deepfake-enabled fraud caused over $200 million in losses in the first quarter of 2025. And by 2027, generative AI fraud - largely driven by deepfakes - is expected to reach $40 billion in the U.S.. Accounting firms are particularly vulnerable, given their access to sensitive financial data and authority over client payments.
One of the most shocking examples of deepfake exploitation happened in January 2024. A finance employee at Arup, a global engineering firm, joined a video call where the CFO and several colleagues were present - or so it seemed. In reality, every participant except the employee was a deepfake, created using publicly available footage. The employee, completely unaware, authorized the transfer of $25.6 million (HK$200 million) across 15 transactions.
"Deepfakes sounds very glamorous, but what does that actually really mean? It means someone successfully pretended to be somebody else, and they used technology to enable them to do that." - Rob Greig, Global Chief Information Officer, Arup
What makes these attacks so devastating is the psychological finesse behind them. Fraudsters often start with a spoofed email, follow it up with a convincing voice call using a cloned voice, and then seal the deal with a brief video appearance. Each layer builds credibility, making the scam seem like a routine interaction. This is especially dangerous during high-pressure times like tax season, when employees may rush through verification steps to meet deadlines.
The strongest defenses against these attacks are rooted in processes rather than technology. Here are some key measures:
- Use rotating, verbally communicated passphrases between executives and staff.
- Always verify transfer requests with a callback to a pre-registered number, ignoring any new contact numbers provided.
- Require dual authorization for transfers exceeding $25,000, with approvals from two independent individuals through separate channels.
- During video calls, ask participants to perform spontaneous actions, like turning their head or showing a physical ID, to expose potential deepfake overlays.
- Regularly audit and minimize your firm's public online presence, removing unnecessary media of executives to limit data available for deepfake creation.
"Skepticism is not something that you set and forget. It's constantly changing and acclimating based on the circumstances. You just can't get complacent." - Jonathan T. Marks, Partner, BDO Forensic Accounting & Regulatory Compliance
Up next, we’ll delve into how AI-driven credential stuffing amplifies these risks.
3. AI-Driven Credential Stuffing and Account Takeover
AI has transformed the landscape of cyberattacks, and credential stuffing is a prime example of how automation has supercharged account takeovers. These attacks exploit stolen credentials to bypass traditional defenses. As Nathaniel Jones, VP of Security & AI Strategy at Darktrace, explained: "Traditional perimeter defenses were built for a world where attackers had to break in. Today they simply log in."
The numbers paint a grim picture. In 2025, account compromise incidents skyrocketed by 389% compared to the previous year. Stolen or misused credentials now account for nearly 70% of cyber incidents in the Americas. For industries like accounting, a single compromised account can wreak havoc - exposing client records, enabling unauthorized transfers, running payroll fraudulently, or even accessing sensitive tax software.
AI has amplified the sophistication of these attacks. Tools like Kali365 and EvilTokens automate token interception, allowing attackers to maintain access without triggering additional multi-factor authentication (MFA). Meanwhile, Phishing-as-a-Service (PhaaS) kits are behind 63% of account compromises. AI-powered reconnaissance tools further refine these attacks by scraping platforms like LinkedIn to identify employees with wire transfer authority or access to sensitive systems.
Adam Meyers, Senior Vice President of Counter Adversary Operations at CrowdStrike, summed up the simplicity of these tactics:
"Who needs a zero day if all you have to do is call the help desk and say, 'I forgot my password'?"
The financial and compliance risks associated with these breaches are staggering. For instance, a compromised EFIN (Electronic Filing Identification Number) could allow attackers to file fraudulent tax returns, potentially triggering IRS investigations. Non-compliance with regulations like the FTC Safeguards Rule or IRS Publication 4557 could result in fines of up to $100,000 per violation. And with the average cost of a data breach in financial services reaching $6.08 million in 2025, the stakes are higher than ever.
To mitigate these risks, firms must take proactive steps:
- Disable the OAuth device code flow in Microsoft Entra ID.
- Transition from SMS-based MFA to FIDO2 hardware security keys.
- Require out-of-band verification for high-risk actions like credential resets or payment approvals.
Additionally, adopting Zero Trust access controls can significantly reduce the damage caused by compromised accounts. These measures are no longer optional - they’re essential for staying ahead of evolving threats.
4. Data Poisoning and Integrity Attacks on AI Accounting Models
Most cyberattacks aim to infiltrate systems from the outside. Data poisoning flips the script - it corrupts AI from within, subtly distorting its accuracy before anyone notices. Apostol Vassilev, Ph.D., a researcher at NIST, highlights the severity of this threat:
"Poisoning attacks – induce failures when poisoning only ~0.001% of data. Large‑scale poisoning is feasible!"
The scale of the attack doesn't have to be massive to cause chaos. Injecting just 3% of poisoned data can spike fraud detection error rates from 3% to 24%. For accounting firms, this means fraudulent transactions might slip through undetected, credit risks could be misclassified, and financial reports might end up riddled with inaccuracies.
The methods attackers use vary, but the results are consistently damaging. For instance:
- Label flipping involves mislabeling fraudulent entries as legitimate, tricking the system into accepting them.
- Backdoor attacks embed hidden triggers that remain dormant until a specific condition - like a vendor name or account pattern - activates malicious behavior.
- Memory poisoning, a newer technique, embeds adversarial instructions into an AI agent’s persistent storage. These instructions survive session resets and even model updates, leading researchers to dub it "poison once, exploit forever".
Firms relying on Retrieval-Augmented Generation (RAG) systems face particularly high risks. An attacker can achieve a 90% success rate by injecting just five malicious documents into a knowledge base containing millions of records. In such cases, an AI accounting assistant might confidently report fabricated revenue figures or incorrect quarterly data - errors that seem credible and are tough to detect without thorough cross-checking.
These attacks don’t just compromise model performance - they also create serious compliance headaches. In 2024, financial institutions faced a 150% increase in AI-related fines due to algorithmic bias and transparency issues. Meanwhile, changes like the PCAOB’s reduced audit documentation assembly window (from 45 days to 14 days) leave firms with less time to catch and fix issues in AI-generated records.
To minimize these risks, firms should take proactive steps:
- Maintain a Machine Learning Bill of Materials (ML-BOM) to track every dataset used in training.
- Use statistical anomaly filters to screen data before it enters the pipeline.
- Enforce strict rules to prevent AI agents from writing to persistent memory during routine tasks.
| Attack Type | How It Works | Risk to Accounting Firms |
|---|---|---|
| Label Flipping | Fraudulent data is mislabeled as legitimate | Anti-money laundering (AML) and fraud filters fail |
| Backdoor Attack | Hidden triggers activate malicious outputs | Specific accounts or vendors bypass fraud detection |
| Memory Poisoning | Adversarial instructions corrupt persistent storage | All future AI sessions are compromised |
| RAG Injection | Malicious documents added to knowledge bases | AI produces false financial reports as credible data |
5. Prompt Injection and Model Misuse in Financial Workflows
Prompt injection manipulates an AI's behavior by sneaking harmful commands into the data it processes. This attack takes advantage of the fact that large language models (LLMs) struggle to differentiate between legitimate system commands and malicious instructions hidden in things like invoices, emails, or web pages.
This vulnerability manifests in two primary ways. Direct injection happens when someone deliberately types harmful commands into an AI interface - like an insider trying to bypass security controls. Indirect injection, on the other hand, involves embedding malicious commands into documents or data that the AI later accesses without direct user interaction. This second type is particularly concerning for systems that operate with a degree of autonomy.
"Indirect prompt injection is fundamentally different. The attacker never interacts with the AI directly. They plant instructions in data the AI will later retrieve."
The risks become even more serious with agentic AI - systems that don’t just answer questions but can autonomously access files, send emails, or even process payments. If such a system were compromised, it could be manipulated into approving unauthorized transactions or leaking sensitive data, such as tax records. Prompt injection highlights how attackers exploit AI's inherent trust in the data it processes, creating major challenges for accounting firms. For instance, in May 2026, CERT/CC disclosed four CVEs (VU#221883) related to the CrewAI multi-agent framework, showing how a single prompt injection in the Code Interpreter could escalate into remote code execution on the host system. That same month, Microsoft addressed a critical flaw (CVE-2026-32173, CVSS 8.6) in the Azure SRE Agent, where an unauthenticated WebSocket endpoint allowed any Entra ID user to listen in on live cloud operations.
"The impact scales with AI privilege. A browser AI that can only summarize is low-risk. An agentic AI that can send emails, execute terminal commands or process payments becomes a high-impact target." - Mayur Sewani, Senior Security Researcher, Forcepoint
Prompt injection has consistently ranked as the top vulnerability in the OWASP Top 10 for LLM Applications since 2025. HackerOne reported a staggering 540% increase in prompt injection vulnerability reports in 2025, yet only 34.7% of organizations deploying AI had implemented defenses against these attacks. For accounting firms, practical measures include limiting access privileges (e.g., ensuring an agent that reads invoices cannot also approve payments), requiring human approval for critical actions like wire transfers, and treating all external content - emails, PDFs, or web pages - as potentially unsafe. Automated defenses, such as classifier models, can detect injection attempts with over 95% accuracy, making them an effective first layer of protection.
| Injection Type | How It Enters the System | Risk to Accounting Firms |
|---|---|---|
| Direct | User types commands into the AI chat | Internal misuse, policy bypass |
| Indirect | Hidden in invoices, emails, or web pages | Unauthorized payments, data exfiltration |
| Stored | Embedded in databases or knowledge bases | Cross-session persistence, corrupted records |
| Multimodal | Concealed in image metadata or audio files | Manipulation via scanned receipts or invoices |
6. AI-Powered Ransomware Targeting Financial Data
Ransomware attacks are becoming faster and more precise, thanks to AI. Cybercriminals now automate their reconnaissance efforts, using tools to scan public profiles, EDGAR filings, and other records to identify key targets and typical wire transfer amounts. Once a target is identified, encryption can be completed in as little as 3–5 minutes. This speed and precision have opened the door to increasingly aggressive tactics.
"AI is serving as a force multiplier for ransomware groups by accelerating malicious code creation, improving social engineering campaigns and increasing attack speed and precision." - Cybersecurity Insiders
Accounting firms are particularly vulnerable. A single breach can compromise sensitive client data, including Social Security numbers, bank statements, and tax returns. In 2025 alone, the Financial Services sector reported 340 confirmed ransomware incidents. The financial toll is staggering, with the average cost per attack reaching $5.08 million. For mid-size CPA firms, ransom demands typically ranged from $50,000 to $250,000, and shockingly, firms that pay often find themselves targeted again within a week.
The rise of "Ransomware 2.0" has introduced triple extortion tactics. Attackers not only encrypt and exfiltrate data but also use AI to directly contact clients and regulators. A notable example occurred in April 2026, when the group SilentRansomGroup listed an accounting firm on its dark web leak site, showcasing a successful exfiltration and extortion campaign. Similarly, in 2025, North Korea's Moonstone Sleet adopted the Qilin ransomware platform to target smaller organizations, blending financial crime with geopolitical motives.
"The human filter that once served as your last line of defense is now being deliberately engineered around." - Mike Marlow, President & Founder, Information Systems of Montana
Accounting practices, often classified as financial institutions under the FTC Safeguards Rule, are required to maintain formal written security programs. Failure to demonstrate compliance during an attack can lead to severe consequences, including denied insurance claims, FTC fines of $46,000 per infraction, IRS referrals, and lawsuits from affected clients.
To counter these threats, firms must bolster their defenses. Key measures include deploying managed Endpoint Detection and Response tools, maintaining immutable offsite backups with biannual test restores, and using pre-shared verbal passphrases for wire transfers over $10,000. Additionally, phishing-resistant multi-factor authentication, such as FIDO2 hardware keys like YubiKey, can help protect against credential theft and other AI-driven attacks.
7. Third-Party AI Vendor and Supply Chain Risks
Third-party integrations in AI tools bring additional challenges on top of AI-specific threats. Each new tool an accounting firm adopts introduces a potential weak spot, creating risks throughout the vendor chain. These risks don't stop with the tool itself - they extend to the vendor's entire network of sub-processors and infrastructure partners. This is often referred to as extended supply chain risk, and most firms lack visibility into these layers. This makes it critical to carefully evaluate vendor practices.
Uploading sensitive client data to generative AI tools can present compliance issues. For instance, it may breach the AICPA Confidential Client Information Rule if the vendor's terms allow them to use that data for model training or improvement. Many vendors enable this by default unless explicitly restricted by contract. As noted by Nexairi Accounting Desk:
"If a vendor cannot clearly explain client data handling, do not upload sensitive data." - Nexairi Accounting Desk
Vendor reliability is another concern. In March 2026, OpenAI abruptly shut down its Sora platform after only 15 months, leaving businesses scrambling to adjust their workflows. That same month, the U.S. Department of Defense flagged Anthropic, the creator of the Claude AI model, as a supply chain risk. This forced government contractors and their partners to immediately review their use of the model. For accounting firms, such events can disrupt critical operations overnight.
"The question is no longer simply 'Is this vendor secure?' It is 'Do we understand the DNA of the intelligence we are deploying?'" - TrustArc
Another layer of risk comes from shadow AI - when employees use unauthorized AI tools and share sensitive client data without proper safeguards. Monitoring API token usage and billing patterns is one way to detect shadow AI early. Firms should also enforce strict policies, such as prohibiting the use of client data unless the vendor provides written guarantees about data deletion, subprocessor access, and exclusions from model training. Establishing clear due diligence criteria is essential for effective vendor evaluation. The table below highlights key factors to consider:
| Due Diligence | Green Flag | Red Flag |
|---|---|---|
| Model Training | Explicit opt-out of client data for training | Vague clauses about "improvements" |
| Data Retention | Clear policies on retention and deletion periods | No stated policy |
| Subprocessors | Named list with defined access limitations | Generic "see our vendor list" |
| Audit Trail | Detailed logs of AI usage on client records | No access to logs |
Compliance adds another layer of urgency. Regulations like the FTC Safeguards Rule and IRS Publication 4557 require accounting firms to maintain a Written Information Security Plan (WISP) that includes third-party service providers. Skipping vendor due diligence doesn't just increase security risks - it also exposes firms to compliance penalties. For example, the FTC can impose fines of $46,000 per infraction.
Comparison Table
AI threats come with varying levels of financial impact, regulatory concerns, and difficulty in detection. The tables below outline these differences, providing a clearer picture for prioritizing defenses.
| AI Threat | Primary Target | Estimated Financial Impact (USD) | Regulatory Exposure | Recommended Controls |
|---|---|---|---|---|
| AI-Enhanced Phishing/BEC | Junior staff, payroll teams | ~$5.56M average industry breach | IRS Pub. 4557, FTC Safeguards Rule | DMARC/SPF/DKIM, AI-based email filtering, MFA |
| Deepfake Impersonation | Finance leads, CFOs, partners | $25M+ in documented cases | GLBA, state privacy laws | Code words, multi-person wire approval, independent callbacks |
| Credential Stuffing/ATO | Client portals, email systems | Part of $4.4M average breach cost | FTC Safeguards Rule | MFA, biometrics, Zero Trust access |
| Data Poisoning/Integrity | Audit trails, AI models | High - primarily litigation liability | AICPA professional standards | Human review checkpoints, rigorous internal audits |
| Prompt Injection | Internal AI workflows, firm data | Variable - data leakage risk | FTC Safeguards Rule, data privacy laws | Strict instruction/data delineation in prompts |
| AI-Powered Ransomware | Tax databases, financial records | High - extortion plus recovery costs | IRS Pub. 4557, GLBA | Immutable isolated backups, EDR (~$60–$70/device/year) |
| Third-Party AI Risks | Supply chain, SaaS platforms | $46,000 per FTC infraction | GLBA, SOC 2, GDPR | Vendor SOC 2 Type II audits, patching SLAs, contract data protections |
Internal vulnerabilities, such as employee misuse or unauthorized AI tools, differ significantly from third-party breaches. The following table compares these two types of risks, focusing on their sources, defenses, and regulatory implications.
| Risk Factor | Internal AI Risks | Third-Party AI Risks |
|---|---|---|
| Source of Threat | Employee misuse, shadow AI, prompt injection | Vendor breaches, supply chain flaws, shared infrastructure |
| Primary Defense | Staff training, WISP, usage policies | SOC 2 Type II audits, due diligence, contractual protections |
| Data Control | High - firm-managed environments | Low - data resides in vendor cloud |
| Regulatory Driver | ICFR, AICPA professional standards, COSO | FTC Safeguards Rule, SEC fiduciary duty, GLBA |
| Liability | Direct professional liability for signed-off work | Non-delegable - firm remains responsible even if the vendor fails |
It’s important to note that the SEC holds firms accountable for breaches, regardless of whether they originate from phishing attempts, vendor issues, or unauthorized employee actions.
"An adviser cannot discharge fiduciary duty by delegating judgement to an AI tool - the adviser remains responsible for the recommendation." - SEC Staff Guidance
To mitigate risks effectively, prioritize controls based on the specific threat's potential impact and the compliance requirements tied to it.
Conclusion
The seven threats discussed in this article - from AI-driven phishing scams and deepfake impersonations to ransomware attacks and supply chain weaknesses - all take advantage of gaps in governance, human decision-making, and verification systems.
AI-generated fraud is expected to cause $40 billion in damages in the U.S. by 2027. This forecast highlights the pressing need to rethink technical safeguards and workplace practices.
For accounting firms, this means more than just adopting new technologies. There’s a cultural shift required as well. Cybersecurity must remain a top leadership priority. Key actions include updating your Written Information Security Plan (WISP) to address AI-related risks, replacing annual training with shorter, quarterly sessions, and implementing phishing-resistant multi-factor authentication across client portals, email accounts, and tax systems.
Governance should focus on managing AI usage rather than outright banning it. With 90% of employees reportedly using personal AI tools, blocking these tools outright could push their use into unregulated spaces. Instead, firms should establish a formal AI policy, define clear usage guidelines, and maintain an inventory of all AI tools in use - including those embedded within current software - to address potential blind spots caused by unmonitored AI use.
Above all, human oversight remains a key line of defense. As Satish Lalchand, Principal at Deloitte, aptly noted:
"You're only as strong as the weakest link in your organization."
While technical safeguards are necessary, a vigilant and well-trained team - one that verifies wire transfers through trusted phone channels - can be one of the most effective barriers against AI-driven threats.
FAQs
What’s the first AI-driven security control an accounting firm should implement?
For accounting firms, robust access control is the cornerstone of effective security. It starts with managing who has permission to log in, keeping tabs on which devices are being used, and tracking where connections originate. Without these basic safeguards, other security measures lose much of their effectiveness.
Once this foundation is in place, additional layers of protection should follow. These include multi-factor authentication to add an extra barrier against unauthorized access, DNS filtering to block malicious websites, and regular staff training to prepare employees for evolving threats like AI-driven attacks and deepfake scams. Together, these steps create a more secure environment for sensitive financial data.
How can we verify wire transfer requests if voice and video can be faked?
To ensure the security of wire transfer requests in an era where deepfakes are a growing concern, avoid depending on voice or video for identity verification. Instead, use out-of-band verification, which involves confirming requests through a separate, secure channel that attackers can't infiltrate. For larger transfers, add extra layers of security, such as callbacks to pre-registered phone numbers, verified messages, or even in-person approvals. Additionally, establish multi-person approval workflows to minimize the risks associated with compromised communication channels.
How can we prevent staff from leaking client data into unauthorized AI tools (shadow AI)?
To prevent sensitive data from leaking into unauthorized AI tools, it's essential to emphasize behavioral governance alongside proactive safeguards. Offering secure, enterprise-grade AI solutions with features like non-training agreements and audit capabilities can also help maintain control.
Here’s how to tackle the issue effectively:
- Establish clear policies that outline approved tools and specify data types that are off-limits, such as personally identifiable information (PII) or financial records.
- Deploy endpoint controls to track and manage AI usage, especially for tools that operate outside standard browser environments.
- Use real-time data loss prevention (DLP) systems to immediately block attempts to share sensitive information.
These steps create a safer framework for managing AI tools while protecting critical data.
