Back to List

AIFT’s Vulcan Sets its Eyes on Empowering Hong Kong banks with GenAI Red Teaming & Security Expertise, under the AI Risk Management Framework of HKMA’s GenAI Sandbox

|

AIFT’s Vulcan Sets its Eyes on Empowering Hong Kong banks with GenAI Red Teaming & Security Expertise, under the AI Risk Management Framework of HKMA’s GenAI Sandbox

The Hong Kong Monetary Authority (HKMA), in collaboration with the Hong Kong Cyberport Management Company Limited (Cyberport), announced the launch of the second cohort of the Generative Artificial Intelligence (GenA.I.) Sandbox initiative on 28 April, 2025. Following the experience sharing from participating banks of first cohort at the launch, AIFT was joined by prominent speakers from HKUST, AWS and Alibaba at the panel themed “Expert Sharing: Risk Management of AI” to discuss on the opportunities and risks of Generative AI (GenAI) in the banking sector, highlighting the do’s and don’ts for an effective risk management strategy.

Many of the GenAI proof-of-concepts (POCs) today in Hong Kong banks evolve around enhancing internal productivity, such as summarizing market research & generating reports, and external-facing smart assistants for customer support and sales. Lettie Sin, Director of Strategy & Client Successat AIFT Enterprise, began by stating that where standard security controls and GenAI-specific development techniques including Retrieval Augmented Generation (RAG) and guardrails are in place, such measures may not fully address the vulnerabilities in Large Language Models (LLM) or GenAI systems. Attackers are consistently introducing new techniques to bypass guardrails through prompt injection, data poisoning and model manipulation. Insufficient understanding of GenAI-specific risks and inability to circumvent such vulnerabilities will lead to serious consequences for regulated institutions, including severe data leakage, reputational harm, or operational disruption.

GenAI demands specialized adversarial testing to uncover novel prompt, data, and model-specific exploits that classic methods never probe. Aligning with HKMA’s AI Risk Management framework, AIFT’s Vulcan provides enterprises a holistic and sustainable solution for adopting GenAI with security, safety and compliance with four focuses: 

  1. Dynamic Cybersecurity Testing: A combination of proprietary vulnerability scanning tools and penetration test expertise are used to simulate adversarial attacks on the GenAI application through the frontend and identify vulnerabilities lying within the infrastructure & network  
  2. A.I. vs A.I.: Multiple LLM agents are deployed to perform Red Teaming on the GenAI prompt layer: a Test Agent for automated test cases generation, a Simulation agent for Red Teaming, and an Evaluation agent to determine the prompt outputs received as Pass/Fail (LLM-as-a-Judge)
  3. Automated Monitoring: Vulcan continuously monitors all user inputs and LLM-generated outputs flowing through your GenAI app, and visualizes incidents for real-time detection and response
  4. Adaptive Guardrails: Vulcan comes with a fully customizable policy framework allowing clients to enable or disable guardrails and classifiers based on their needs. The defence draws on Vulcan’s adaptive attack approach to provide dynamic protection that changes over time

Lettie added, “As banks transition GenAI from proofs of concept to full deployment, embracing agile cybersecurity measures designed for GenAI’s unique challenges is critical. Engaging AI Red Teaming early prevents incidents that could undermine confidence in these new AI capabilities.” 

AIFT’s committed research in the field of AI security and in-depth localization efforts will continue to provide unparallel values to Hong Kong enterprises as they navigate through the evolving AI landscape and begin to validate GenAI investments.

Latest News

Discover more from AIFT - The security layer of the future

Subscribe now to keep reading and get access to the full archive.

Continue reading

Prof Kentaroh Toyoda

Director of GenAI Research

Prof Kentaroh Toyoda is Director of GenAI Security Research at Vulcan, AIFT, where he leads the strategic research and development of generative AI security. Previously, he was a Senior Scientist at the Institute of High-Performance Computing (IHPC), Agency for Science, Technology and Research (A*STAR), where he focused on advancing AI and Web3 technologies. He is also serving as the visiting associate professor in the Department of Information and Computer Science at Keio University in Japan.

Tal Eliyahu

Cybersecurity Leader

Tal Eliyahu is a cybersecurity leader based in Singapore with more than 15 years across startups and innovation labs, helping more than 30 startups build and scale cybersecurity foundations across crypto, financial services, and supply-chain ecosystems. He has shaped cyber risk strategy for financial services innovation at SC Ventures and contributed to initiatives with the Citi Innovation Lab.

He has participated in four regulatory task forces and is an active FS-ISAC member. Tal serves on the advisory board for the Black Hat AI Summit and leads the AI Village at BSides. Known for a hands-on, experiment-driven approach, he connects peer-driven intelligence, regulatory needs, and emerging AI risk discussions to translate complex risks into auditable, verifiable, and scalable controls across banking and fintech.

Professor Patrick Glauner

Patrick Glauner is the Founder & CEO of skyrocket.ai GmbH and a Full Professor of Artificial Intelligence at Deggendorf Institute of Technology since age 30. With a rich background of over 15 years in AI, in both industry and academia, including roles at the European Organization for Nuclear Research (CERN) and in AI leadership in industry, he brings the big picture of AI and advises companies on the use of AI from a strategic, operational and technical perspective.

He has advised numerous parliaments on AI policy as an expert witness and is regularly featured in international media. He studied at Imperial College London and is an alumnus of the German National Academic Foundation (Studienstiftung des deutschen Volkes).

Professor Muhammad Khurram Khan

Prof. Muhammad Khurram Khan is a globally recognized cybersecurity thought leader with over 25 years of impactful contributions in research, innovation, and digital policy. He is a founding member of the Center of Excellence in Information Assurance (CoEIA) at King Saud University and has played a key role in shaping national academic programs and workforce development in alignment with Saudi Arabia’s Vision 2030. He is also the founder and CEO of the Global Foundation for Cyber Studies and Research (USA).

Prof. Khan has published over 500 peer-reviewed papers, holds 11 U.S. patents (4 more pending), and has received more than 37,000 citations, with an h-index of 100. He is ranked among the world’s top 2% of scientists by Stanford University. He serves as Editor-in-Chief of Springer-Nature’s Telecommunication Systems journal and sits on the editorial boards of several IEEE, Elsevier, and Springer journals.

Alex Leung

Co-founder and Group CXO

Alex has 20 years of experience in strategy, product and technology planning in risk management and insurance industry. Previously, he served in leadership roles at a number of startups in the US and Asia. He had also been a consultant with the World Bank and Deloitte Consulting in the US. Alex is a fellow of the Society of Actuaries. He holds an MBA from UC Berkeley and a Bachelor’s degree in Mathematics from UCLA.

Alvin Kwock

Co-founder and Group CEO

Alvin has a diverse background in finance, emerging technology, and risk management. Prior to starting AIFT, Alvin was the Asia-Pacific Head of Emerging Technology and Taiwan Head of Research at JPMorgan. Under Alvin’s leadership, JPM’s Asia Tech Hardware team has been received multiple accolades. He is a member of United Nations ESCAP’s Banking and Finance Task Force, Hong Kong Insurance Authority’s Future Task Force, and he also serves on CUHK Business School Quantitative Finance Advisory Committee. He holds an MA degree in Social Science and a BA degree in Economics, both from the University of Chicago.

Robin Scott

GM of Middle East &

Group General Counsel

Robin has extensive experience in corporate transformation, legal, and strategic roles. Before joining AIFT, Robin worked at a leading Southeast Asian conglomerate in legal and transformation roles. He began his career as a lawyer, working in the London, New York and Hong Kong offices of Freshfields. He holds an MA degree from the University of Cambridge.

Nigel Yip

Group Deputy CFO

Nigel brings a wealth of experience in financial strategy to AIFT. Before joining AIFT, Nigel held the position of CFO at a publicly listed company, where he led several successful fundraising initiatives, including an IPO in Hong Kong. He played a pivotal role in establishing robust financial reporting processes, strengthening internal controls, and ensuring compliance with regulatory standards. Prior to his corporate executive career, Nigel accumulated extensive experiences at Rothschild and Credit Suisse, where he specialized in IPOs, cross-border M&A, and private equity investments. Nigel holds an MBA from the University of Chicago Booth School of Business and a Bachelor of Economics and Finance from the University of Hong Kong.

Emily Chow

Deputy CEO of OneDegree

Emily is a seasoned veteran with 18 years of experience in banking and finance industry. Previously serving as PrimeCredit’s Head of Marketing, Emily was instrumental in the “PrimeCredit Brothers” rebranding campaign, which was a huge success and eventually led the brand to become a market leader. Prior to joining AIFT, Emily held key positions at WeLend and virtual banks WeLab Bank as well as Airstar Bank, where she demonstrated proven track records in driving the go-to-market strategy and various branding and marketing campaigns with solid experience in disrupting various markets with innovative product designs and digital experiences.

Michelle Ip

Group Managing Director

Michelle has more than 12 years of experience in insurance and insurtech start-ups, including greenfield market entry, oversight and business development across multiple countries in ASEAN like Cambodia, Myanmar and East Asia. Michelle was previously the founding member of iFWD, the no.1 digital insurer in Hong Kong since 2015, and the co-founder of Sugar AI, a fintech startup launched in 2018 and Partnership Director at bolttech. Michelle holds a Master's degree in International Relations and Affairs from the London School of Economics and Political Science (LSE) and a BBA in Accounting and Finance from the University of Hong Kong.

Rex Zhang

GM of Web3 Businesses

With extensive experience across global insurers and reinsurers, Rex has played a pivotal role in building multiple digital and insurance solutions from the ground up. Rex specializes in bridging traditional insurance with fintech, Web3, and cybersecurity solutions, delivering tailored products that address the evolving needs of partners and clients. His expertise spans underwriting, risk assessment, and digital transformation, enabling businesses to navigate emerging risks with confidence. He holds a Master’s degree in Fintech from HKUST and a BBA in Insurance, Financial, and Actuarial Analysis from CUHK.

Professor Tony Chan

Prof. Tony Chan is a board member of the Future Investment Initiative Institute and the former President of both King Abdullah University of Science and Technology (KAUST) and The Hong Kong University of Science and Technology (HKUST). An expert in computational mathematics, AI, and digital strategy, he has led major research initiatives in AI and innovation, driving digital transformation in academia and industry. He holds a Ph.D. in Computer Science from Stanford University.

Professor Ben Y. Zhao

Prof. Ben Zhao, Neubauer Professor at the University of Chicago, is an expert in AI, ML, Security and Data. Prof. Zhao is a Distinguished Scientist at the Association for Computing Machinery and has received multiple honors and prestigious awards including the NSF CAREER award, MIT Technology Review’s TR-35 Award (Young Innovators Under 35), ComputerWorld Magazine’s Top 40 Tech Innovators award, Google Faculty award, and IEEE ITC Early Career Award. He holds a Ph.D. in Computer Science from UC Berkeley.

Professor Hau L. Lee

Prof. Hau L. Lee is the Thoma Professor of Operations, Information, and Technology at the Stanford Graduate School of Business. A leading expert in supply chain management and operations research, his work has significantly influenced both academia and industry. His research is widely recognized, including a paper ranked among the 10 most influential in Management Science history. Beyond academia, Prof. Lee has worked extensively with both public and private sectors. He holds a Ph.D. in Operations Research from Wharton.