Pretense
Back to Blog
·10 min read
FinTechComplianceEnterpriseUse Case

How Financial Services Teams Use AI Coding Tools Safely

Financial services firms face stricter data handling requirements than most industries. Sending proprietary trading algorithms or client-identifying code to AI APIs creates real regulatory exposure. Here is how regulated FinServ teams are solving this without blocking developer productivity.

The FinServ AI Tool Problem

Financial services firms are not slow adopters of developer tools. Bloomberg terminals, proprietary trading systems, and algorithmic execution platforms represent decades of sophisticated engineering. FinServ engineering teams are experienced, well-resourced, and under constant productivity pressure.

When AI coding tools became available, FinServ developers adopted them quickly. The challenge: the same features that make AI tools productive (large context windows, code completion, architecture suggestions) make them significant IP and compliance risks in a regulated industry.

What Is Actually at Risk

Proprietary Trading Algorithms

A quantitative strategy expressed in code represents years of research and real competitive advantage. The function names, variable names, and structural patterns in a trading algorithm are themselves proprietary information, independent of the underlying data.

If a developer pastes 500 lines of execution logic into a Claude prompt to ask about optimization, those 500 lines include the logic of the strategy. That logic is now in Anthropic's infrastructure.

Client Data Patterns

Financial services code often handles account identifiers, transaction patterns, and portfolio structures. Even schema definitions and type annotations reference client-identifiable patterns. A data model file for a wealth management system contains identifiers like AccountHolder, PortfolioBalance, and TaxLotEntry that, in aggregate, describe client data structures.

Regulatory Algorithms

Anti-money laundering detection logic, credit scoring models, and fraud detection patterns represent both IP and regulatory documentation. These algorithms are often confidential not just for competitive reasons but because their disclosure could enable evasion.

The Regulatory Landscape

SOX (Sarbanes-Oxley)

SOX Section 404 requires effective internal controls over financial reporting. For technology firms and firms where technology enables financial reporting, auditors are increasingly examining access controls over the systems that generate financial data. AI tool usage that exposes those systems' internal logic is a SOX risk for public companies.

MiFID II / Market Regulation

Firms subject to MiFID II have obligations around algorithmic trading systems including documentation and change management. Sending algorithmic trading logic to AI APIs without audit controls creates gaps in the change management record.

FINRA and SEC Rules

FINRA and SEC rules on data security and privacy apply to client information, which can include data patterns that appear in code. The question of whether identifiers in source code constitute "client data" is fact-specific, but the conservative approach is to treat them as potentially covered.

How Leading FinServ Teams Are Handling This

Pattern 1: Tiered Access by Repository Classification

Teams classify repositories by sensitivity level:

- Public tier: Open source libraries, developer tooling, non-proprietary infrastructure code. Unrestricted AI tool use. - Internal tier: Business logic with no client data or trading algorithms. AI tools allowed with audit logging. - Restricted tier: Proprietary trading algorithms, client data models, regulatory systems. AI tools only through mutation proxy. - Confidential tier: Highest-value strategies, real-time trading systems. AI tools disabled entirely.

This approach lets developers use AI tools productively on most code while applying strict controls where they matter.

Pattern 2: Mutation Proxy in CI/CD Pipeline

Rather than relying on per-developer proxy configuration, some teams deploy Pretense as a required component of the development pipeline. The CI/CD system validates that commits touching restricted repositories were made with Pretense active.

yaml
# .github/workflows/ai-security-gate.yml
name: AI Security Gate
on: [push, pull_request]
jobs:
  check-ai-controls:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: pretense/scan-action@v1
        with:
          fail-on: high
          repositories: restricted,confidential
          report: pr-comment

This approach enforces the control at the pipeline level, not the developer level.

Pattern 3: Audit Trail for Compliance Reviews

Several firms use Pretense primarily for the audit artifact rather than purely for protection. The reasoning: even if the technical protection is not perfect, having a complete log of what AI API calls were made, from which repositories, with which mutation records, satisfies the auditor's question about control documentation.

The audit log generated by Pretense includes enough information to answer: what code was sent, when, by whom, whether proprietary identifiers were mutated, and whether any secrets were detected.

Technical Implementation for FinServ Environments

FinServ environments have specific requirements that a standard developer tool deployment may not address.

Air-gapped or restricted network environments

Some trading systems run on networks with restricted or no internet access. Pretense can be configured for fully air-gapped operation:

bash
pretense init --offline
pretense start --no-telemetry --local-only

In offline mode, Pretense performs mutation and generates audit logs, but does not make any outbound calls to Pretense infrastructure. All data stays on the developer workstation.

SIEM integration

FinServ security teams typically want AI tool events flowing into their SIEM alongside other security events. Pretense supports CEF and LEEF log formats for Splunk and Sentinel integration:

bash
pretense start --siem-format cef --siem-endpoint syslog://your-splunk-server:514

SSO and identity management

Enterprise deployments can integrate with existing SSO providers through BoxyHQ SCIM integration, so audit logs are attributed to authenticated identities rather than local user accounts.

A Note on "Developer Productivity vs Security"

The framing of productivity versus security is a false choice in this context. Developers at FinServ firms are already working around security controls when those controls are too burdensome. The more accurate framing is: controls that developers work with versus controls that developers work around.

A control that adds 2-8ms of latency and is completely invisible in normal workflow is one developers will not circumvent. A control that requires manual review of every prompt, adds 2-5 minutes per AI interaction, and generates friction on deadline is one that will have informal exceptions within weeks.

The goal is a control that achieves the security objective and that developers can live with indefinitely.

[Talk to our team about FinServ-specific deployment requirements](/demo) or [see the compliance documentation for regulated industries](/use-cases).

Share this article

Share on XShare on LinkedIn
Get Started with Pretense →More Articles
Ask me anything