How a Large Bank Uses AI Digital Twins for Threat Hunting

THREAT INTELLIGENCE CYBER RISK CYBERSECURITY OPERATIONS REMOTE WORKFORCE News, news analysis, and commentary on the latest trends in cybersecurity technology. How a Large Bank Uses AI Digital Twins for Threat Hunting JPMorgan Chase uses digital fingerprints and digital twins to spot online attackers and malicious behaviors while also reducing pesky false alerts. Bree Fowler,Contributing Writer March 24, 2026 3 Min Read SOURCE: OLE CNX VIA SHUTTERSTOCK RSAC 2026 CONFERENCE — San Francisco — Keeping tabs on the online activities of over 320,000 employees wordwide is no small task. It wouldn't be that hard for an attacker to hide in a crowd of that many users and the massive amount of data they generate. That's exactly the challenge facing Andrew Plummer, a chief scientist for artificial intelligence and machine learning in cybersecurity and technology controls at JPMorgan Chase. But it's also the kind of threat-hunting task that AI tools have the muscle to help with. Plummer set out to create an AI-powered system of digital fingerprints and digital twins to help human analysts sort through the mountains of user logs generated by employees and AI agents. While some of the agents are used by employees, others were created for the more than 6,000 applications running within the bank's environment. Innovations like these are the next step in threat hunting and key to keeping companies a step ahead of attackers, Plummer told RSAC Conference attendees in San Francisco. Related:Data Tool to Triage Exploited Vulnerabilities Can Make KEV More Useful An advertising concept, digital fingerprints refer to consumer profiles companies create based on all the user data they collect, such as where the consumer might shop, what they did and didn't like, or what TV shows they would watch. In a cybersecurity context, digital fingerprints are based on data relating to the employee's work patterns and habits — the "casual and cognitive" aspects of their behavior, Plummer explained. If the employee did something out of the ordinary, the AI would be able to spot it quickly, investigate further, and rate the anomaly in regard to how potentially malicious it could be, along with whether it should be flagged for future investigation. That's where the digital twin comes in. Digital twins simulate processes or systems and incorporate real-time, real-world data. Widely used in manufacturing and design, digital twins are increasingly being used to analyze the impact of cyberattacks and vulnerabilities on software and hardware. Regarding JPMorgan Chase, the digital twin analyzes flagged anomalies and builds models to examine other factors, such as projecting what the behavioral pattern could look like over time, Plummer explained. It also considers anomalies in a broader context and factors in the impact of external events, such as a major storm or a geopolitical incident, that could explain the change in behavior. The AI rates the potential maliciousness of the behavior and analysts can decide whether what they're looking at is something that's just out of the ordinary but still benign, or if it evidence of a threat. The goal is to reduce false positive alerts while also spotting and stopping malicious actors before they can cause damage, Plummer said, while demonstrating how the bank's systems flag behaviors as harmless or anomalous. Related:Cyber OpSec Fail: Beast Gang Exposes Ransomware Server During the demonstration, Plummer showed how the system prescribed steps to take contain and mitigate the damage that was the result of the malicious behavior. JPMorgan Chase currently uses digital fingerprints and twins to monitor about 19,000 of its users, but Plummer said he ultimately hopes to roll out this system for all of its employees, as well as the AI agents used by them and the company’s applications. Read more about: CISO Corner About the Author Bree Fowler Contributing Writer Bree Fowler writes about cybersecurity and digital privacy. Previously, she was a senior writer for CNET. Prior to joining CNET, she reported for The Associated Press and Consumer Reports. A Michigan native, she's a long-suffering Detroit sports fan, world traveler, three-star world marathoner, and champion baker of over-the-top birthday cakes and all things sourdough. Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report Cybersecurity Forecast 2026 The ROI of AI in Security ThreatLabz 2025 Ransomware Report Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars You May Also Like THREAT INTELLIGENCE Hackers Target Cybersecurity Firm Outpost24 in 7-Stage Phish by Jai Vijayan MAR 17, 2026 THREAT INTELLIGENCE React2Shell Exploits Flood the Internet as Attacks Continue by Rob Wright DEC 12, 2025 THREAT INTELLIGENCE Iran Exploits Cyber Domain to Aid Kinetic Strikes by Robert Lemos, Contributing Writer NOV 26, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 Latest Articles in DR Technology IDENTITY & ACCESS MANAGEMENT SECURITY Microsoft Proposes Better Identity, Guardrails for AI Agents MAR 24, 2026 CYBERSECURITY OPERATIONS AI Dominates RSAC Innovation Sandbox MAR 22, 2026 СLOUD SECURITY Native Launches With Security Control Plane for Multicloud MAR 19, 2026 СLOUD SECURITY Post-Quantum Web Could be Safer, Faster MAR 19, 2026 Read More DR Technology Want more Dark Reading stories in your Google search results?