Recently, Dr. Li Kang, Chief Technology Officer of CertiK, was invited to attend the FiNETech 6 Financial Technology Forum jointly hosted by the Hong Kong Monetary Authority (HKMA) and Cyberport, discussing cybersecurity resilience, data governance, and technological security with 260 experts from banking, technology, and regulatory fields.
During the roundtable discussion, Dr. Li Kang, along with representatives from the Financial Technology Association of Hong Kong (FTAHK), Private Wealth Management Association (PWMA), YoujiVest Technology, and the University of Hong Kong, conducted an in-depth analysis of critical data challenges, cross-platform and cross-border risks, and new security risks arising from emerging technologies like AI and big data, providing professional advice for financial institutions.
New Technologies Amplify Old Threats: AI Brings New Security Risks
Dr. Li Kang pointed out that with the increasing enterprise-level deployment of AI, "data over-sharing caused by AI" has become a new risk that requires high vigilance. He mentioned that McDonald's recently experienced a data breach due to weak supply chain security in its AI system. The AI recruitment robot provided by a third-party vendor highlights the security blind spots in AI service outsourcing.
In the context of normalized remote work and increasingly blurred organizational boundaries, Dr. Li Kang warned that "internal personnel risks" should not be overlooked. For example, a leading US exchange recently disclosed that its VIP user data was leaked due to an outsourced operations personnel being bribed. This incident once again confirms that beyond technological defenses, the organization's trust mechanism and personnel management strategies have become a crucial aspect of financial technology security.
Practical Advice: Not Just a Security Budget, But Also "Having Friends"
Regarding how financial institutions can enhance cybersecurity resilience, Dr. Li Kang offered highly practical advice: "Whether you are a startup or a large financial institution, please establish friendships within the security industry. When the budget is limited, you can still obtain critical advice from experienced practitioners."
He also called on industry institutions and regulatory bodies to strengthen verification and auditing of emerging technologies, especially in the application of complex encryption technologies such as homomorphic encryption, zero-knowledge proofs, and multi-party computation (MPC), to avoid systemic risks caused by improper implementation or potential "backdoors". For instance, a project using ZK technology once experienced a security incident by bypassing verification processes, reminding all institutions "not to trust technological implementation based solely on promotional language".
The Starting Point of Reshaping Order: Built-in Security Mechanisms
In an era of emerging technologies, financial institutions must not only embrace innovation but also re-examine existing security boundaries and governance mechanisms. Dr. Li Kang's speech once again emphasized CertiK's consistent core proposition: "The essence of new risks is the failure of old orders. Only by embedding security within the technological architecture can the future of financial technology truly be stable and controllable."
As the world's largest Web3 security company, CertiK has long been committed to introducing cutting-edge technologies such as formal verification, AI detection, and vulnerability discovery into financial technology and Web3 scenarios. We deeply understand that technological progress should not come at the cost of security. Only by simultaneously building a verifiable, defensible, and accountable security system within innovation can we truly achieve "sustainable trust" in financial technology.
