Skip to main content

LUP Student Papers

LUND UNIVERSITY LIBRARIES

From RAGs to riches? - Exploring the security implications of Retrieval Augmented Generation in the financial sector

Segui, Felix LU ; Swärd, John LU and Brejcha, Jonatan LU (2025) SYSK16 20251
Department of Informatics
Abstract
Retrieval Augmented Generation (RAG) has emerged as a promising architecture for improving the accuracy and contextual relevance of large language models, particularly in high-stakes domains such as the financial sector. This thesis explores how Scandinavian financial institutions perceive and address the security risks associated with RAG systems. Guided by the CIAAN framework (Confidentiality, Integrity, Availability, Authentication, and Non-repudiation) the study draws on qualitative data from semi-structured interviews with information security professionals. The findings reveal that while RAG offers clear operational benefits, such as enhanced information retrieval and improved efficiency, its adoption is constrained by governance... (More)
Retrieval Augmented Generation (RAG) has emerged as a promising architecture for improving the accuracy and contextual relevance of large language models, particularly in high-stakes domains such as the financial sector. This thesis explores how Scandinavian financial institutions perceive and address the security risks associated with RAG systems. Guided by the CIAAN framework (Confidentiality, Integrity, Availability, Authentication, and Non-repudiation) the study draws on qualitative data from semi-structured interviews with information security professionals. The findings reveal that while RAG offers clear operational benefits, such as enhanced information retrieval and improved efficiency, its adoption is constrained by governance challenges, overreliance on AI systems, and limited vendor transparency. Institutions face a persistent tension between innovation and risk exposure, often accelerated by competitive pressure despite governance immaturity. The study highlights that secure deployment of RAG requires more than technical safeguards. It demands organisational readiness, robust data governance, and human oversight. (Less)
Please use this url to cite or link to this publication:
author
Segui, Felix LU ; Swärd, John LU and Brejcha, Jonatan LU
supervisor
organization
course
SYSK16 20251
year
type
M2 - Bachelor Degree
subject
keywords
Retrieval Augmented Generation (RAG), Information security, Large Language Model (LLM), AI risk management in finance, Data governance, Humans Factors in AI implementations
language
English
id
9192150
date added to LUP
2025-06-13 15:19:57
date last changed
2025-06-13 15:19:57
@misc{9192150,
  abstract     = {{Retrieval Augmented Generation (RAG) has emerged as a promising architecture for improving the accuracy and contextual relevance of large language models, particularly in high-stakes domains such as the financial sector. This thesis explores how Scandinavian financial institutions perceive and address the security risks associated with RAG systems. Guided by the CIAAN framework (Confidentiality, Integrity, Availability, Authentication, and Non-repudiation) the study draws on qualitative data from semi-structured interviews with information security professionals. The findings reveal that while RAG offers clear operational benefits, such as enhanced information retrieval and improved efficiency, its adoption is constrained by governance challenges, overreliance on AI systems, and limited vendor transparency. Institutions face a persistent tension between innovation and risk exposure, often accelerated by competitive pressure despite governance immaturity. The study highlights that secure deployment of RAG requires more than technical safeguards. It demands organisational readiness, robust data governance, and human oversight.}},
  author       = {{Segui, Felix and Swärd, John and Brejcha, Jonatan}},
  language     = {{eng}},
  note         = {{Student Paper}},
  title        = {{From RAGs to riches? - Exploring the security implications of Retrieval Augmented Generation in the financial sector}},
  year         = {{2025}},
}