From RAGs to riches? - Exploring the security implications of Retrieval Augmented Generation in the financial sector
(2025) SYSK16 20251Department of Informatics
- Abstract
- Retrieval Augmented Generation (RAG) has emerged as a promising architecture for improving the accuracy and contextual relevance of large language models, particularly in high-stakes domains such as the financial sector. This thesis explores how Scandinavian financial institutions perceive and address the security risks associated with RAG systems. Guided by the CIAAN framework (Confidentiality, Integrity, Availability, Authentication, and Non-repudiation) the study draws on qualitative data from semi-structured interviews with information security professionals. The findings reveal that while RAG offers clear operational benefits, such as enhanced information retrieval and improved efficiency, its adoption is constrained by governance... (More)
- Retrieval Augmented Generation (RAG) has emerged as a promising architecture for improving the accuracy and contextual relevance of large language models, particularly in high-stakes domains such as the financial sector. This thesis explores how Scandinavian financial institutions perceive and address the security risks associated with RAG systems. Guided by the CIAAN framework (Confidentiality, Integrity, Availability, Authentication, and Non-repudiation) the study draws on qualitative data from semi-structured interviews with information security professionals. The findings reveal that while RAG offers clear operational benefits, such as enhanced information retrieval and improved efficiency, its adoption is constrained by governance challenges, overreliance on AI systems, and limited vendor transparency. Institutions face a persistent tension between innovation and risk exposure, often accelerated by competitive pressure despite governance immaturity. The study highlights that secure deployment of RAG requires more than technical safeguards. It demands organisational readiness, robust data governance, and human oversight. (Less)
Please use this url to cite or link to this publication:
http://lup.lub.lu.se/student-papers/record/9192150
- author
- Segui, Felix LU ; Swärd, John LU and Brejcha, Jonatan LU
- supervisor
- organization
- course
- SYSK16 20251
- year
- 2025
- type
- M2 - Bachelor Degree
- subject
- keywords
- Retrieval Augmented Generation (RAG), Information security, Large Language Model (LLM), AI risk management in finance, Data governance, Humans Factors in AI implementations
- language
- English
- id
- 9192150
- date added to LUP
- 2025-06-13 15:19:57
- date last changed
- 2025-06-13 15:19:57
@misc{9192150,
abstract = {{Retrieval Augmented Generation (RAG) has emerged as a promising architecture for improving the accuracy and contextual relevance of large language models, particularly in high-stakes domains such as the financial sector. This thesis explores how Scandinavian financial institutions perceive and address the security risks associated with RAG systems. Guided by the CIAAN framework (Confidentiality, Integrity, Availability, Authentication, and Non-repudiation) the study draws on qualitative data from semi-structured interviews with information security professionals. The findings reveal that while RAG offers clear operational benefits, such as enhanced information retrieval and improved efficiency, its adoption is constrained by governance challenges, overreliance on AI systems, and limited vendor transparency. Institutions face a persistent tension between innovation and risk exposure, often accelerated by competitive pressure despite governance immaturity. The study highlights that secure deployment of RAG requires more than technical safeguards. It demands organisational readiness, robust data governance, and human oversight.}},
author = {{Segui, Felix and Swärd, John and Brejcha, Jonatan}},
language = {{eng}},
note = {{Student Paper}},
title = {{From RAGs to riches? - Exploring the security implications of Retrieval Augmented Generation in the financial sector}},
year = {{2025}},
}