CAIXABANK, as a major European financial institution, faces challenges in detecting and responding to increasingly sophisticated cyber threats targeting their diverse banking channels. The organization currently employs traditional security monitoring solutions and machine learning models, but struggles with the high volume of alerts, detection of novel attack patterns, and efficient incident response coordination.

With the financial industry experiencing a 238% increase in cyberattacks since 2020 and attacks becoming more sophisticated, CAIXABANK needs advanced solutions that can identify anomalies more accurately, streamline incident response, and provide real-time risk assessment across the entire organization. Additionally, while the bank has made progress in traditional machine learning for cyberfraud detection, it has not yet explored how generative AI might enhance these capabilities, particularly for detecting impersonation attacks across multiple banking channels and financial operations.

This pilot will implement an integrated anomaly detection and incident response system leveraging CyberAId’s advanced technologies, with special emphasis on enhancing CAIXABANK’s existing monitoring infrastructure with AI-driven contextual analysis, automated incident triage, and real-time organizational risk assessment.

The solution will focus on identifying subtle anomalies across banking channels and streamlining the incident response process through intelligent automation and decision support.

This use case enables advanced anomaly detection across digital banking channels, transaction systems, and network infrastructure. By combining Wazuh-based monitoring, eBPF-enhanced network visibility, and behavioural analysis, the system identifies subtle deviations from normal operations. CyberAId LLMs enrich detected anomalies with threat intelligence, historical patterns, and business context, significantly reducing false positives and enabling detection of impersonation attempts across mobile, web, and payment systems.

This use case transforms CAIXABANK’s incident response capabilities through AI-powered triage, investigation support, and response automation. When anomalies are detected, the CyberAId-REPORT system will automatically gather relevant context from multiple sources towards creating incident dossiers that accelerate investigation. The LLM orchestration layer will analyse incident details, recommend containment and mitigation actions based on established playbooks, and generate natural language summaries for security teams. For complex incidents, the system will provide interactive investigation guidance through a chat interface, allowing analysts to explore different aspects of the incident through natural language queries.

The solution will also automate routine response actions for well-understood threats, enabling analysts to focus on complex cases requiring human judgment. Throughout the incident lifecycle, the system will maintain detailed timelines and documentation, ensuring detailed audit trails for post-incident analysis and compliance requirements.

This use case implements a real-time risk assessment framework that integrates security telemetry from across CAIXABANK’s infrastructure to provide a dynamic view of organizational cybersecurity posture. The OLISTIC risk assessment engine will continuously analyze the security status of critical assets, applications, and services, calculating risk scores based on vulnerability data, threat intelligence, and business criticality. The system will present this information through intuitive dashboards that enable security leaders to understand current risk levels, identify vulnerable areas, and prioritize mitigation efforts.

Based on the DIÓSCURI digital twin technology, the solution will also enable scenario planning and impact analysis, allowing security teams to simulate the effects of potential attacks or mitigation strategies within a safe virtual environment. This advanced risk visualization will support more effective resource allocation, mitigation planning, and executive communication about cybersecurity risks and initiatives.