How a Large Bank Uses AI Digital Twins for Threat Hunting

RSAC 2026 CONFERENCE — San Francisco — It's not easy to keep track of what more than 320,000 employees are doing online around the world This article explores cybersecurity digital fingerprints. . It wouldn't be too hard for an attacker to blend in with a group of that many users and all the data they make.

That's the problem that Andrew Plummer, the chief scientist for AI and machine learning in cybersecurity and technology controls at JPMorgan Chase, is trying to solve. But AI tools can also help with this kind of threat-hunting job. Plummer wanted to make an AI-powered system of digital fingerprints and digital twins to help human analysts sort through all the user logs that AI agents and employees make.

Some of the agents are used by employees, but others were made for the bank's more than 6,000 applications. Plummer told people at the RSAC Conference in San Francisco that these kinds of new ideas are the next step in threat hunting and are what companies need to stay one step ahead of hackers. Related: A data tool that can sort through exploited vulnerabilities can make KEV more useful.

Digital fingerprints are a marketing idea that refers to the profiles companies make of customers based on all the information they collect about them, like where they might shop, what they liked and didn't like, and what TV shows they would watch.

Plummer said that in the context of cybersecurity, digital fingerprints are based on information about the employee's work habits and patterns, or the "casual and cognitive" parts of their behavior. The AI would be able to quickly spot anything strange that an employee did, look into it further, and rate how dangerous it could be and whether it should be flagged for further investigation. That's when the digital twin comes in.

Digital twins use real-time, real-world data to model processes or systems. Digital twins are becoming more popular for looking at how cyberattacks and weaknesses affect software and hardware. They are commonly used in design and manufacturing.

Plummer said that the digital twin looks at flagged anomalies and creates models to look at other things, like what the behavioral pattern might look like over time for JPMorgan Chase. It also looks at anomalies in a bigger picture and takes into account how outside events, like a big storm or a geopolitical incident, could have caused the change in behavior. The AI gives a score to the behavior based on how likely it is to be harmful, and analysts can then decide if what they're looking at is just strange but not harmful, or if it is a sign of a threat.

Plummer said that the goal is to cut down on false positive alerts while also finding and stopping bad actors before they can do any damage. He also showed how the bank's systems flag behaviors as normal or harmful. Cyber OpSec is related.

Fail: Beast Gang Shows Ransomware Server During the demo, Plummer showed how the system suggested steps to take to limit and fix the damage caused by the bad behavior. Plummer said that JPMorgan Chase currently uses digital fingerprints and twins to keep an eye on about 19,000 of its users. He hopes to eventually make this system available to all of its employees, as well as the AI agents they use and the company's apps.