Challenge
As the financial sector races to embrace generative AI, Finance of America, a leading financial services provider, saw immense business value in leveraging GenAI for their workflows, products, and services. According to Drew Robertson, CISO at Finance of America, “There really is no going back to the pre-GenAI era, for organizations that want to be competitive in their field.” However, the introduction of GenAI came with significant risks—especially for a highly regulated industry.
Despite a robust security stack, Drew and his team faced a profound blind spot: a lack of visibility and control over how GenAI tools were being used across the company. “We generally have no idea who is using GenAI-based tools, how they use it, and what data is leaked,” Drew notes. Traditional security tools could not capture prompts or prevent sensitive data from inadvertently entering GenAI platforms. The inability to govern GenAI adoption threatened both data security and regulatory compliance, particularly in sensitive workflows such as loan underwriting.
With mounting pressure to adopt GenAI for competitive advantage, but with no effective guardrails or oversight in place, Drew faced the challenge of enabling productivity while ensuring security—a dilemma that existing solutions simply could not solve.
Solution
Recognizing that GenAI adoption was inevitable, Finance of America chose Aim’s platform to provide the expertise, oversight, and governance that their existing tools lacked. “We decided to use Aim because GenAI is inevitable, and requires specific expertise in order to secure it,” Drew explains. Aim stood out by offering prompt-level visibility and governance—capabilities absent from other security solutions.
Deployment was swift and seamless. “Surprisingly, Aim just fits right in,” Drew recalls. “Following a smooth deployment, Aim’s platform leveraged our existing toolset to give us the most comprehensive security across all of our environments. It’s not another tool, it’s an entire platform that tells me everything I need to know about GenAI use, risks, and opportunities—quickly, and without hurting business.”
Aim gave Finance of America:
- Automated, comprehensive inventory of all GenAI apps used in the organization
- Detailed audit logs for data shared with AI Providers
- Full visibility into employee GenAI usage
- Insights that support not only security and compliance, but also productivity and business outcomes
Impact
Within weeks of deploying Aim, Finance of America moved from near-blindness around GenAI usage to complete oversight. Drew describes the transformation: “We now have visibility into how our employees use GenAI, with invaluable insights outside of security, that support business productivity and compliance.”
The security team was empowered to manage and govern GenAI adoption proactively. “For the first time, my security team is seen as a business enabler. Aim has elevated our position within the organization and helped us become a valuable part of the GenAI adoption process from the get-go, instead of coming in late to clear up everyone else’s mess.”
Crucially, this transformation allowed Finance of America to scale GenAI adoption safely—supporting productivity and innovation while maintaining the necessary security guardrails and compliance with industry regulations. “With Aim, our users can enjoy the convenience and efficiency of GenAI while GenAI guardrails are automatically adhered to,” Drew says.
Looking Forward
Aim has become an essential part of Finance of America’s digital transformation, securing every aspect of GenAI use—across public SaaS, enterprise chat, and internally developed solutions. “Aim provides immense value to multiple stakeholders in our organization, across security, business, and legal teams, helping us place and enforce the guardrails that fit our industry regulations and unique needs,” Drew affirms.
As the pace of GenAI adoption accelerates, Finance of America is now ahead of the curve, with their security team at the forefront of innovation—empowering the business, protecting sensitive data, and ensuring compliance in a new era.
Drew Robertson, CISO at Finance of America:
“The stringent regulations of the finance industry and our concern for our customers’ data make GenAI adoption challenging. I love the fact that Aim secures the entire breadth of our GenAI use, no matter where it is applied: public SaaS apps, enterprise chats, or our own internal developments. Aim provides immense value to multiple stakeholders in our organization, across security, business, and legal teams, helping us place and enforce the guardrails that fit our industry regulations and unique needs.”
