The portfolio revolution: the end of classic portfolio theory by Dr. Jochen Felsenheimer, Managing Director of XAIA Investment GmbH
Professional Articles
LLM and its increasing relevance in cyber security
By Frank Romeike
In recent years, large language models (LLMs) have made significant advances in their performance and in many areas are now achieving capabilities beyond those of the human brain. These models, including GPT-4, have the potential to be used in both value-added and malicious contexts. Academic research and practitioners have begun to investigate the potential of LLM agents to exploit cybersecurity vulnerabilities. However, previous studies were limited to simple vulnerabilities. The current paper “LLM Agents can Autonomously Exploit One-Day Vulnerabilities” by authors Richard Fang, Rohan Bindu, Akul Gupta and Daniel Kang investigates whether LLM agents can autonomously exploit real, complex vulnerabilities, in particular so-called one-day vulnerabilities, i.e. vulnerabilities that are known but not yet patched.
Perverse instantiation and reward exploitation in AI applications
By Dr. Dimitrios Geromichalos, FRM
The increasing use of ever more advanced artificial intelligence (AI) methods is leading to a fundamental change in the financial sector. The main drivers for this are the many advantages of these methods, which enable complex classifications, precise cluster and outlier analyses and in-depth text analyses, among other things, and contribute significantly to optimized decision-making and increased efficiency in numerous processes.
However, these advantages are also associated with considerable challenges. Data inaccuracies and bias can distort results, while overfitting impairs the reliability of the models. In addition, more powerful models are usually “black boxes” whose results are often not comprehensible and explainable, or only for individual examples. In order to avoid unforeseen negative consequences, it is therefore essential that the use of AI processes in the financial sector is carefully monitored and continuously optimized.
Information register: The underestimated DORA hurdle
By Stefan Wendt
One of the key instruments required by the Digital Operational Resilience Act (DORA) is an effective information register. It is intended to ensure that financial service providers maintain an overview of existing dependencies on third party providers. What seems comparatively trivial is actually one of the higher hurdles on the road to compliance, which must be achieved by January 2025. There are tools for this – but their quality has yet to be proven.
Climate stress tests – where is the stress?
Many banks in Germany and Europe have greatly advanced the development and analysis of climate scenarios as part of capital planning and stress tests in recent years. These are usually based on scenarios from the Network for Greening the Financial System (NGFS) or the International Energy Agency (IEA). However, with a growing understanding of the impact channels of climate risks, it is becoming apparent that short-term and disruptive effects in particular are not adequately reflected in such scenarios, which makes it difficult to integrate the corresponding risk drivers into banks’ capital planning and adverse scenarios of the ICAAP. Advanced institutions are currently working on innovative solutions based on NGFS or alternative model approaches from which the market can learn on a broad scale in order to strengthen the integration of climate risks into bank management.
Resilience, goal achievement and sustainability in the age of transformation
By Prof. Dr. Josef Scherer
The revised guidelines on internal governance of the European Banking Authority (EBA) and the guidelines on the assessment of the suitability of members of the management body and key function holders of the EBA and the European Securities and Market Authority (ESMA) have been in force since December 31, 2021.
When studying the guidelines, the need for modern governance adapted to the times of transformation becomes clear. The addressees also get a feeling for what is included in the area of governance and which regulatory requirements need to be met.
Professional Articles
LLM and its increasing relevance in cyber security
By Frank Romeike
In recent years, large language models (LLMs) have made significant advances in their performance and in many areas are now achieving capabilities beyond those of the human brain. These models, including GPT-4, have the potential to be used in both value-added and malicious contexts. Academic research and practitioners have begun to investigate the potential of LLM agents to exploit cybersecurity vulnerabilities. However, previous studies were limited to simple vulnerabilities. The current paper “LLM Agents can Autonomously Exploit One-Day Vulnerabilities” by authors Richard Fang, Rohan Bindu, Akul Gupta and Daniel Kang investigates whether LLM agents can autonomously exploit real, complex vulnerabilities, in particular so-called one-day vulnerabilities, i.e. vulnerabilities that are known but not yet patched.
Perverse instantiation and reward exploitation in AI applications
By Dr. Dimitrios Geromichalos, FRM
The increasing use of ever more advanced artificial intelligence (AI) methods is leading to a fundamental change in the financial sector. The main drivers for this are the many advantages of these methods, which enable complex classifications, precise cluster and outlier analyses and in-depth text analyses, among other things, and contribute significantly to optimized decision-making and increased efficiency in numerous processes.
However, these advantages are also associated with considerable challenges. Data inaccuracies and bias can distort results, while overfitting impairs the reliability of the models. In addition, more powerful models are usually “black boxes” whose results are often not comprehensible and explainable, or only for individual examples. In order to avoid unforeseen negative consequences, it is therefore essential that the use of AI processes in the financial sector is carefully monitored and continuously optimized.
Information register: The underestimated DORA hurdle
By Stefan Wendt
One of the key instruments required by the Digital Operational Resilience Act (DORA) is an effective information register. It is intended to ensure that financial service providers maintain an overview of existing dependencies on third party providers. What seems comparatively trivial is actually one of the higher hurdles on the road to compliance, which must be achieved by January 2025. There are tools for this – but their quality has yet to be proven.
Climate stress tests – where is the stress?
Many banks in Germany and Europe have greatly advanced the development and analysis of climate scenarios as part of capital planning and stress tests in recent years. These are usually based on scenarios from the Network for Greening the Financial System (NGFS) or the International Energy Agency (IEA). However, with a growing understanding of the impact channels of climate risks, it is becoming apparent that short-term and disruptive effects in particular are not adequately reflected in such scenarios, which makes it difficult to integrate the corresponding risk drivers into banks’ capital planning and adverse scenarios of the ICAAP. Advanced institutions are currently working on innovative solutions based on NGFS or alternative model approaches from which the market can learn on a broad scale in order to strengthen the integration of climate risks into bank management.
Resilience, goal achievement and sustainability in the age of transformation
By Prof. Dr. Josef Scherer
The revised guidelines on internal governance of the European Banking Authority (EBA) and the guidelines on the assessment of the suitability of members of the management body and key function holders of the EBA and the European Securities and Market Authority (ESMA) have been in force since December 31, 2021.
When studying the guidelines, the need for modern governance adapted to the times of transformation becomes clear. The addressees also get a feeling for what is included in the area of governance and which regulatory requirements need to be met.