JPMorgan Chase uses digital fingerprints and digital twins to spot online attackers and malicious behaviors while also reducing pesky false alerts.
RSAC 2026 CONFERENCE — San Francisco — Keeping tabs on the online activities of over 320,000 employees wordwide is no small task. It wouldn't be that hard for an attacker to hide in a crowd of that many users and the massive amount of data they generate.
That's exactly the challenge facing Andrew Plummer, a chief scientist for artificial intelligence and machine learning in cybersecurity and technology controls at JPMorgan Chase. But it's also the kind of threat-hunting task that AI tools have the muscle to help with.
Plummer set out to create an AI-powered system of digital fingerprints and digital twins to help human analysts sort through the mountains of user logs generated by employees and AI agents. While some of the agents are used by employees, others were created for the more than 6,000 applications running within the bank's environment.
Innovations like these are the next step in threat hunting and key to keeping companies a step ahead of attackers, Plummer told RSAC Conference attendees in San Francisco
An advertising concept, digital fingerprints refer to consumer profiles companies create based on all the user data they collect, such as where the consumer might shop, what they did and didn't like, or what TV shows they would watch. In a cybersecurity context, digital fingerprints are based on data relating to the employee's work patterns and habits — the "casual and cognitive" aspects of their behavior, Plummer explained.
If the employee did something out of the ordinary, the AI would be able to spot it quickly, investigate further, and rate the anomaly in regard to how potentially malicious it could be, along with whether it should be flagged for future investigation.
That's where the digital twin comes in. Digital twins simulate processes or systems and incorporate real-time, real-world data. Widely used in manufacturing and design, digital twins are increasingly being used to analyze the impact of cyberattacks and vulnerabilities on software and hardware.
Regarding JPMorgan Chase, the digital twin analyzes flagged anomalies and builds models to examine other factors, such as projecting what the behavioral pattern could look like over time, Plummer explained. It also considers anomalies in a broader context and factors in the impact of external events, such as a major storm or a geopolitical incident, that could explain the change in behavior.
The AI rates the potential maliciousness of the behavior and analysts can decide whether what they're looking at is something that's just out of the ordinary but still benign, or if it evidence of a threat. The goal is to reduce false positive alerts while also spotting and stopping malicious actors before they can cause damage, Plummer said, while demonstrating how the bank's systems flag behaviors as harmless or anomalous.
During the demonstration, Plummer showed how the system prescribed steps to take contain and mitigate the damage that was the result of the malicious behavior.
JPMorgan Chase currently uses digital fingerprints and twins to monitor about 19,000 of its users, but Plummer said he ultimately hopes to roll out this system for all of its employees, as well as the AI agents used by them and the company’s applications.
RSAC 2026 CONFERENCE — San Francisco — Keeping tabs on the online activities of over 320,000 employees wordwide is no small task. It wouldn't be that hard for an attacker to hide in a crowd of that many users and the massive amount of data they generate.
That's exactly the challenge facing Andrew Plummer, a chief scientist for artificial intelligence and machine learning in cybersecurity and technology controls at JPMorgan Chase. But it's also the kind of threat-hunting task that AI tools have the muscle to help with.
Plummer set out to create an AI-powered system of digital fingerprints and digital twins to help human analysts sort through the mountains of user logs generated by employees and AI agents. While some of the agents are used by employees, others were created for the more than 6,000 applications running within the bank's environment.
Innovations like these are the next step in threat hunting and key to keeping companies a step ahead of attackers, Plummer told RSAC Conference attendees in San Francisco
An advertising concept, digital fingerprints refer to consumer profiles companies create based on all the user data they collect, such as where the consumer might shop, what they did and didn't like, or what TV shows they would watch. In a cybersecurity context, digital fingerprints are based on data relating to the employee's work patterns and habits — the "casual and cognitive" aspects of their behavior, Plummer explained.
If the employee did something out of the ordinary, the AI would be able to spot it quickly, investigate further, and rate the anomaly in regard to how potentially malicious it could be, along with whether it should be flagged for future investigation.
That's where the digital twin comes in. Digital twins simulate processes or systems and incorporate real-time, real-world data. Widely used in manufacturing and design, digital twins are increasingly being used to analyze the impact of cyberattacks and vulnerabilities on software and hardware.
Regarding JPMorgan Chase, the digital twin analyzes flagged anomalies and builds models to examine other factors, such as projecting what the behavioral pattern could look like over time, Plummer explained. It also considers anomalies in a broader context and factors in the impact of external events, such as a major storm or a geopolitical incident, that could explain the change in behavior.
The AI rates the potential maliciousness of the behavior and analysts can decide whether what they're looking at is something that's just out of the ordinary but still benign, or if it evidence of a threat. The goal is to reduce false positive alerts while also spotting and stopping malicious actors before they can cause damage, Plummer said, while demonstrating how the bank's systems flag behaviors as harmless or anomalous.
During the demonstration, Plummer showed how the system prescribed steps to take contain and mitigate the damage that was the result of the malicious behavior.
JPMorgan Chase currently uses digital fingerprints and twins to monitor about 19,000 of its users, but Plummer said he ultimately hopes to roll out this system for all of its employees, as well as the AI agents used by them and the company’s applications.