Cerby CEO Sounds the Alarm on Banks’ Identity Verification Failures

As cyberthreats scale in both volume and sophistication, enterprises are being forced to reevaluate the assumptions of digital security.

In the midst of this reformation, protecting one of the most overlooked but vulnerable parts of the enterprise, disconnected applications, is becoming crucial. For financial institutions, where trust is paramount and the attack surface only grows with digital transformation, the implications are clear: identity is not just a security concern. It’s a business-critical one.

Fresh off a $40 million Series B funding round, Belsasar Lepe, co-founder and CEO of Cerby, stressed to PYMNTS that the urgency of securing digital identities has never been greater.

“We’re in a modern situation,” Lepe said, “where that same technology” — artificial intelligence (AI) — “can be used to deliver a better personalized experience, but it can also be used to deliver a more personalized, risky experience, where you’re tricked into engaging with someone that isn’t who they claim to be.”

Nonstandard applications, which are at the heart of Cerby’s focus, are a category often neglected by traditional identity platforms. These are systems that don’t integrate easily with single sign-on (SSO) or other identity standards, creating gaps that malicious actors exploit.

“We tend to focus on those applications … that aren’t necessarily connectable using modern identity standards,” Lepe said. “That creates a unique dynamic. We’re not just working with security teams, we’re also engaging with line-of-business owners.”

While IT departments value solutions like Cerby for security, end users appreciate the productivity gains. That alignment has helped with ongoing inroads into industries that rely on both airtight compliance and user-friendly operations, like healthcare, pharmaceuticals and financial services.

“There’s a balance they’re trying to achieve,” Lepe said, “of wanting security but not at the cost of productivity.”

Still, Lepe spoke candidly about the evolving threat landscape. He described it as “fundamentally unfair and very asymmetric,” with defenders needing to be perfect while attackers only need to succeed once.

What’s alarming, he noted, is how quickly malicious actors have embraced generative AI. From phishing schemes powered by AI-written scripts to convincing deepfakes of executives, the threats are evolving at warp speed.

“The attackers have been more adept at adopting these technologies,” Lepe said. “The rate of incorporation on the attacker side has been faster.”

Cerby’s own approach to addressing these dangers lies in combining automation, intelligent policy enforcement, and guardrails for AI systems.

“We’re not going in and saying, ‘This is an expensive seven-figure dollar replacement,’” Lepe said. “We’re saying, ‘For a third to a fifth of what you’re paying your existing identity provider, we can cover that last mile of identity that is completely unprotected today.’”

That last mile includes the long tail of apps often managed directly by departments — tools used for marketing, vendor communications, and remote workflows that fall outside IT’s control but hold sensitive data. Cerby automates identity workflows around these shadow IT resources, using AI judiciously to avoid compromising security.

“This is a very hard problem. It’s existed for two decades. It requires a very unique approach,” Lepe said.

Indeed, Cerby isn’t trying to patch over legacy systems with new tech — it’s redefining how identity should be handled in decentralized, cloud-first environments. Its success hinges not just on technical capabilities but also on how it frames the narrative: Identity is now the first line of defense.

When asked what single piece of advice he’d give to CEOs of banks and credit unions, Lepe didn’t hesitate.

“It’s the tried and true advice that is often given,” he said. “Make it easy to turn on multifactor authentication for your end users. Ninety-nine percent of identity attacks are due to a lack of MFA just being turned on.”

The problem? For most platforms, it’s still too difficult.

“It’s a chore,” he added. “A two- to five-minute task that end users won’t carry out. The easier you make it, the more protected your end users will be.”

Lepe remains cautiously optimistic about the future of AI in cybersecurity. While today’s models can’t yet be trusted to operate independently in secure environments, he’s confident that “whether that’s a year or five years, there’s no question it’ll get there.”

Until then, Cerby is committed to delivering outcomes that are “always deterministic.” In a field where the cost of error is enormous, that level of precision may prove to be the company’s greatest advantage.

As Cerby continues to grow its customer base and technological capabilities, it’s setting a new standard for what identity automation can achieve — secure, seamless and scalable. And in an era when identity is both the target and the shield, that’s exactly what the market needs.

The post Cerby CEO Sounds the Alarm on Banks’ Identity Verification Failures appeared first on PYMNTS.com.