The $12.5 trillion investment giant is racing to embed cybersecurity at every layer of its AI stack, and it’s betting on quantum computing, LLM juries, and anomaly detection to stay ahead of the bad actors.
As artificial intelligence reshapes financial services, Vanguard’s Chief Information Officer, Nitin Tandon, is clear-eyed about the risks it entails. Speaking at a media briefing in Hyderabad, Tandon revealed that the firm follows a Secure Software Development Lifecycle (Secure SDLC) model, meaning security controls are baked into the AI development pipeline rather than bolted on afterward.
Managing Director and Chief Human Resources Officer,
Vanguard
“As you build AI into the workflows, we are also making sure that our security controls are enhanced,” said Nitin Tandon Managing Director and Chief Information Officer, Vanguard noting that protections span the entire development lifecycle. With models and APIs dramatically expanding the attack surface, this architecture-first approach is central to how Vanguard thinks about responsible AI deployment.
Managing Director and Chief Information Officer,
Vanguard
Speed as a Weapon: Using AI to Hunt Its Own Vulnerabilities
One of the more striking revelations from the briefing: Vanguard is actively using AI models to find security vulnerabilities before malicious actors can exploit them. Tandon described the firm testing whether models could accelerate threat-detection scanning for weaknesses at a speed no human team could match.
“The enhanced capability of models is the speed of detection of vulnerabilities,” he said. “We are testing ourselves, can we find those vulnerabilities faster? And then how do we address them before bad actors do?”
This offensive-defensive dual use of AI is increasingly common in enterprise security circles, but Vanguard’s explicit integration of this into workflow design signals a mature, proactive posture.
Anomaly Detection and the Fraud-Cyber Nexus
Beyond vulnerability scanning, Vanguard is deploying AI for real-time anomaly detection in its operational environment — a capability that sits at the intersection of cybersecurity and fraud prevention. Unusual patterns in the environment, which could signal an intrusion or a bad actor, are automatically flagged by AI-powered monitoring.
Cyber and fraud emerged as two of Vanguard’s four top-priority AI investment areas for the year, alongside new client products and developer copilots — underscoring just how central defensive AI has become to the firm’s broader strategy.
Preparing for Tomorrow’s Threat: Quantum-Safe Cryptography
Perhaps most forward-looking was Tandon’s disclosure on quantum computing. Vanguard is already working on post-quantum cryptography, building quantum-safe algorithms and ensuring its network perimeter and security protocols are resilient to the potential to break encryption posed by future quantum machines.
“Building quantum-safe algorithms, making sure all our protocols are quantum-safe — that’s something we are actively working on as we speak,” Tandon confirmed. The firm has also partnered with IBM to explore the offensive potential of quantum for portfolio optimization, a glimpse into how leading financial institutions are treating quantum not just as a threat but as a capability to harness.
Vanguard India, based in Hyderabad, serves as the firm’s global technology hub for data, digital innovation, and cybersecurity, and is expected to scale to 2,400 employees by 2029.