AI手机助手查银行卡余额, 真的能绕过银行核验吗?
Jin Rong Shi Bao·2025-12-17 01:17

Core Viewpoint - The introduction of the Doubao AI mobile assistant raises questions about its ability to bypass bank app identity verification, highlighting public concerns over the security of AI technology in financial applications [2][4]. Group 1: Technology and Functionality - The Doubao AI mobile assistant operates under a "dual authorization mechanism," requiring users to grant access within the bank app and confirm actions through biometric authentication [3]. - The AI assistant is designed to act as a highly authorized intermediary, similar to a trusted friend, needing explicit user consent to access sensitive information [2][3]. - The system employs end-to-end encryption for data transmission, ensuring that sensitive user information is protected and that the AI cannot store or access raw data [3]. Group 2: Security Concerns and Industry Response - Despite the current lack of significant security issues, the financial system's vulnerability to unauthorized external interventions necessitates cautious risk management [4]. - The Doubao AI assistant has limited its automation capabilities in critical financial scenarios, prompting banks to implement defensive measures, such as requiring users to disable the AI assistant before proceeding with transactions [4]. - The financial industry faces challenges in balancing user privacy, service experience, and the need for robust AI risk management frameworks [4][5]. Group 3: Future Directions and User Awareness - The demand for secure yet innovative financial services should not hinder technological advancements; banks are encouraged to adopt a layered control approach to manage AI-related risks effectively [5][6]. - Financial institutions can establish agreements with AI tool providers to define the scope of services and data transmission standards, ensuring a clear operational boundary [5][6]. - Users are advised to enhance their security awareness by carefully managing third-party access to their financial information and regularly reviewing authorization records [6].