PALM DESERT, Calif.—Credit unions that embrace artificial intelligence over the next five years will significantly outperform those that don’t, predicted Alec Crawford, founder and CEO of Artificial Intelligence Risk, Inc., speaking at the Defense Credit Union Council’s Annual Conference.
But while AI presents unprecedented opportunities to streamline operations, enhance service, and gain new insights, Crawford warned that without careful implementation and strong safeguards, credit unions face serious regulatory, cybersecurity and reputational risks.
In a wide-ranging presentation that outlined how credit unions are already using AI—and how they should be planning to do more—Crawford said AI’s rapid evolution demands a proactive and strategic approach.
“You can't be left behind,” he told attendees at the JW Marriott Desert Springs Resort. “But you also can’t dive in blindly.”
From call center automation and fraud detection to custom member research and document summarization, the tools are advancing faster than most organizations can track. Yet, as powerful as these tools are, Crawford emphasized the dangers, citing examples of AI misuse, deepfake fraud, data leakage, and cybersecurity loopholes that could leave credit unions vulnerable to significant fines—or worse.
The Promise Of AI
Crawford began by highlighting AI’s wide-ranging potential for credit unions. Staff can use AI for knowledge management—instantly answering member questions, drafting content, analyzing member behavior, or generating regulatory reports. Some credit unions have begun analyzing hundreds of thousands of call transcripts to determine why members are reaching out, yielding surprising insights, like discovering 10% of calls were from members who simply “wanted to chat.”
“These tools can help reduce drudge work,” said Crawford. “They free your team to focus on higher-value tasks, like building member relationships or improving products.”
Crawford also pointed out that AI agents—autonomous digital assistants—can handle routine tasks like monitoring news, generating personalized communications, or managing appointment scheduling.
But simply deploying AI tools isn’t enough, Crawford said.
The real challenge isn’t just adopting AI—it’s getting the CU’s teams to adopt it., he explained. Leadership must reassure employees AI is a tool, not a replacement.
The Risks
While the benefits are real, so are the threats. Crawford cautioned that without strong internal policies, employees may unknowingly expose sensitive member data. He shared one example that involved a credit union staffer using a public AI tool to simplify complex member information—unaware the AI’s terms of service meant that data was no longer private. That single misstep could trigger violations of the Gramm-Leach-Bliley Act, with potential fines of $100,000 for the credit union and $10,000 for the individual, he cautioned.
Crawford cited other real-world AI failures:
- A Hong Kong company lost over $18 million after a CFO was deepfaked
- Microsoft’s AI was once tricked into leaking data by hackers embedding code in email summaries
- Some AI resume screeners have been manipulated by candidates embedding prompts in invisible text to game the system
“These aren't hypothetical risks,” Crawford said. “They're happening now. If your AI system doesn’t have safeguards—filters, access controls, threat detection—you could be tomorrow’s cautionary tale.”
A Roadmap For Responsible AI Adoption
To ensure credit unions use AI safely and effectively, Crawford laid out a practical framework built around four pillars: governance, risk management, compliance, and cybersecurity.
Governance: Define what AI is allowed to do—and what it’s not. Determine which departments can use which tools, with which data. A call center bot, for example, shouldn’t have access to financial reporting systems. Least-privilege access is key.
Risk Management: Encrypt everything. Monitor AI prompts for sensitive data. Block unsafe requests in real-time. Install protective layers around AI models to detect malicious activity like prompt injection attacks.
Regulatory Compliance: Comply with applicable laws—starting with the Gramm-Leach-Bliley Act—and align with frameworks like the NIST AI Risk Management Framework. Crawford flagged Colorado as one of the first states to pass an AI-specific law, taking effect in 2026.
Cybersecurity: Treat AI as a new attack surface, said Crawford, recommending keeping AI models inside private firewalls or on-premises environments. If data must leave the firewall—for instance, to connect with CRM platforms like Salesforce—strict use-case-based permissions are essential, he said.
Practical Use Cases For Credit Unions
Crawford offered several examples of how credit unions are already leveraging AI:
- Knowledge Centers: AI systems trained on internal documents can provide staff with instant, accurate answers on everything from mortgage options to password resets
- Call Analysis: By analyzing thousands of calls, credit unions can identify friction points and track sentiment, improving both service and efficiency
- Fraud Detection: AI models can analyze transactions in real-time to flag suspicious behavior, reducing false positives and catching fraud earlier
- Agent Deployment: AI-powered digital assistants can automate routine tasks, from drafting follow-ups to scheduling member appointments
However, Crawford stressed the importance of customization and control.
“You don’t want to rely on public tools that can expose your data or be manipulated by outside actors,” he said. “You want private, customized models running in secure environments that you control.”
Final Word: Don’t Wait
Crawford closed with a stark reminder: ignoring AI is not a strategy.
“AI is not a fad,” he said. “It’s like the Internet in 2000. The credit unions that embrace it responsibly will thrive. The ones that don’t may not be here in five years.”
His advice? Start small but start now. Define clear policies, train teams, choose secure tools, and audit everything. AI can be a game-changer—but only if it’s deployed wisely.
“You need to protect your members, your data, and your reputation,” Crawford concluded. “And you need to start preparing today.”