Banks simultaneously face signature-based fraud (card-not-present attacks, account takeover, ATM cloning) and behavioural financial crime (structuring, layering, mule networks, business email compromise) -- two threat families with fundamentally different detection requirements. Static rule engines that reliably catch brute-force and high-velocity events are structurally blind to business-email-compromise (BEC) payment redirection, session hijacking, and money-laundering layering, which are engineered to appear indistinguishable from legitimate activity at the individual transaction or session level. This paper presents an AI security agent for retail and corporate banking that addresses this gap through a three-component fusion architecture operating on two parallel event streams: a transaction stream (card fraud, ACH/wire fraud, AML categories) and a session stream (account takeover, session hijacking, SIM-swap, insider abuse). Each stream combines an LSTM sequence model capturing per-account behavioural history, a statistical velocity/threshold monitor, and a graph/network module capturing account-counterparty relationship patterns (fan-in, fan-out, pass-through ratio) for money-laundering detection. Experiments on a synthetic event log of 237,669 transactions and 113,508 sessions across 13 threat categories and 3,470 simulated accounts demonstrate overall F1 of 0.787 (transaction stream) and 0.867 (session stream) for the proposed model, versus 0.562/0.733 for a rule-based baseline and 0.655/0.713 for an LSTM-only baseline. The agent includes a customer-facing transaction-verification chatbot (96.6% identity verification accuracy, 86.8% mass-reset attack detection) and an analyst case-summary assistant (99.3% action-recommendation F1), with Critical-tier automated response latency under 0.43 ms at the 95th percentile.

翻译：银行同时面临基于签名的欺诈（无卡攻击、账户接管、ATM克隆）和行为金融犯罪（结构化交易、分层洗钱、钱骡网络、商业电子邮件欺诈）——这两类威胁族系具有根本不同的检测需求。能够可靠捕获暴力攻击和高频事件的静态规则引擎，在本质上对商业电子邮件欺诈（BEC）支付重定向、会话劫持和洗钱分层行为存在结构性盲区，因为这些行为在单笔交易或单次会话层面被设计得与合法活动难以区分。本文提出一种面向零售和公司银行业务的AI安全代理，通过基于两条并行事件流的三组件融合架构解决上述问题：交易流（包括卡欺诈、ACH/电汇欺诈、反洗钱类别）和会话流（包括账户接管、会话劫持、SIM卡更换、内部滥用）。每条事件流联合使用三个模块：捕获每账户行为历史的LSTM序列模型、统计速度/阈值监控器，以及捕获账户-对手方关系模式（扇入、扇出、穿透率）用于洗钱检测的图/网络模块。在涵盖13个威胁类别、3,470个模拟账户的237,669笔交易和113,508次会话的合成事件日志上进行的实验表明，所提模型的交易流总体F1值为0.787、会话流为0.867，而基于规则的基线方法分别为0.562/0.733，仅用LSTM的基线方法分别为0.655/0.713。该代理包含面向客户的交易验证聊天机器人（身份验证准确率96.6%，大规模重置攻击检测率86.8%）和分析师案例摘要助手（操作建议F1值99.3%），关键级别自动响应延迟在95分位点低于0.43毫秒。