← Back to Library

FinVault: Benchmarking Financial Agent Safety in Execution-Grounded Environments

Authors: Zhi Yang, Runguo Li, Qiqi Qiang, Jiashun Wang, Fangqi Lou, Mengping Li, Dongpo Cheng, Rui Xu, Heng Lian, Shuo Zhang, Xiaolong Liang, Xiaoming Huang, Zheng Wei, Zhaowei Liu, Xin Guo, Huacan Wang, Ronghao Chen, Liwen Zhang

Published: 2026-01-09

arXiv ID: 2601.07853v1

Added to Library: 2026-01-14 03:00 UTC

Red Teaming

📄 Abstract

Financial agents powered by large language models (LLMs) are increasingly deployed for investment analysis, risk assessment, and automated decision-making, where their abilities to plan, invoke tools, and manipulate mutable state introduce new security risks in high-stakes and highly regulated financial environments. However, existing safety evaluations largely focus on language-model-level content compliance or abstract agent settings, failing to capture execution-grounded risks arising from real operational workflows and state-changing actions. To bridge this gap, we propose FinVault, the first execution-grounded security benchmark for financial agents, comprising 31 regulatory case-driven sandbox scenarios with state-writable databases and explicit compliance constraints, together with 107 real-world vulnerabilities and 963 test cases that systematically cover prompt injection, jailbreaking, financially adapted attacks, as well as benign inputs for false-positive evaluation. Experimental results reveal that existing defense mechanisms remain ineffective in realistic financial agent settings, with average attack success rates (ASR) still reaching up to 50.0\% on state-of-the-art models and remaining non-negligible even for the most robust systems (ASR 6.7\%), highlighting the limited transferability of current safety designs and the need for stronger financial-specific defenses. Our code can be found at https://github.com/aifinlab/FinVault.

🔍 Key Points

  • Introduction of FinVault, a new execution-grounded security benchmark specifically for financial agents, addressing gaps in existing safety evaluations by providing realistic operational scenarios and compliance constraints.
  • The benchmark includes 31 regulatory case-driven scenarios with 107 identified high-risk vulnerabilities and 856 adversarial attack cases that model potential threats to financial agents.
  • Experimental results indicate high attack success rates across evaluated models, demonstrating that existing defense mechanisms are largely ineffective and underscoring the need for tailored security measures in financial contexts.
  • Different categories of attacks, including prompt injections and emotionally manipulative queries, reveal vulnerabilities in agents, with semantic attacks proving to be more successful than technical ones.
  • The findings highlight that current models struggle with semantic-level security, suggesting a need for enhanced training and tuning approaches to incorporate compliance awareness and robust safety measures.

💡 Why This Paper Matters

This paper is significant as it pioneers a systematic approach to evaluate the safety of financial agents operating in real-world environments, where the stakes are high and regulatory compliance is paramount. By exposing vulnerabilities and showcasing the inadequacies of existing defense mechanisms, it catalyzes a necessary shift toward more relevant security benchmarks tailored to the financial domain.

🎯 Why It's Interesting for AI Security Researchers

Researchers in AI security will find this paper compelling because it not only sheds light on the unique risks faced by financial agents powered by large language models but also provides a comprehensive framework for testing and improving their robustness. The focus on execution-grounded environments and real regulatory cases offers valuable insights for developing effective defenses and safety protocols in critically important sectors.

📚 Read the Full Paper

📄 View on arXiv 📎 Download PDF