T-Bank Uses Offensive AI to Test Its Own Infrastructure
T-Bank used its internally developed offensive AI system, Nulla, to test the resilience of its own infrastructure against cyberattacks. The bank began developing the platform in spring 2025. AI agents searched for vulnerabilities and simulated hacker behavior without human involvement. They analyzed roughly 1,300 services across the company’s ecosystem. Testing a single service took about 45 minutes instead of the two to three days typically required for a manual audit. According to the bank, this marks the first known case in Russia of offensive AI being used to test a company’s own infrastructure.
T-Bank, one of the world’s largest digital banks and the core of the T-Tekhnologii ecosystem with 55 million customers, demonstrated a shift from traditional penetration testing toward automated security validation.
Artificial intelligence is increasingly being used for controlled attack simulation. Wider adoption of these methods could reduce the risks of data leaks, fraudulent transactions and service outages.
The project illustrates how cybersecurity technologies are evolving in the financial sector. Russian companies are being forced to defend large digital ecosystems amid growing cyberattacks and a shortage of cybersecurity professionals. Automating traditional penetration testing allows organizations to identify vulnerabilities faster while reducing dependence on manual reviews. The T-Bank initiative also aligns with a broader global technology trend as interest grows around LLM agents, virtual AI-based employees, and AI-driven vulnerability discovery tools.
Testing Faster and More Frequently
For T-Bank, Nulla extends a broader line of AI-powered cybersecurity tools that began after the bank introduced Safeliner, a system designed to identify vulnerabilities in software code. The company is now building an end-to-end chain that spans from code validation to automated incident response.
Systems like these could eventually become standard infrastructure for large digital ecosystems, including banks, marketplaces, telecom operators, industrial companies and government platforms. Traditional penetration testing is performed periodically, while infrastructure changes daily. AI agents, by contrast, can test services faster and more frequently. According to ComNews, roughly 60% of Russian companies currently have high-severity or critical vulnerabilities, while demand for security testing is growing by about 30% annually.
Russian cybersecurity products have traditionally carried export potential. For this category of technology, however, trust, certification and regulatory compliance become especially important. Commercializing offensive AI systems requires strict oversight.
A Systemic Shift Toward AI-Driven Defense
In 2024, Tinkoff launched its corporate DataGuard program, expanding internal searches for security weaknesses. Employees across the group were allowed to report vulnerabilities in exchange for financial rewards. The bank had already been offering payments for vulnerability disclosures and has paid more than 25 million rubles (about $329,000) to white-hat hackers. Around the same time, Positive Technologies outlined the risks tied to the use of AI in cyberattacks. AI systems can help attackers gather intelligence and exploit vulnerabilities. As a result, defenders increasingly need to use AI not only for defense, but also for attack simulation.
In 2025, T-Bank introduced the Safeliner AI assistant for vulnerability detection and remediation. Operating inside the company’s internal infrastructure, the system saves the group more than 1 billion rubles annually (about $13 million). That same year, T-Tekhnologii launched a cyber-testing program on the Standoff Bug Bounty platform focused on validating scenarios involving critical impacts on business processes.
By 2026, AI had become an integrated part of the bank’s cyber defense architecture. The technology independently processes around 30% of information security incidents and neutralizes up to 86% of phishing attacks. During 2025 alone, the company repelled more than 400,000 cyberattacks. Nulla continues that broader strategy of using AI to protect digital assets from cyber threats.
Closing Security Gaps Before Attacks Happen
Russian fintech companies are moving toward a new cybersecurity model. Instead of simply defending against attacks, they are using AI to simulate adversary behavior and close vulnerabilities before they can be exploited. The figures disclosed by the bank – 1,300 tested services, 45 minutes per service and an estimated economic effect of around 100 million rubles (about $1.3 million) – point to the scale of the initiative. That scale matters particularly for large digital ecosystems where outages can affect millions of users.
Over the next several years, analysts expect growing interest in AI-assisted penetration testing, automated red team systems and continuous security validation across Russia’s cybersecurity market. Such products are increasingly needed by banks, telecom operators, industrial enterprises, marketplaces and operators of critical information infrastructure.
