JP Morgan Letter Urges Software Providers to Pump the Brakes

Rapid technological development comes with plenty of opportunities for software to disrupt and revolutionize industries. However, it also comes with serious risks when the development of new products comes at the expense of proper security features and testing. JP Morgan Chase recently published an open letter to its third-party software providers urging them to slow down on product launches and make security a higher priority. The letter states in part:

“We stand at a critical juncture. Providers must urgently reprioritize security, placing it equal to or above launching new products. ‘Secure and resilient by design’ must go beyond slogans—it requires continuous, demonstrable evidence that controls are working effectively, not simply relying on annual compliance checks. Customers should be afforded the benefit of secure by default configurations, transparency to risks, and management of the controls they need to operate safely within a SaaS delivery model. The ecosystem must address trustworthy integration.”

The letter also addresses some of the fundamental risks of software as a service (SaaS), a common delivery model for AI providers. With SaaS a handful of providers often deliver software solutions to the entire market, meaning that risk becomes concentrated. Take, for instance, the CrowdStrike IT outage that left thousands of flights cancelled or delayed last July as the result of a faulty update. A single error from one provider left many of its users reeling and disrupted their ability to meet customer needs. With large AI platforms driving innovation, an outage or security breach could impact entire markets. JP Morgan argues that SaaS providers should focus more on security, even if that means slowing down on new product development.