The SEC's Consolidated Audit Trail collects personal information on every person who trades securities in the United States. Names, addresses, every trade across every brokerage account, including IRAs and 401(k)s. It does this regardless of whether the individual has ever been suspected of wrongdoing.
The American Securities Association calls it "the single largest concentration of investor data in American history." And on April 15, 2026, ahead of a House Financial Services Committee hearing on protecting investors from fraud, they made their position explicit: immediately suspend all collection and retention of retail investor personal and financial information.
Their reasoning is straightforward. In a world where AI can discover thousands of critical vulnerabilities faster than anyone can patch them, centralizing sensitive data is not a security strategy. It is an invitation.
The Architecture
The Consolidated Audit Trail was born from necessity. After the 2010 Flash Crash erased nearly $1 trillion in market value in 36 minutes, the SEC needed a way to trace what happened across fragmented markets. The rule was proposed in 2010, adopted in 2012, the plan approved in 2016, and implementation phased in between 2018 and 2024.
CAT has two components. The transaction database tracks anonymized trading data across markets. It has been fully operational since 2021 and, by most accounts, works. Regulators can trace trading activity across brokers and venues without knowing who placed the trades.
The second component is the customer database. This is where the problem lives. Starting in 2022, the SEC began requiring broker-dealers to submit personal information on every investor with a securities account. Not just active traders. Not just suspects. Everyone. The goal was speed: instead of requesting investor data after identifying suspicious activity (the old "Blue Sheets" process), regulators would have it pre-loaded and searchable. It is the same pattern that created the IDMerit honeypot problem: systematic concentration of identity data mandated by regulation, centralized in a single repository that becomes the highest-value target on the network.
The SEC itself recognized the risk early. In 2020, it granted exemptive relief pulling Social Security numbers, account numbers, and dates of birth out of the CAT. Names and addresses stayed.
The Catalyst
On April 7, 2026, Anthropic's Claude Mythos model identified thousands of high-severity vulnerabilities across every major operating system and web browser. Some had gone undetected for decades: a 27-year-old flaw in OpenBSD, a 16-year-old vulnerability in FFmpeg. Over 99% remain unpatched. This was not without precedent; Anthropic's own safety report had already documented Claude Opus 4.6 discovering zero-days autonomously, but Mythos operated at a scale that moved the conversation from theoretical to urgent.
Three days later, Treasury Secretary Bessent and Fed Chair Powell convened an emergency meeting with the CEOs of Citigroup, Morgan Stanley, Bank of America, Wells Fargo, and Goldman Sachs to discuss the implications.
The ASA moved quickly. A separate statement urged Secretary Bessent to end CAT's collection of American investor personal information specifically in the wake of the Mythos revelations. Their argument: if AI-powered tools can find vulnerabilities faster than organizations can remediate them, then any centralized repository of sensitive data is operating on borrowed time.
CrowdStrike's 2026 Global Threat Report supports the threat model. AI-assisted cyberattacks increased 89% year-over-year. Shane Fry, CTO of RunSafe Security, put it bluntly: "Vulnerability discovery is outpacing patching."
Where the Assumptions Break
The CAT's architecture rests on a 2010 assumption: that centralized data collection is net positive because security teams can protect what they collect. The customer database exists because pre-loading investor data is faster than requesting it after the fact. The incremental speed benefit justifies universal collection.
That assumption made sense when the primary threats were opportunistic phishing campaigns and brute-force attacks. It does not survive contact with adversaries who have compressed the attack window to seconds and can discover and chain zero-days at scale.
FINRA's own president, Robert Cook, has said as much. In January 2025, he called for ending the prospective, systematic collection of retail investor personal information, arguing that "cybersecurity threats have continued to evolve, become more sophisticated, and proliferate, thereby exacerbating the risks of collecting more personal data than is necessary to achieve the relevant regulatory objectives."
His proposed alternative is a return to the Blue Sheets model: regulators request specific investor data from broker-dealers only after identifying suspicious activity. The transaction database, which contains no personal information, would continue operating normally for market surveillance.
This is zero-trust architecture applied to financial regulation. Don't pre-stage data you might need. Request it on demand, from the source, with proper justification.
A Legal Doctrine Taking Shape
The ASA's position is legally novel. They are not suing after a breach. They are arguing that the probability of a future breach, amplified by AI capabilities, makes the act of collection itself an unacceptable risk. The remedy they seek is not compensation or improved security. It is deletion.
They are not alone in this framing.
ASA and Citadel Securities have a pending challenge in the Eleventh Circuit calling the CAT "a massive, unprecedented government surveillance system." A Morning Consult poll found 72% of investors oppose the CAT's personal data collection, with 76% favoring an opt-out provision.
Meanwhile, the broader legal landscape is converging on the same logic. California's Delete Act created a centralized deletion mechanism requiring all registered data brokers to process deletion requests through a single platform, operational since January 1, 2026. State attorneys general are pursuing remedies that include not just fines but deletion of data and unwinding of algorithms trained on improperly collected information. Nearly 4,000 data privacy cases were filed in 2024, up from approximately 200 the prior year.
These developments are happening in parallel across financial regulation, consumer privacy law, and cybersecurity litigation. They share the same structural logic: don't collect what you can't protect.
There Is a Third Option
Deletion is the most aggressive response to this risk. But it is not the only structural answer.
At Capital One Software, I worked on a product called Databolt that approached this problem from a different direction: instead of debating whether to collect sensitive data, protect it so granularly that a breach does not yield anything useful.
Field-level tokenization replaces individual sensitive values, names, account numbers, addresses, with tokens that are meaningless outside the specific system context. Unlike traditional encryption, which protects data as a single layer in transit or at rest, field-level tokenization means an attacker who compromises a database does not get plaintext. They get tokens. To reverse those tokens back to usable information, they would need to independently compromise entirely separate systems, each protecting different elements of the tokenization chain.
The goal is to make data breaches functionally obsolete. Not by preventing unauthorized access (no system is impenetrable), but by ensuring that what an attacker finds is useless without access to a chain of systems they would need to compromise independently. This matters more now that ransomware groups have pivoted from encryption to pure data exfiltration: if the stolen data is tokenized, the leverage disappears.
Applied to the CAT, field-level tokenization would mean the customer database could exist without storing investor names and addresses in plaintext. Regulators could still link trading activity to individuals when operationally justified, but the centralized repository would no longer be a single point of catastrophic failure. A breach of the CAT would produce millions of tokens that resolve to nothing.
This is why the "collect or delete" framing misses a critical option. Data minimization and field-level protection are complementary strategies. Minimize what you collect. And make what you must retain worthless to anyone who steals it.
The Question Every Organization Should Be Asking
The ASA's argument extends beyond the SEC.
If AI-driven threats make any large data repository a potential target, and if vulnerability discovery consistently outpaces remediation, then every organization holding data it does not strictly need faces the same risk calculus. The question is no longer whether your security is good enough. It is whether holding the data at all creates a liability that no amount of security can offset.
This is uncomfortable for any organization built around data accumulation. Enterprise data warehouses, customer analytics platforms, historical records retention policies: they all assume that more data is better because it enables better decision-making, compliance, or analytics. Storage is cheap. Deletion feels like permanent information loss.
But the ASA is forcing a different calculation: the cost of holding data now includes the probability-weighted cost of that data being compromised by adversaries whose capabilities are accelerating faster than defenders can respond.
The practical starting point is an audit. What data do we hold that we don't operationally need? Delete it. What data must we retain? Protect it at the field level so a breach yields nothing actionable. What would we lose by fundamentally changing how we store what remains? Probably less than we think.
The ASA's argument may or may not prevail in the Eleventh Circuit. But the underlying logic, that collection itself is a risk requiring justification, is already becoming the default position in privacy law and cybersecurity governance. Organizations that get ahead of it, by minimizing what they collect and protecting what they keep, will have the advantage when it becomes the standard everyone else is scrambling to meet.
