Fintech & PaymentsTool MisuseChatbotMedium

Hello Digit fined $2.7M for faulty automated savings algorithm

The CFPB penalized Hello Digit for deploying an automated savings tool that caused overdrafts, despite a no-overdraft guarantee. The agency ordered a civil penalty of $2.7 million and required redress to affected consumers; it also alleged that the company kept interest earned on consumer funds.

Hello Digit, LLC · Incident Aug 10, 2022 · Indexed Jun 5, 2026 · 3 sources

The algorithm routinely triggered overdrafts while the company guaranteed it would never transfer more than a user could afford.

Key facts

What
The CFPB penalized Hello Digit for deploying an automated savings tool that caused overdrafts, despite a no-overdraft guarantee.
Incident date
Aug 10, 2022
Who
Hello Digit, LLC
Failure mode
Tool Misuse
AI surface
Chatbot
Severity
Medium

What happened

The CFPB found that Hello Digit's automated-savings tool routinely caused consumers' checking accounts to overdraft, despite the company's no-overdraft guarantee. The regulator ordered a $2.7 million civil penalty and redress to affected consumers. The agency also alleged that the company retained interest earned on consumer funds.

What broke inside the model

Failure path · mode profile · Tool Misuse
  1. 01 · TriggerThe agent selects the correct tool.
  2. 02 · Model stepIt fills the call with the wrong arguments.
  3. 03 · Control gapNo validation checks the arguments first.
  4. 04 · FailureThe tool runs against the wrong target.
  5. 05 · ConsequenceThe wrong record, account, or system is hit.

At the tool call, the arguments point at the wrong target.

The proprietary algorithm used to calculate auto-saves failed to accurately determine the funds available in a consumer's account, causing transfers that exceeded balances and contradicting the stated safety constraints.

What it cost

Public visibilityHigh
Regulatory exposureActive
Customer impactMany customers
Financial impactDisclosed
Time to disclosureHours

Sources

  1. PrimaryHello Digit, LLC | Consumer Financial Protection Bureauconsumerfinance.gov
  2. PressCFPB fines fintech Digit $2.7M over 'faulty algorithm' overdraftbankingdive.com
  3. PressHello Digit fined $2.7m after algo caused customers overdraft feesfinextra.com

Cite this entry

Permalinkhttps://failureindex.ai/failures/hello-digit-fined-faulty-automated-savings
CitationAI Failure Index. "Hello Digit fined $2.7M for faulty automated savings algorithm" (FI-0221). Realm Labs. https://failureindex.ai/failures/hello-digit-fined-faulty-automated-savings (indexed Jun 5, 2026).
Share cardA branded image of this record for posts and slides.

Data fields CC-BY 4.0, prose citation permitted. Incident ID FI-0221. Full dataset at /data.

Note from Realm Labs, the Index steward

How Realm would have caught this

Controls for this failure mode
  • OmniGuard
  • AgentRealm

Realm can inspect a tool call against the user's actual intent before it runs, and hold calls whose arguments or target do not match what was asked, so the wrong tool or the wrong arguments never reach the system of record.

Book a Demo

Related failures

Other records that share this failure mode (Tool Misuse) or industry (Fintech & Payments).

FI-0304Public SectorHigh
Tool Misuse

U.S. immigration AI screening triggers spike in visa denials and RFEs

U.S. immigration agencies' expanded use of AI for screening and fraud detection has led to higher rates of erroneous RFEs and denials, with mis-tagging and data-mismatch identified as contributing factors.

Confidence
Medium (multi-source)
U.S. immigration agencies (USCIS / DHS / State Department)2 sourcesPressPublicApr 2026
FI-0297Fintech & PaymentsHigh
Hallucination

Upstart Model 22 miscalibration and CFPB terminates no-action letter

Upstart disclosed calibration problems with its Model 22 in April 2026, triggering investor scrutiny and legal activity, while the CFPB had terminated its no-action letter for Upstart in 2022, forming the basis for heightened regulatory exposure.

Confidence
High (multi-source, primary)
Upstart Holdings, Inc.3 sourcesPrimaryPublicApr 2026
FI-0570SaaSHigh
Tool Misuse

Anthropic Model Context Protocol vulnerability exposes 200,000 AI servers to RCE

A systemic command injection vulnerability was discovered in Anthropic's Model Context Protocol (MCP). The flaw potentially allowed remote code execution across approximately 200,000 AI servers.

Confidence
High (multi-source, primary)
Anthropic3 sourcesPrimaryPublicApr 2026