AI-Driven Zero Trust Architecture in Microservice Architectures for Financial Services: A Systematic Literature Review

Abstract

The rapid adoption of cloud-native infrastructure for core banking systems represents a significant paradigm shift that has rendered traditional perimeter-based security models insufficient. The transformation from monolithic architectures to highly distributed microservices has fundamentally weakened the efficiency of traditional perimeter-based security models, creating an urgent necessity for the implementation of Zero Trust Architecture (ZTA). ZTA operates on the principle of “never trust, always verify” without regard to network location. While continuous authentication and real-time contextual authorization are theorized as essential controls, the integration of AI-driven risk scoring for active policy enforcement within microservices remains unexplored. This systematic literature review follows the PRISMA methodology, evaluating 31 peer reviewed publications from major academic databases to analyze the interaction of ZTA, Artificial Intelligence and financial microservices. The primary objectives of this review are to categorize the real-time Artificial Intelligence and Machine Learning (AI/ML) tools and algorithms currently utilized within the ZTA framework, to evaluate the security-performance trade-offs inherent in transactional impositions, and to identify the deployment barriers, including latency, legacy interoperability, and regulatory compliance. Findings reveal that current academic and industrial contributions focus predominantly on isolated, reactive fraud alleviation rather than fully integrated policy engines with empirical evidence. That highlights supervised learning, graph-based neural networks and hybrid scoring models for threat detection. This synthesis culminates in a rubric of lightweight design characteristics optimized for Policy Decision Points (PDP) capable of supporting sub-second transaction flows. Practically, this research provides a framework for financial institutions to embed automated, high speed security controls directly into application programming interfaces (APIs), closing critical gaps necessary for achieving holistic, end-to-end ZTA within the banking sector.