Posted on

When AI Acts Alone: Rethinking Cyber Resilience in the Age of Autonomy

As we navigate the rapidly evolving landscape of financial technology, one development stands out as both a powerful defensive tool and a potential source of new vulnerabilities: Agentic AI. Unlike traditional AI systems that simply respond to commands, agentic AI can autonomously make decisions, learn from experiences, and take independent actions to protect financial systems.

The Cybersecurity Revolution in Financial Services

The financial sector has always been at the forefront of cybersecurity innovation out of necessity. With financial institutions managing trillions in assets and processing billions of transactions daily, they remain prime targets for increasingly sophisticated cyber threats. A successful attack can result not only in financial losses but also in devastating reputational damage and regulatory consequences.

Traditional cybersecurity approaches in finance have relied on rule-based systems, manual monitoring, and reactive measures. While these have served as a foundation, they increasingly struggle to keep pace with the volume, velocity, and sophistication of modern cyber threats. This is where agentic AI is creating a paradigm shift in how we approach cybersecurity.

According to recent research, 75% of financial firms surveyed by the Bank of England in 2024 reported already using AI in some capacity, with cybersecurity being one of the primary applications. This adoption is accelerating, with 76% of financial organizations planning to implement agentic AI systems within the next 12 months.

How Agentic AI Is Transforming Financial Cybersecurity

Agentic AI represents a fundamental evolution from earlier AI implementations. While traditional AI agents might perform specific tasks like monitoring network traffic or flagging suspicious emails, agentic AI systems can autonomously detect threats, make decisions about how to respond, and take protective actions with minimal human intervention.

Real-time Threat Detection and Response

One of the most powerful applications of agentic AI in financial cybersecurity is its ability to provide continuous, real-time monitoring of systems for suspicious activities. These systems process vast amounts of data, identifying patterns and anomalies that would be impossible for human teams to detect.

For example, JPMorgan Chase, has implemented agentic AI systems that can detect unusual transaction patterns across millions of accounts simultaneously. These systems don’t just flag potential issues — they can take immediate action to prevent fraud, such as temporarily freezing suspicious transactions until they can be verified.

Automated Risk Assessment

Agentic AI is transforming how financial institutions evaluate potential vulnerabilities across their networks and applications. These systems can continuously scan for weaknesses, prioritize responses based on severity and potential impact, and dynamically adjust security protocols in response to emerging threats.

Citigroup has established an AI governance board that actively reviews AI-driven decisions for fairness and bias mitigation, ensuring that automated risk assessments remain accurate and unbiased. This approach allows for more comprehensive security coverage while reducing the burden on human security teams.

Predictive Analytics and Proactive Defense

Perhaps the most significant advantage of agentic AI in cybersecurity is its ability to move from reactive to proactive defense. By analyzing patterns and historical data, these systems can anticipate potential attack vectors and strengthen defenses before attacks occur.

Barclays has adopted a human-in-the-loop model for its AI-driven security systems, where AI predictions about potential threats are reviewed by security experts before major defensive actions are taken. This hybrid approach combines the speed and pattern recognition capabilities of AI with human judgment and contextual understanding.

Multi-Agent Cybersecurity Ecosystems

Advanced financial institutions are now deploying entire ecosystems of specialized AI agents that work together to protect their systems. One AI agent might focus on threat detection, another on incident response, while a third engages in predictive analysis of potential future threats.

This collaborative approach mirrors how human security teams operate but at a scale and speed that would be impossible for human analysts alone. For instance, a leading financial institution implemented a multi-agent system with specialized components:

  • Data Sources Agent: Collects information from network traffic, logs, and threat feeds
  • User Behavior Analysis Agent: Monitors for abnormal user behavior
  • Threat Intelligence Agent: Gathers information on emerging cyber threats
  • Incident Response Strategy Agent: Develops response plans for detected threats

The result was a significant reduction in fraud losses and enhanced protection for millions of daily transactions.

New Challenges in the Age of Agentic AI

While agentic AI offers powerful new defensive capabilities, it also introduces new challenges and potential vulnerabilities that financial institutions must address.

The Shadow AI Problem

A phenomenon called “shadow AI”—the unsanctioned use of AI tools by employees within organizations—is emerging as a significant security concern. Much like shadow IT, this refers to employees using public AI models for data analysis or AI-powered coding assistants without proper vetting.

Financial institutions must be particularly vigilant about this risk, as employees might inadvertently input sensitive financial data into public AI models, potentially exposing confidential information. According to IBM addressing these risks requires “a mix of clear governance policies, comprehensive workforce training, and diligent detection and response.”

New Attack Surfaces

The interconnected nature of agentic AI systems introduces new vulnerabilities that cybercriminals are already attempting to exploit. As Nicole Carignan, VP of strategic cyber AI at Darktrace, points out, “multi-agent AI systems, while offering unparalleled efficiency for complex tasks, will introduce vulnerabilities such as data breaches, prompt injections, and data privacy risks.”

Financial institutions must recognize that their AI systems themselves can become targets of attacks, requiring new approaches to securing these critical components of their cybersecurity infrastructure.

Accountability and Transparency Challenges

As AI agents become more autonomous in their decision-making, questions about accountability and control become increasingly important. The “black box” nature of some AI systems makes it difficult to explain their decisions to regulators, customers, or internal auditors.

Paul Davis, CEO of Bank Slate, emphasizes that “human oversight is still needed to oversee inputs and review the decisioning process. You have to monitor for AI’s blind spots in areas such as risk assessment and crisis management.”

Building Cyber Resilience with Agentic AI

Despite these challenges, financial institutions can take specific steps to harness the power of agentic AI while building robust cyber resilience.

Establishing Robust AI Governance

Financial institutions leading in this space have established comprehensive governance frameworks for their AI systems. JPMorgan Chase and HSBC have appointed Chief AI Risk Officers to oversee responsible AI usage, while Citigroup’s AI governance board actively reviews AI-driven decisions.

These governance structures ensure that while AI systems can operate autonomously, proper oversight mechanisms, accountability frameworks, and transparency requirements are in place. This approach aligns with the EU AI Act, which categorizes AI systems into different risk levels and establishes governance requirements accordingly.

Implementing Human-in-the-Loop Models

The most effective implementations of agentic AI in financial cybersecurity maintain a balance between automation and human oversight. Barclays’ approach of keeping humans involved in reviewing AI-generated security recommendations before major actions are taken represents a thoughtful middle ground.

Continuous Learning and Adaptation

The most resilient cybersecurity systems combine the strengths of both AI and human intelligence in a continuous learning loop. AI systems detect patterns and anomalies at scale, while human experts provide context, judgment, and strategic direction.

This hybrid approach allows financial institutions to respond to emerging threats more effectively than either AI or human teams could accomplish alone. As threats evolve, both the AI systems and human teams learn and adapt together, creating a continuously improving security posture.

The Future of Financial Cybersecurity

Looking ahead to 2026 and beyond, several trends will shape how agentic AI continues to transform cybersecurity in financial services.

From Chatbots to Autonomous Agents

We’re seeing a clear trend away from simple chatbot interfaces towards more sophisticated, autonomous AI agents in security operations. These agents will be capable of not just detecting threats but also responding to them in real-time, often without human intervention.

This shift will raise important questions about accountability and control that financial institutions must address proactively. As these AI agents become more autonomous, ensuring their decision-making processes are transparent, auditable, and aligned with organizational policies will be essential.

AI in Software Security

By 2027, at least 80% of developers in financial organizations will be using AI-powered coding tools in some capacity. While these tools can significantly speed up development and help identify bugs, they also introduce new security considerations.

Software developers will need to be vigilant about potential biases or errors introduced by AI coding assistants, as well as the possibility of cyber attacks targeting these AI systems themselves. Implementing a “trust and verify” approach to AI-generated code will be critical for maintaining security.

Evolving Regulatory Landscape

As agentic AI becomes more prevalent in financial cybersecurity, regulatory frameworks will continue to evolve. The EU AI Act represents just the beginning of what will likely be a comprehensive regulatory approach to AI in financial services.

Financial institutions should prepare for increased scrutiny of their AI systems, particularly those used for cybersecurity. Demonstrating responsible AI usage, maintaining appropriate human oversight, and ensuring transparency in AI decision-making will be key to regulatory compliance.

Conclusion

Agentic AI represents both the next frontier in cybersecurity defense and a new domain of potential vulnerability for financial institutions. Its ability to autonomously detect threats, make decisions, and take protective actions offers unprecedented capabilities for defending against increasingly sophisticated cyber attacks.

However, realizing these benefits requires thoughtful implementation, robust governance, and a balanced approach that combines the strengths of AI and human expertise. Financial institutions that get this balance right will not only enhance their security posture but also build greater trust with customers and regulators.

As we prepare for the Point Zero Forum rum 2025, cybersecurity and the role of agentic AI will undoubtedly be central to our discussions about the future of financial services. The forum’s focus on establishing resilient policies, infrastructure, and innovation aligns perfectly with the cybersecurity challenges and opportunities presented by agentic AI.

Remember that building cyber resilience is not a destination but a journey—one that requires continuous adaptation, learning, and collaboration across the financial ecosystem. As I often say, “We are at the beginning of a marathon. It’s not a sprint.” The most successful institutions will be those that approach agentic AI in cybersecurity with both enthusiasm for its potential and thoughtfulness about its implementation.

I look forward to continuing this conversation at the Point Zero Forum in Zurich and exploring how we can collectively harness the power of agentic AI to build a more secure and resilient financial system.

Oliver Bussmann is a global technology thought leader and ambassador to the Point Zero Forum. With extensive experience as a former Group CIO at UBS and SAP, he advises financial institutions on digital transformation strategies and emerging technologies.

Please note that this newsletter reflects Bussmann Advisory’s and Oliver Bussmann’s personal views and not those of any organization we are involved with. This newsletter is for educational purposes only and none of its content should be construed as investment or financial advice of any kind. More information on www.bussmannadvisory.com.

Image Credits: OpenAI

Posted on

State of the Union: Agentic AI in Financial Services

As we approach the Point Zero Forum 2025 in Zurich, I find myself reflecting on how agentic AI is fundamentally reshaping the financial services landscape. This isn’t just another incremental technological advancement – it represents a paradigm shift that’s transforming how financial institutions operate, serve customers, and manage risk.

The Dawn of Autonomous Financial Systems

The financial sector has entered a new phase in its AI journey: from passive assistance to active agency. While traditional AI systems have operated within predefined constraints—retrieving data, summarizing reports, streamlining workflows—agentic AI moves beyond these functions to plan, execute, and adapt complex tasks with minimal human intervention.

What distinguishes agentic AI is its powerful combination of autonomy, adaptability, and coordination capabilities. These systems can make independent decisions, learn from feedback loops, and interact with other AI agents to execute comprehensive workflows. The global market for agentic AI in financial services is projected to grow at an impressive rate of over 40% annually, potentially reaching $80 billion by 2034.

According to Citi’s latest research, references to agentic AI by BigTech in corporate documents and press articles increased 17x in 2024 and are expected to go parabolic in 2025. This signals a significant shift in the industry’s focus and investment priorities.

As financial institutions face increasing pressure to optimize operations, reduce costs, and deliver personalized services at scale, agentic AI offers a powerful solution for automating processes while maintaining accuracy and compliance.

Real-World Applications Transforming Financial Services

The practical applications of agentic AI across financial services are diverse and already delivering tangible results:

Wealth Management & Retail Banking

Investment firms like JPMorgan Chase are deploying AI agents to autonomously monitor markets, detect non-obvious correlations, and optimize portfolio allocations. These systems provide adaptive financial advice, real-time savings goal optimization, and personalized investment portfolios.

HSBC’s “Amy” has moved beyond simple customer service to provide more nuanced financial assistance.

For retail customers, virtual financial assistants and tax planning agents are becoming increasingly sophisticated, with Capital One ranking second in “AI maturity” according to Evident AI’s 2024 index, demonstrating how traditional banks are embracing this technology.

Corporate & Institutional Banking

In corporate banking, agentic AI enables custom lending offers, optimized loan structures, and dynamic pricing models. Financial planning agents and adaptive tax planning systems help institutional clients navigate complex financial landscapes.

Royal Bank of Canada, is leveraging agentic AI to provide custom research insights and real-time market alerts to institutional investors, giving them a competitive edge in fast-moving markets.

Risk & Compliance

Perhaps most critically, agentic AI is transforming risk management and compliance. Self-learning systems continuously refine fraud detection strategies, identifying new fraud techniques as they emerge. These systems can autonomously assess loans, using local data to evaluate risk without direct human involvement.

Citigroup has established an AI governance board that actively reviews AI-driven decisions for fairness and bias mitigation, while Barclays has adopted a human-in-the-loop model for AI-driven loan approvals to maintain compliance with regulatory standards.

In compliance, agentic AI refines risk assessments in real-time, dynamically responding to emerging threats and anomalies. This capability is particularly valuable in an era of rapidly evolving regulatory requirements and sophisticated financial crimes.

Operational Efficiency

Behind the scenes, agentic AI systems automate routine tasks with context-aware workflows, streamline complex operations, and handle invoice processing and reconciliations. The technology leverages advanced language models to analyze situations, determine appropriate actions, learn from outcomes, execute complex processes, and adapt strategies based on changing conditions in real-time.

Fintech companies like Covecta have demonstrated how agentic AI can handle lending and credit underwriting autonomously, reducing processing times by 80%. Meanwhile, digital-first banks like Revolut and Nubank are experimenting with fully AI-driven operational models, setting the stage for a new banking framework.

The Adoption Landscape: Progress and Challenges

The financial services industry is embracing agentic AI at an unprecedented rate. According to a Bank of England survey in 2024, 75% of financial firms reported already using AI, with an additional 10% planning to adopt it within the next three years.

A recent SS&C Blue Prism survey revealed even more ambitious adoption plans, with 87% of organizations actively deploying new AI technologies, 94% considering AI core to their entire business operations, and 76% planning to implement agentic AI systems within 12 months.

However, this rapid adoption isn’t without challenges. The same survey found that 74% of respondents face difficulties in adopting the latest AI technology, with around one-third citing security and compliance concerns, 36% concerned about employee skills, 34% worried about employee fear of losing jobs, and 33% facing technology integration requirements.

Moreover, some reports suggest that as high as 85% of AI initiatives fail, underscoring the gap between AI’s promise and its practical application in enterprise environments.

The Regulatory Landscape

As agentic AI adoption accelerates, regulatory frameworks are evolving to address the unique challenges these systems present. The EU AI Act represents a significant step in this direction, categorizing AI systems into different risk levels and establishing governance requirements.

Agentic AI’s autonomy and potential to operate with minimal human intervention raise unique regulatory challenges. The EU approach focuses on ensuring that while these systems can operate autonomously, proper oversight mechanisms, accountability frameworks, and transparency requirements are in place.

Financial institutions are responding by establishing robust AI governance structures. JPMorgan Chase and HSBC have appointed Chief AI Risk Officers to oversee responsible AI usage, while Citigroup’s AI governance board actively reviews AI-driven decisions for fairness and bias mitigation.

Point Zero Forum 2025: Addressing the Future of Finance

The upcoming Point Zero Forum in Zurich (May 5-7, 2025) will serve as a critical platform for discussing these developments and their implications. As an ambassador to this prestigious event, I’m particularly excited about the dialogue that will unfold around agentic AI and other transformative technologies.

The Forum will bring together over 2,000 of the world’s leading policymakers, central bankers, regulators, and industry experts to tackle pressing challenges in the financial ecosystem. One of the key questions guiding the 2025 dialogue will be: “Will Agentic AI-driven intelligent systems redefine industrial productivity and unlock new frontiers of innovation?”

The Forum will address two primary themes:

  1. The impact of geopolitics and macroeconomics on technology in financial services, exploring the state of adoption for distributed ledger technology, artificial intelligence, green tech, and wealth tech.
  2. The path to Europe’s digital sovereignty, focusing on establishing resilient policies, infrastructure, and innovation while addressing demographic challenges.

Looking Forward: Challenges and Opportunities

While the potential of agentic AI is immense, significant challenges remain. Financial institutions must navigate concerns around trust, data privacy, cybersecurity, and regulatory compliance. The technology raises questions about job displacement and algorithmic bias that must be addressed thoughtfully.

From my perspective, having worked at the intersection of technology and finance for decades, I see three critical success factors for organizations looking to harness agentic AI:

  1. People-centered transformation: As I’ve often said, “The most important asset that you have is your people.” How organizations bring their people along on this journey, helping them develop new skills and capabilities, will determine long-term success.
  2. Strategic integration: Agentic AI shouldn’t be deployed in isolation but integrated into broader digital transformation strategies that consider the entire ecosystem of technologies and business processes.
  3. Governance and ethics: Establishing robust governance frameworks that ensure responsible, transparent, and accountable use of agentic AI will be essential for maintaining trust and regulatory compliance.

Conclusion

We stand at the threshold of a new era in financial services, one in which agentic AI will fundamentally reshape how institutions operate, serve customers, and manage risk. The technology’s ability to autonomously make decisions, learn from experiences, and collaborate across systems represents a quantum leap from traditional automation.

Leading financial institutions are already demonstrating the transformative potential of agentic AI, from JPMorgan Chase’s market monitoring systems to Citigroup’s governance frameworks. The rapid adoption rates—with 76% of financial organizations planning to implement agentic AI within a year—underscore the industry’s recognition of this technology’s strategic importance.

As we prepare for the 2025 Point Zero Forum, I encourage financial leaders to consider how this technology can be harnessed responsibly to drive innovation, efficiency, and inclusion. The forum’s focus on AI-driven intelligent systems and their potential to redefine productivity aligns perfectly with the agentic AI revolution unfolding in financial services.

Remember, as I often say, “We are at the beginning of a marathon. It’s not a sprint.” The journey toward fully realizing the potential of agentic AI will require sustained commitment, thoughtful leadership, and collaborative approaches across the industry.

I look forward to continuing this conversation at the Point Zero Forum in Zurich and engaging with many of you on this fascinating topic.

Oliver Bussmann is a global technology thought leader and ambassador to the Point Zero Forum. With extensive experience as a former Group CIO at UBS and SAP, he advises financial institutions on digital transformation strategies and emerging technologies.

Image Credit: Wanan Wanan | shutterstock.com

Please note that this newsletter reflects Bussmann Advisory’s and Oliver Bussmann’s personal views and not those of any organization we are involved with. This newsletter is for educational purposes only and none of its content should be construed as investment or financial advice of any kind. More information on www.bussmannadvisory.com.