FinTech, AI and Cyber

I recently took the stage to talk about one of the most consequential inflection points facing FinTech: the rapid arrival of agentic AI – systems that plan, decide and act autonomously – and what it means for risk, reputation, regulation and customer trust. Below is a distillation of the talk: what agentic AI actually is, why FinTechs are racing to adopt it, the real cyber threats it brings, and a pragmatic playbook leaders can use today.

What is agentic AI

Agentic AI are autonomous agents (or collections of agents) that do more than respond to a prompt: they plan multi-step workflows, call APIs, access systems and execute decisions with limited human intervention. Think of them as programmable operators that can triage, decide and act across your product and infrastructure stack.

Why boards are paying attention

Technology companies are some of the earliest adopters because agentic systems can drive direct revenue and efficiency: autonomous fraud remediation, dynamic pricing, and 24/7 customer agents that can complete tasks end-to-end. Where agentic AI succeeds, it compresses time-to-value and reduces operating cost – but it also concentrates decision mechanisms into software. That double-edged effect is why strategy and security must move together.

The top cyber & governance risks to watch

• Unauthorised actions and decision drift. Agents may learn or be prompted to take actions outside intended bounds (e.g., approve transfers, change credit limits).
• Credential and identity compromise. Agents often hold API keys and service credentials; if those identities are hijacked, the agent becomes a powerful attack vector.
• Prompt-injection and chain-of-thought manipulation. Malicious inputs can steer agents to leak data or perform unsafe actions.
• Model poisoning and data integrity attacks. Corrupting the models or training data can bias decisions in subtle ways.
• Supply-chain / multi-agent systemic risk. Many deployments stitch multiple LLMs and services together – a failure in one can cascade.

These aren’t hypotheticals – enterprise-grade agents already authenticate to systems, make API calls and access sensitive data, so the attack surface is real and expanding.

The regulatory backdrop

Regulators are aware of the speed and scale of change and are signalling a blended approach: encourage innovation while focusing on “egregious failures” and consumer protection rather than one-size-fits-all prescriptive rules. Expect closer regulator-industry cooperation, targeted live testing, and stronger expectations around explainability, control and incident handling. If you operate cross-jurisdictionally, plan for different paces of rule-making and tighter supervisory scrutiny.

A pragmatic CISO playbook for agentic AI

1. Treat agents as non-human identities. Issue scoped, short-lived credentials; enforce least privilege; rotate keys automatically and require strong mTLS-style authentication for agent API access.
2. Implement intent and action gating. Don’t let agents execute high-impact actions without step-down human approvals, escalation checks or automated safety checks that validate intent vs policy.
3. Build observability for decisions, not just logs. Capture the decision chain (inputs, intermediate reasoning, outputs), mapped to business impact, so you can reconstruct why an agent acted. Continuous monitoring should include behaviour-anomaly detection for agents.
4. Threat-model agents end-to-end. Model prompting, data flows, credential handling, downstream side effects, and cross-agent interactions. Use red-team and adversarial testing (prompt-injection, poisoning, credential theft scenarios) as part of CI/CD for agents.
5. Harden the training and data pipeline. Protect provenance, versioning and access controls for datasets and model checkpoints to reduce poisoning risk.
6. Contract and vendor controls. For third-party agent platforms or models, require API audit logs, incident SLAs, traceability and the right to perform security testing or obtain test datasets.
7. Practice incidents with multi-discipline tabletop drills. Include legal, communications, product and regulators in realistic scenarios where an agent makes a harmful decision or exfiltrates data. The coordination complexity is higher than for a traditional app outage.

How this protects reputation and builds trust

When agents act autonomously in customer-facing flows, trust becomes operational: customers expect safe, explainable outcomes. By designing defender controls at the identity, intent, observability and governance layers you preserve customer safety and regulatory trust, while still capturing the efficiency benefits of agentic AI. Clear contracts, fast notification commitments, and transparent remediation pathways convert near-term technical control into long-term brand resilience.

Agentic AI is not a theoretical future, it’s already changing product and risk surfaces. The right posture balances controlled autonomy (to unlock value) with defence-in-depth architecture (to protect customers and your brand).