As artificial intelligence takes the business and financial world by storm, agentic AI is causing a tsunami in its own right. The market for the autonomous technology is already bigger than $9 billion, with analysts expecting well into hundreds of billions by 2034.
In day-to-day terms, the prospects are incredibly exciting or fraught with risks – or both – and disrupting strategies and processes in real time. Some cases in point:
-- JPMorgan Chase & Co., which last year was on its way to being “fundamentally rewired” as a “fully AI-connected enterprise,” said in March that increasingly powerful agentic AI “requires a different emphasis” to “align safeguards to capability and risk . . . The challenge is no longer securing models. It is securing agents operating in dynamic, interconnected environments.”
-- Startup Catena Labs came out of stealth mode in May 2025 on a mission to build “an AI-native financial institution that will give AI agents, and the businesses and consumers they serve, the ability to transact safely and efficiently.” Twelve months later, CEO and co-founder Sean Neville, who was a co-founder of top U.S. stablecoin issuer Circle Internet Group, raised a fresh $30 million from Andreessen Horowitz and other venture capital backers to support Catena’s “governance and banking platform for AI agents.”
-- Noting that “more than 200 million people come to ChatGPT every month for budgeting, questions about their investments, comparing different paths, planning for future goals, and more,” OpenAI in May unveiled a “personal finance experience” demonstrable when accounts are synced on the Plaid fintech platform. Bringing the capabilities to life “requires three things working together: broad financial data coverage, the ability to make sense of that data, and consumer trust and data controls. Plaid offers all of the elements in one place,” said that company’s chief technology officer, Will Robinson.
-- Stirring both hype and fear, Anthropic distributed its Claude Mythos model selectively to prevent potential attacks on critical cyber infrastructure. A model combining vulnerability-discovery capabilities “with agentic AI directed at channels designed from the ground up for humans . . . creates a threat that existing defenses are poorly structured to detect,” said an analysis by BioCatch. “AI lowers the skill barrier for fraud by helping automate tasks that once required specialists, such as exploit development, system analysis, and attack execution,” the behavioral-biometrics technology company pointed out, adding, “Stronger defenses require continuous behavioral analysis at the session layer, evaluating user identity, user intent, and user humanity throughout every millisecond of every digital banking session.”
-- Highlights in a recent announcement by data and AI analytics leader SAS, about how it “aims AI agents at industry's toughest challenges,” ranged from “industry accelerators” to assist integrations with existing workflows, to fighting the surge in financial fraud with “detection models [that] have been trained on patterns from a broad dataset contributed via consortium by major global financial institutions.”
Organizations stitching together ad hoc AI frameworks and experiments “often fail to achieve the competitive edge they’re looking for when they invest in AI,” said Manisha Khanna, SAS Global Market Strategy lead, Applied AI. “We’re engineering industry accelerators with purpose: To solve defined, real industry problems in highly regulated environments. With production-ready agents and models that work on data they already have, our customers across industries can and are achieving extraordinary outcomes.”
As a departure from more passive forms of AI that have humans firmly in the loop, the autonomous agentic variety epitomizes the double-edged nature of advanced, intelligent IT.
Nvidia CEO Jensen Huang said recently, “Every company will have agents running inside [and] is asking us, 'How do we run agents safely? How do we build agents for our own workloads?’ . . . The world is no longer limited by the number of people. Those agents are going to use more tools than ever."
Rami Chahine of Serrala
Explainability and other controls are no less critical, along with the need to maintain consistency across an architecture housing multiple autonomously trained agents. “It’s not just about whether the insight is correct,” asserts Rami Chahine, chief product and technology officer of AI finance platform provider Serrala. “It’s about whether the system acts in a way that remains aligned with policy and intent.”
There is a difference between earlier “advisory” AI which surfaced information and left decisions to humans, and agents that act and execute, says Dean Alms, chief product officer of third-party risk management solutions company Aravo. “When AI moves from recommendations to taking action, the consequences of working from bad data are much more serious. A flawed recommendation can be ignored. A flawed action may already be in motion before anyone catches it.”
Mark McCreary, partner and chief AI & information security officer at law firm Fox Rothschild, cites three areas of greatest concern, beginning with an “accountability gap.” Traditional principal-agent law does not map neatly onto AI agents. Companies may find themselves strictly liable for agent conduct, whether or not it was predicted or intended.
Second, McCreary continues, is compounding data-privacy risk. Agentic systems access multiple datasets, combine information dynamically, and generate inferences in real time. That means data mapping, consent mechanisms, and data minimization controls can become obsolete the moment an agent pulls from a new source to complete a task.
Third is a visibility issue. Traditional logs do not capture the prompts, intermediate reasoning, tool calls and decision paths that matter for agents. Without being able to reconstruct how a decision is arrived at, it cannot be meaningfully audited, defended in litigation, or explained to a regulator.
Vendors are exhibiting agility with offerings to fill the gaps.
Aravo AI, for one, enables companies “to automate manual processes, access real-time insights, and make decisions with full transparency and auditability.”
“Third-party risk management leaders are both excited and cautious about AI,” Aravo’s Dean Alms said in April. “They see the potential to automate work and move faster, but they also need to trust how decisions are made. Aravo AI is built for that reality, combining real workflow impact with the transparency and control required in risk and compliance.”
Tom Carey of Broadridge
Also in April, Serrala launched AI-powered agents within the Serrala Finance Platform, purpose-built to “interpret context, determine the next best action within defined policies, and execute tasks across systems, while keeping finance teams in control through human-in-the-loop oversight.”
In May, Broadridge Financial Solutions said its agentic AI was “live in production” at institutional scale across capital markets and wealth management workflows. “We believe the firms that lead in the next era of financial services will be the ones that embed AI directly into the way work gets done,” said Tom Carey, President of Broadridge Global Technology & Operations. “Broadridge is uniquely positioned to support that shift by combining a fully integrated financial services ontology with the platform depth and operational scale required for institutional production.
“That gives the world’s most demanding clients a new ability to deploy agentic AI across complex workflows with a level of control, efficiency, and confidence that fragmented point solutions cannot match.”
Introducing a February McKinsey Talks Operations podcast, Daphne Luchtenberg said, “Agentic AI is not just another buzzword; it’s poised to become a critical differentiator for banks everywhere. Leading institutions are leveraging AI as a platform to redefine their workflows and business models, transforming how they operate and deliver value to their customers.
‘However, the story is not the same for all banks. Slow adopters face the very real danger of falling into what we call pilot purgatory: dabbling in narrow use cases without fully realizing the transformative potential of this technology.”
McKinsey’s Abhilash Sridharan
McKinsey & Co. partner and Asia service operations lead Abhilash Sridharan observed that the impact of generative and agentic AI applications “has been mixed. Nearly 80% of financial institutions that we work with in Asia report using some version of AI-led applications. But a similar proportion globally reports no significant impact on their bottom line.”
He stressed that banks need to be “telescopic” while also “solving for near-term impact . . . because the operations of the future are expected to change, and banks need to be prepared for it or risk being disrupted by a combination of fintechs and big techs.”
As part of its Project MindForge, the Monetary Authority of Singapore announced publication of an Artificial Intelligence Risk Management Toolkit for the financial services sector. It was “developed collaboratively by a consortium of 24 leading banks, insurance companies, capital market firms, and other industry partners [and] provides financial institutions with resources for managing AI-related risks across traditional AI, generative AI, and emerging agentic AI technologies.”
Along with the release of an Operationalization Handbook, the toolkit “marks a major step forward in our journey to ensure the responsible adoption of AI in finance,” said MAS chief fintech officer Kenneth Gay.
The U.S. Financial Stability Oversight Council, a panel of regulators chaired by the secretary of the Treasury, noted in its 2025 annual report: “GenAI technologies introduced in the last few years create human-like content, such as text, images, or videos. In the last year, agentic AI systems have been developed to pursue specific goals with some degree of autonomy based on real-time feedback from their environments.”
Considering expectations that “AI will become the dominant frontier technology” and grow rapidly, the council added, “As with any new technology, careful attention will need to be paid to manage potential risks that could arise with the widespread adoption of AI.”
Frank Elderson of the ECB
In a statement following a May meeting, the Basel Committee on Banking Supervision said, “While frontier AI models could help banks and supervisors in identifying cyber vulnerabilities and strengthening defenses, their potential malicious use may materially change the speed and scale of cyber incidents. The committee will continue to monitor developments and exchange supervisory insights.”
European Central Bank executive board member and supervisory board vice chair Frank Elderson, in a June 3 speech titled Strengthening Operational Resilience for the Age of AI, characterized AI as “a structural shift in the cyber threat landscape.”
“Tools like Mythos appear to be significantly more advanced than existing tools in three important ways,” Elderson maintained. “First, they can discover and exploit vulnerabilities at a speed and scale far beyond what we have seen before. Second, they can combine seemingly minor vulnerabilities into serious attacks. And third, they can help reverse-engineer patches into exploitable vulnerabilities and, again, do so at unprecedented speed.”
“Current evidence suggests that these models may be effective not only against environments with weak levels of defense but also against standards that were once previously considered state of the art,” the central banker remarked. “The direction of travel is unmistakable: The speed, scale and accessibility of advanced cyber capabilities are increasing, and the time available to defenders is shrinking.”
In “Sound Practices for Responsible Adoption of Artificial Intelligence,” a consultation report open for comments until July 22, the Financial Stability Board seeks input on “AI-specific aspects and risks that are relevant to financial institutions and financial stability.”
“The high levels of autonomy that AI agents may have can create or amplify certain risks, which can materialize at great speed,” begins one section of the FSB report. Among those risks: unauthorized and erroneous actions, data breaches, disruptions to connected systems, and “a distinct challenge for human oversight, given the impracticality of real-time human monitoring of agent decisions as their use scales.”
A Frontier AI Trends Report from the U.K. AI Security Institute found “AI capabilities are improving rapidly across all tested domains. Performance in some areas is doubling every eight months, and expert baselines are being surpassed rapidly.”
“Overall, our evaluations show a steep rise in the length and complexity of tasks AI can complete without human guidance,” said the report’s section on agents. Also, “new generations of reasoning models carry out step-by-step problem solving in their chains-of-thought – meaning they can keep track of context and break down complex problems.”
Ricardo Baeza-Yates, search chief scientist, You.com, pointed to how the risks “directly impact trust, and trust ultimately determines how far organizations are willing to go. Without strong governance, companies limit agent autonomy, which in turn limits the value they can capture. The ability to scale agentic AI is therefore tightly linked to confidence in oversight and control.”
The Boston Global Forum, which advocates a multifaceted agenda for AI governance, regulation, and societal and policy alignment, has put forward the notion of “trust as the operating system of the AI Age.” New trust and control mechanisms are explored in a discussion paper, in part addressing “new capabilities [that] arise from the interaction and coordination of multiple AI agents rather than from a single model alone.”
“Risk professionals need to understand not just traditional risk frameworks, but also how AI agents interact, how to evaluate agent behavior over time, and how to design governance structures for systems that learn and adapt,” Fox Rothschild’s McCreary comments. “The job is no longer just about identifying risk; it is about engineering controls for systems that are actively evolving.”
Jeffrey Kutler of GARP contributed reporting for this article.