Skip to main content
← Back to Insights
AI6 min read

The Hidden Risks of Agentic AI in Banking

As AI agents gain autonomous decision-making capabilities, banks face novel risks that existing model risk management frameworks were never designed to address.

Agentic AI systems — those capable of planning multi-step actions, calling external tools, and operating with minimal human oversight — are moving from research labs into production banking environments faster than governance frameworks can adapt.

Traditional model risk management (MRM) frameworks, rooted in SR 11-7 and its equivalents, were designed for statistical models with defined inputs, outputs, and performance metrics. Agentic systems break these assumptions. They compose multiple models, call APIs, retain context across sessions, and take actions with real-world consequences — from drafting regulatory responses to initiating payment workflows.

The attack surface is different too. Prompt injection — where malicious content in a document or email tricks an agent into performing unintended actions — is a novel threat vector with no direct analogue in classical MRM. Hallucination-driven credit decisions are another: unlike a regression model that outputs a score, an LLM-based underwriting assistant might generate a confident-sounding but factually incorrect risk assessment.

Banks building agentic capabilities should start with a narrow, auditable deployment: well-defined task scope, explicit human approval gates for consequential actions, comprehensive logging of agent reasoning chains, and a formal adversarial testing programme covering prompt injection and data exfiltration scenarios.