New report warns banking’s AI exposure is already here

A forthcoming report from Stephen Bishop and Tony del Fierro says banks are entering a period of structural AI risk without a coherent governance framework. The authors argue the biggest threat is not a future model breakthrough but AI moving through core banking infrastructure, vendors and customer behavior faster than regulators can control it. Why it matters: - The report says financial institutions are facing systemic AI exposure now, not at some future tipping point. - The authors argue existing controls were not built to reach the full “all-party risk surface” created by employees, vendors, customers and customers’ AI agents. - Core banking infrastructure providers are rolling out agentic AI, which could spread risk across thousands of institutions that do not control the vendor’s governance terms. What happened: - Stephen Bishop and Tony del Fierro prepared a forthcoming report and white paper based on research behind Know Your Agent . - The report says regulators, institutions and infrastructure providers are aware of the risk and are moving ahead anyway. - On 7 April 2026, Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell met privately with major bank CEOs to discuss cybersecurity risks tied to Anthropic’s Claude Mythos. - The report describes Claude Mythos as capable of finding previously unknown zero-day software vulnerabilities at unprecedented scale and speed. - Ten days later, the OCC, Federal Reserve and FDIC released updated model risk guidance, the first update since 2011. - The updated guidance excludes generative and agentic AI because the agencies said those systems are “novel and rapidly evolving.” - Banks are still expected to self-govern AI risk while no formal rulebook exists. - On 27 April, Federal Reserve Vice Chair for Supervision Michelle Bowman said a consultation draft on AI in the financial system is expected in the third quarter of 2026. - Bowman said Treasury and SEC colleagues are working closely with the Federal Reserve on the effort. - At the IMF-World Bank Spring Meetings in April 2026, AI was a central topic in both official and informal discussions. The details: - The report says AI is reaching banking through core infrastructure rather than through a compliance decision. - FIS announced a partnership with Anthropic in May 2026 to deploy agentic AI across banking operations. - Fiserv said its agentOS platform, built with OpenAI, will be broadly available in August 2026. - Fiserv serves 6,000 financial institution customers, including 3,000 that run its core systems. - Six financial institutions have already co-developed agents on agentOS. - The report says community banks and credit unions have limited leverage to demand specific governance terms from core vendors. - Nearly half of U.S. adults had used a conversational AI assistant by the end of 2025. - Forty-six percent of Americans report using AI for personal finances. - Two hundred million people query ChatGPT about personal finance each month, and ChatGPT now connects to customer bank accounts via Plaid. - Forty-two percent of small businesses and 45% of medium-sized firms report AI agents making purchases on their behalf. - McKinsey estimates $3 trillion to $5 trillion in global retail spend could flow through agentic channels by 2030. - In 2025, 76% of U.S. organizations experienced attempted or actual payments fraud. - Business email compromise affected 74% of organizations, up sharply from prior years. - Only 17% of organizations are using AI to defend against business email compromise. - A January 2026 security study tested 24 AI banking assistants with adversarial techniques and found every one was exploitable. - Data leak rates in that study ranged from 1% to 64%. - Nearly half of workers admit using AI tools at work after their company said no. - A meaningful share of those workers entered sensitive or proprietary data while doing so. - Internal security teams detected 57% of shadow AI incidents, which implies 43% were not detected. - The white paper says the KYA framework covers classification, verification, operating ownership and implementation. - The white paper also includes a practical audit institutions can run without buying new tools. - The package includes the KYE operating-reality memo template and a starting plan for institutions at any stage of readiness. - Source material cited for the report includes a Sullivan & Cromwell memo, the Federal Reserve speech, the IMF Article IV consultation, the FSOC readout, OCC Bulletin 2026-13, FIS and Fiserv releases, the AFP Payments Fraud & Control Survey 2026 and an AI2Work analysis of SR 26-2. Between the lines: - The report frames AI risk as an ecosystem problem, not just a model-safety problem. - Vendor-led deployment matters because many banks can adopt the technology faster than they can renegotiate controls. - The combination of rapid consumer adoption, agentic payments and weak defensive deployment suggests exposure may be growing faster than institutional monitoring. - The regulatory response appears to be moving, but the report says the guidance gap remains large enough to leave banks improvising. What’s next: - Federal Reserve and other U.S. agencies are expected to issue a consultation draft on AI in the financial system in the third quarter of 2026. - Banks will likely continue building or buying agentic AI tools even as governance standards lag. - The white paper positions the KYA framework as an immediate audit approach for institutions trying to assess their current exposure. The bottom line: - The report’s core warning is blunt: banking’s AI risk is no longer theoretical, and the governance model is already behind the technology.