Financial services (FS) has the highest rate of AI-related security incidents of any sector — higher than healthcare, manufacturing, or government. And most organizations still treat AI agents like just another workload. They’re not.
As a sector built on highly sensitive data and deeply interconnected systems, the stakes are higher. The risks go far beyond isolated incidents, from large-scale data exposure and financial loss to regulatory breaches, loss of customer trust, and even systemic disruption if critical services are impacted.
This isn’t a contained problem. It spills over. And because FS is often first to adopt new technologies, how it handles AI today will shape how other industries follow.
Get it wrong, and it becomes the blueprint for what not to do.
What’s going wrong
So why is this happening? FS organizations are pushing non-deterministic actors into production without the guardrails to control them.
The data is clear. It’s not the AI that’s unsafe. It’s the access we’re giving it. Organizations that grant broad access to AI agents report far higher incident rates than those enforcing least-privilege controls.
This creates an entirely new class of risk – and it scales fast. Unlike traditional software, AI agents operate autonomously, at machine speed, 24/7, and they don’t get tired. So when you give them excessive permissions, they don’t just introduce risk, they amplify it.
To be useful, AI agents need a broad reach across systems. This is especially true in FS, where agents are used in customer onboarding or risk management, and need access to a variety of data to pull insights. Agents are also operating in a highly complex and interconnected infrastructure. So teams take the shortcut: they grant wide permissions to make things work.
That’s where the problem starts. Overprivileged agents don’t just increase the likelihood of data exposure; they also make it harder to see what’s happening, harder to prove control, and harder to meet audit requirements. When something goes wrong, it doesn’t stay contained – the blast radius expands fast.
The push to move fast and adopt AI tools quickly is understandable. But speed without control is exactly what creates the problem – particularly in environments already dealing with fragmented identity, credential sprawl, and inconsistent identity governance.
At its core, this is a mismatch. Traditional identity management models assume static users and predictable access. AI agents are neither. They’re dynamic, non-deterministic, and constantly interacting with multiple systems, and the old models don’t hold up.
The good news? This security crisis is absolutely fixable. Here’s how to approach it.
What needs to change
1. Treat AI agents as first-class identities
First, identity needs to be rethought from the ground up. Every actor – human, machine, or AI – should operate within a single, secure, auditable framework.
For AI agents, this starts with a unique, verifiable identity from the moment it is created. No shared credentials, no ambiguity, no gaps.
Everything else builds from there. The next steps all depend on getting identity right at the start. Because if you can’t reliably identify an agent, you can’t control it, and you definitely can’t secure it.
2. Enforce least privilege as a core control
Next, reduce access to what’s strictly necessary. Audit existing agents, identify over-privileged access, and restrict permissions to specific tasks, systems and datasets.
Access should be precise and time-bound, and anything more is unnecessary risk – a core principle of zero trust access.
3. Eliminate reliance on static credentials
Static credentials, like passwords, API keys, long-lived service accounts, create persistent access that’s difficult to control. They linger. They spread. They get reused. All of this contributes directly to credential sprawl.
Instead, replace them with short-lived, identity-based access tied to context. No fixed secrets. Just verified identity. This is especially critical when managing machine and workload identity at scale.
4. Build full visibility and auditability
Without visibility, risk builds quietly – until it doesn’t. AI agents can’t operate as black boxes. Every action should be logged, and every movement should be traceable across systems and workflows. And that visibility needs to plug into existing monitoring and detection.
No visibility, no accountability. And no effective identity governance.
Reshape identity management for an AI-driven world
Identity has to become an engineering discipline, not just a security function. That means platform, engineering, and security teams aligning around a single identity model — not bolting tools together after agents are already in production.
That means aligning platform, engineering and security around a shared model. Consolidating fragmented systems into a unified identity layer to drive lower complexity and stronger control. Treating identity as core infrastructure – not a bolt-on.
AI agents are already embedded in financial services. That’s not changing. But the way they’re secured has to. Treating autonomous agents like traditional workloads isn’t enough, and assuming they fit existing identity models is wishful thinking.
In financial services, identity isn’t a compliance checkbox. It’s the infrastructure that determines whether you can scale AI at all.
We feature the best RPA software, to make it simple and easy to reduce costs by using Robotic Process Automation.
This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.
The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit
