Agentic AI Raises Security Concerns in Financial Sector

Two recent industry surveys, reported by Cybersecurity Dive, highlight a consistent theme: organizations are deploying agentic AI faster than they can secure it, and the financial sector is particularly exposed.

Security firm Netwrix, in a survey of 2,317 professionals at 1,889 organizations across 60 industries, found that companies making the widest use of AI tools experienced data breaches at a rate of 43% over the prior 12 months, versus 11% for organizations with lighter AI usage. The report attributes much of the risk to identity sprawl -- the proliferation of non-human accounts, agent credentials, and API keys that AI deployments require. Roughly three-quarters of organizations lack unified visibility into which identities can access sensitive data, and 75% of breach incidents involved compromised identities or misconfigured account permissions, per Netwrix. Three-quarters of organizations also said they were not fully overseeing what their AI identities were doing in their systems.

KPMG's global survey of senior leaders at large corporations found that 75% were worried about cybersecurity and privacy risks from AI tools. A key readiness gap: among organizations still in the experimental phase with AI, only 20% said they felt confident managing AI-related risks. That confidence rose to 49% among mature AI adopters, suggesting governance frameworks improve as programs scale. Nearly half (44%) of all respondents rated cybersecurity and employee misuse as their most serious AI-related problems, up from one-third in Q4 2025. More than half of organizations reported officially deploying AI agents, with 43% embedding security controls directly into agents and a similar proportion demarcating high-risk use cases where agents cannot act autonomously.

Financial services firms are among the most active deployers of agentic AI and operate under the strictest regulatory obligations. Technology leaders at major banks, speaking at the Evident AI Symposium in late 2025, noted that agentic workflows expose vulnerabilities across basic risk management structures. The U.S. Treasury has released guidance on secure AI adoption for financial firms.

The Netwrix data is particularly actionable for security teams: identity governance for non-human accounts (agents, copilots, API integrations) is the fastest-growing attack surface. Standard privileged access controls applied to human accounts need to extend to AI identities. The KPMG data suggests that organizations should not wait until AI programs are mature to build governance -- the gap is widest and risk is highest during the experimentation phase.