Finance Sector Outpaces Regulators in AI Adoption

A report from the Cambridge Centre for Alternative Finance, covered by PYMNTS on April 28, 2026, finds that financial services firms are adopting AI far faster than their regulators: 4 in 5 firms are already deploying AI at some level, and software engineering is the sector's "most mature" AI application. By contrast, 48% of regulators surveyed said they remain in an "exploring" stage or are not engaged with AI at all. The report flags adversarial AI and cyber/operational resilience as top concerns, with 48% of industry respondents naming adversarial AI as a primary risk and 73% citing data privacy as a top vulnerability - alongside a perception gap in which fewer vendors than industry participants or regulators emphasize adversarial threats.
For risk and compliance teams, the practical gap this report documents is not just adoption speed but a three-way perception mismatch: industry practitioners and regulators rate adversarial AI as a leading risk, while the vendors building AI security tooling rate it lower - a mismatch worth checking against your own vendor's roadmap before relying on it for adversarial defense.
What happened
A report from the Cambridge Centre for Alternative Finance (Cambridge Judge Business School), covered by PYMNTS on April 28, 2026, finds that financial services firms are far ahead of regulators in AI adoption. PYMNTS reports 4 in 5 firms are deploying AI at some level, agentic systems have crossed into mainstream use, and firms report real productivity and profitability gains. Software engineering is identified as the sector's "most mature" AI application. By contrast, 48% of regulators surveyed described themselves as still in an "exploring" stage or not engaged with AI at all.
Technical context
The report ties software engineering's maturity to elevated cyber risk: 48% of industry respondents flagged adversarial AI as a primary risk vector, and 73% named data privacy and protection among top perceived vulnerabilities, per PYMNTS's summary. PYMNTS also reports a perception gap on adversarial AI specifically - roughly half of industry respondents and regulators cited it as a top concern, versus roughly a third of vendors - suggesting the companies building AI security tooling may be underestimating a risk that practitioners and regulators rate more highly.
Industry context
A consistent theme across recent industry studies is a widening gap between commercial AI deployment velocity and regulatory readiness. This report reinforces that pattern specifically in finance, where productivity incentives coexist with elevated systemic-risk concerns around data privacy, adversarial manipulation, and the resilience of AI-embedded systems.
For practitioners
Financial-sector engineering teams embedding AI into production pipelines should treat this report as a prompt to audit adversarial-robustness testing and data-protection controls specifically around AI-assisted software engineering workflows, since that is both the most AI-mature function and a named primary risk vector. Do not rely solely on vendor risk assessments given the documented perception gap.
What to watch
Track whether financial regulators expand AI-specific staffing or capability disclosures, whether vendors close the gap on adversarial-robustness transparency, and whether sector audits or incident reports surface adversarial exploits or data-exfiltration paths tied to AI tooling. The full Cambridge Centre for Alternative Finance report has the underlying methodology and sample composition for readers who want to verify these figures directly.
Key Points
- 14 in 5 financial firms are deploying AI at some level, with software engineering identified as the sector's most mature AI use case.
- 248% of surveyed regulators remain in an early 'exploring' stage or are not engaged with AI, versus near-universal adoption among finance firms.
- 3Vendors underweight adversarial-AI risk relative to industry and regulators, a perception gap that could leave defensive tooling behind actual threat levels.
Scoring Rationale
Documents a well-defined, research-backed adoption gap between finance firms and their regulators, with material risk implications (adversarial AI, data privacy) that practitioners in regulated finance should account for; notable but a survey/report finding rather than a breaking regulatory or technical development.
Sources
Public references used for this report.
Practice with real Ad Tech data
90 SQL & Python problems · 15 industry datasets
250 free problems · No credit card
See all Ad Tech problems

