Lloyds Shares Agentic AI Security Playbook and Practices
Infosecurity Magazine reports that Lloyds Banking Group presented its approach to securing agentic AI at the OWASP GenAI Security Summit during Infosecurity Europe 2026, in a session billed 'No Room for Hype: Securing Agentic AI Inside a UK Bank.' Per Infosecurity Magazine, Lloyds framed security as its '12th bet' alongside 11 AI and innovation bets, and described an 'AI safe adoption' strategy spanning the agent lifecycle from package pulls to decommissioning. The bank outlined an internal 'agent marketplace' for centralized registration, governance, auditability, and traceability, and said multidisciplinary feature teams combine security, compliance, and responsible-AI functions. Speaker Manija Poulatova framed the effort as embedding security into AI and agent adoption by first building a shared understanding of what 'agentic' actually means, according to Infosecurity Magazine.
What happened
Infosecurity Magazine reports that Lloyds Banking Group presented a practical approach to securing agentic AI workflows at the OWASP GenAI Security Summit during Infosecurity Europe 2026, in a session billed 'No Room for Hype: Securing Agentic AI Inside a UK Bank.' Per Infosecurity Magazine, the bank described security as the '12th bet' in an 11-bet AI and innovation roadmap and outlined an 'AI safe adoption' strategy spanning development, promotion, runtime observability, and decommissioning. It described an internal 'agent marketplace' as a single pane of glass for all agents, centralizing registration, governance, auditability, and traceability. Speakers included Manija Poulatova and Kirsty Montignani; Poulatova framed the work as embedding security into AI adoption by first building a shared understanding of what AI and 'agentic' mean, per Infosecurity Magazine.
Technical details
The practices Lloyds described map to common controls for higher-risk automation: centralized agent registries, lifecycle gating, runtime observability, and multidisciplinary feature teams combining security, compliance, and responsible-AI oversight. Such controls reduce the operational surface area for agents by making provenance, configuration, and runtime behavior discoverable and auditable. The 'agent marketplace' pattern aligns with service-catalog and model-governance approaches seen in other regulated enterprises.
Context and significance
Large financial institutions face regulatory and reputational exposure when deploying autonomous or semi-autonomous agents. Public reporting frames Lloyds' approach as pragmatic and engineering-led rather than purely policy-driven, emphasizing low-risk, high-value initial use cases such as investments, pensions, and customer support, per Infosecurity Magazine. For practitioners, the emphasis on integrated teams and a single control plane for agents illustrates a repeatable pattern for managing agentic risk at scale.
What to watch
Look for more granular descriptions of enforcement mechanisms, such as policy-as-code gates, runtime policy-enforcement hooks, and auditing pipelines, in follow-up talks or technical writeups. Watch whether other regulated organizations publish similar centralized registries or implementation details for agent marketplaces and lifecycle controls, and whether OWASP outputs, such as its new agentic security maturity framework, are adopted as practical reference models.
Scoring Rationale
A practitioner-relevant conference item: Lloyds Banking Group detailed a concrete agentic AI security playbook (an 'agent marketplace,' lifecycle gating, and cross-functional governance) at OWASP's GenAI Security Summit. The patterns are useful and reusable for regulated enterprises, but this is a single-source talk recap rather than a framework, product, or model release, placing it solidly in the notable-but-not-major range.
Practice with real Banking data
90 SQL & Python problems · 15 industry datasets
250 free problems · No credit card
See all Banking problems
