Trend AI: Agentic AI Adoption in Finance Overlooks Security

Agentic AI systems are creating new attack surfaces across the financial sector.

Autonomous decision-making tools now operate beyond human oversight in many organisations.

TrendAI – a business unit of Trend Micro specialising in AI cybersecurity – has published research exposing the security gaps that emerge when deployment outpaces governance.

The findings could mean that institutions are creating vulnerabilities faster than they can defend them.

Security frameworks lag behind deployment

According to TrendAI, a survey of 407 finance, insurance and accounting organisations reveals a control problem.

Autonomous systems are being deployed without the security infrastructure needed to monitor or audit their behaviour.

The research finds that 31% of financial services firms lack observability or auditability over AI agents.

These systems now operate across fraud detection, compliance and risk management functions without adequate oversight mechanisms.

There is a suggestion that security concerns are being overridden by business pressure. According to the survey, 68% of organisations approved AI deployments in the past year despite unresolved security issues.

A further 15% described their security concerns as extreme but were overruled.

This pattern could indicate that competitive pressure is superseding risk management protocols.

"Financial services firms are not short of awareness when it comes to AI risk, but awareness alone is not control," says Bharat Mistry, Field CTO at TrendAI.

"What we are seeing is a widening gap between how quickly AI is being deployed and how well it is being governed.

"That gap is where risk lives and it's a problem that's getting worse in light of increased interest in and uptake of, agentic AI tools." 

Threat landscape expands with autonomy

The report identifies a maturity problem in governance structures.

Only 21% of firms have comprehensive AI policies in place.

According to TrendAI, just 32% of respondents report moderate confidence in their understanding of legal frameworks governing AI.

Meanwhile, 44% cite unclear regulation or compliance standards as a barrier to implementing proper controls.

The threat profile is shifting as systems gain autonomy.

Sensitive data exposure ranks as the top concern for 40% of respondents.

An expanded cyber attack surface concerns 34% of respondents.

Risks tied to autonomous execution and misuse of trusted AI status concern 32%.

The research also finds gaps in threat recognition.

Only 30% of organisations recognise prompt injection as a material risk, despite its documented use in manipulating AI systems.

"Agentic AI changes the equation," Bharat says.

"These systems are not just supporting decisions, they are taking action.

"Without visibility, auditability and clear control mechanisms, organisations are effectively handing over authority without accountability."

Control mechanisms remain undefined

TrendAI's TrendAI Vision One platform provides unified visibility across cloud, endpoints, networks and data.

The system is designed to manage cyber risk across the AI lifecycle, from infrastructure through to models and users.

The approach addresses a fundamental problem identified in the research. While 40% of organisations support AI kill switches to shut down systems during misuse events, 46% remain uncertain about intervention strategies.

This division could show that organisations lack consensus on when human intervention should occur. 

"This lack of alignment points to a deeper issue," Bharat concludes.

"Organisations are deploying increasingly powerful AI systems without a shared understanding of when, or how, human intervention should take place when it matters most."