Banks Are Racing Into AI Faster Than Security Can Follow

Banks Are Racing Into AI Faster Than Security Can Follow

Banks Are Racing Into AI Faster Than Security Can Follow

https://www.pymnts.com/news/artificial-intelligence/2026/banks-are-racing-into-ai-faster-than-security-can-follow/

Publish Date: 2026-07-07 19:14:00

Source Domain: www.pymnts.com

  • Introduction of the Model Context Protocol (MCP) by Anthropic: Introduced as an open standard to allow AI agents to connect with business systems through a common interface, eliminating the need for custom connections previously required.

  • AI Agent Growth Projection: The International Data Corporation projects significant growth in active AI agents within enterprises, from 28.6 million in 2025 to more than 2.2 billion by 2030.

  • Security Vulnerability in MCP: Microsoft Incident Response warned that attackers can hide malicious instructions in the descriptions used by MCP tools, which AI agents rely on to determine the tool’s functionality.

  • Illustrative Scenario of Malicious Attack: Microsoft demonstrated a finance scenario where an AI agent, misled by a modified tool description, collected and routed invoice files to an external server using the analyst’s permissions.

  • Trust Boundary Problem: Identified as a structural issue, attackers can alter tool descriptions to change the agent’s behavior, as these descriptions share the same space in the agent’s working memory as user instructions.

  • Real-world Attacks and Risks: Security researchers and institutions like the Financial Stability Board have highlighted instances where similar attacks were executed, including instances where AI agents were tricked into sending private credentials or copying emails to external servers.

  • Rapid Adoption in Banking: Banks are quickly adopting MCP-based agents to automate credit memo preparation, commercial risk verification, and other financial processes, even as security frameworks lag behind.

  • Urgent Need for Security Measures: The identified attack method highlights the necessity for banks to implement real-time approvals, controls, and audit trails to manage the risk posed by AI agents operating at machine speed.