Financial services organizations are deploying autonomous AI agents faster than they are securing them, according to a new Cloud Security Alliance (CSA) report. Of the 62 percent of financial firms that have adopted these tools, nearly a fifth cannot confirm whether their networks have already been compromised by misconfigured AI systems.
Current deployment and future risks
The CSA surveyed 340 global IT and security professionals between January and March. The data shows that 93 percent of firms using AI agents have granted them some level of autonomy. Currently, these tools handle customer service, cybersecurity, and fraud detection.
The trajectory points toward higher-risk functions. Eighty-five percent of surveyed organizations expect AI agents to directly facilitate payments in the future. However, two-thirds of respondents acknowledge this shift will require entirely new technologies to authorize legitimate activity.
The authentication gap
Legacy financial systems are not built for autonomous software. "Existing payment instruments and authentication models were designed around a human being present to confirm details of the transaction," the report authors wrote. "They were not designed for a delegated software agent that can negotiate, select, and execute purchases on a consumer's behalf."
This gap creates immediate vulnerabilities. One-fifth of survey respondents reported experiencing a security incident tied to their AI tools. An equal 21 percent admitted they do not know if hackers have already breached their networks through these same systems.
When asked to identify their primary concerns, 61 percent of professionals cited data leakage. As AI for Finance expands, this underscores the extensive access these tools have to sensitive corporate records.
Troy Leach, the CSA's chief strategy officer and a lead author of the report, said the industry faces a critical balancing act. "The results of this year's survey show an industry speeding toward autonomous AI-driven operations while also recognizing that visibility, identity governance, and real-time security controls must mature just as quickly," Leach said. Finance executives managing this transition must balance strategic deployment with rigorous risk analysis, making resources like an AI Learning Path for CFOs highly relevant for understanding these emerging controls.
Why this matters for finance professionals
Financial institutions are moving autonomous agents into payment and transaction workflows before authentication models can support them. Finance professionals must demand new authorization frameworks before approving AI tools that can negotiate or execute purchases. Waiting for a breach to reveal a misconfigured agent is no longer a viable risk management strategy.
Your membership also unlocks:
