AI risk in banking: what legacy controls miss in practice

TL;DR: Banks are adopting AI faster than they are governing it, creating operational, compliance, and security exposure as employees paste regulated data into prompts, shadow AI spreads through unmanaged accounts, and agentic systems trigger real actions, according to WitnessAI. Legacy controls were built for files and networks, not conversational context, runtime intent, or autonomous behaviour, so banking AI now needs behavioral governance.

NHIMG editorial — based on content published by WitnessAI: AI risk in banking and why legacy controls fall short

By the numbers:

• 82% of employees paste activity into AI tools through unmanaged personal accounts, evading SSO, CASB monitoring, and identity controls.
• 43% of MCP servers examined were vulnerable to command injection.

Questions worth separating out

Q: How should banks govern employee use of AI tools with regulated data?

A: Banks should govern employee AI use as an identity and data handling problem, not just a policy issue.

Q: Why do traditional DLP and CASB controls struggle with AI risk in banking?

A: Traditional DLP and CASB tools were built for files, domains, and static patterns.

Q: What breaks when AI agents have broader access than their tasks require?

A: Over-privileged agents break segregation of duties, weaken auditability, and expand blast radius across transactions, data lookups, and workflow triggers.

Practitioner guidance

• Map every AI touchpoint to an identity path Inventory employee chat tools, embedded copilots, agent frameworks, and MCP-connected workflows, then map each one to the identities and privileges that can reach regulated banking data.
• Classify prompts by intent before enforcement Replace keyword-only controls with policy that distinguishes legitimate work from risky AI use based on conversational purpose, data sensitivity, and business context.
• Reduce agent privilege to the smallest viable transaction scope Bind service accounts, API keys, and tokens to specific banking tasks, then review whether any agent can approve, move, or disclose value beyond its stated role.

What's in the full article

WitnessAI's full article covers the operational detail this post intentionally leaves for the source:

• Step-by-step examples of how banking AI prompts create leakage risk in everyday workflows.
• The specific control model used to combine runtime defense, intent-based classification, and shared oversight.
• How the article maps banking AI risks to compliance deadlines and supervisory expectations.
• The platform-level view of how human AI use and autonomous agents can be governed together.

👉 Read WitnessAI's analysis of AI risk in banking and legacy control gaps →

AI risk in banking: what legacy controls miss in practice?

Explore further

View Full Forum →  |  NHI Foundation Course →