As banks scale their AI initiatives, the security risk posed by “shadow AI” is looming.
Shadow AI is defined by IBM as “the unsanctioned use of any AI tool or application” by employees without formal approval or oversight of the company’s IT department. Breaches involving high levels of shadow AI cost an average of $4.63 million compared with standard breaches which cost $3.96 million, IBM’s 2025 Cost of a Data Breach report.
This matters because 29% of employees turn to unsanctioned AI agents for work tasks, according to the Feb. 10 Cyber Pulse report, published by Microsoft. The company surveyed 1,700 data security professionals in various industries, including financial services in July 2025 for the report.

The problem is arising as employees increasingly “want to use AI tools and sometimes, they are not available, or a better one is available elsewhere,” Derek Holt, chief executive of IT solutions provider Digital.al, told FinAI News.
Data breach risk
The financial services industry is adopting AI at a rapid pace, Bill Borden, corporate vice president of worldwide financial services at Microsoft, told FinAi News.
In fact, 11% of all AI agents at Microsoft are deployed within the financial services industry, behind only the software and tech at 16% and manufacturing at 13%, according to Microsoft’s report.
As the fastest agentic AI adopters, financial institutions especially face risk from the use of shadow AI, Borden said. FIs are highly regulated, and any data breach can tax their operations.
“When mobile tech was growing, banks had to rewire security controls according to the new tech,” Borden said. “It’s the same thing with AI now. As tools are available to individuals, how do you determine how they’re brought into your environment, and if you can detect them and see them?”
Addressing the root cause
Google Cloud, for one, is developing tools to help thwart the risk of AI agents stepping out of bounds, Rohit Bhat, managing director of financial services and capital markets at Google, previously told FinAi News.
Google Cloud is helping businesses to bring AI tools into their operations and add custom security protocols and usage directories to safely provide employees with the tools in a safe manner, Bhat said. This prevents employees from going outside their companies’ secure IT environments to access unverified tools, he added.
“If we give employees access to good AI tools and tell them what’s at risk with unauthorized usage, we can reduce the problem drastically,” Bhat said.
Double agents
Once a financial institution deploys agentic AI, they still need to maintain caution and manage agents carefully, Borden said.
Another risk to FIs is of bad actors exploiting an AI agent’s security controls and instruct it to steal information from other organizations, essentially making it a “double agent,” Borden said.
Anthropic reported in November 2025 that one of its AI agents was reverse engineered to steal information from a client.
We believe this is the first documented case of a large-scale AI cyberattack executed without substantial human intervention. It has significant implications for cybersecurity in the age of AI agents.
Read more: https://t.co/VxqERnPQRJ
— Anthropic (@AnthropicAI) November 13, 2025
Borden said Microsoft is opting for a two-pronged approach to tackle AI-related security breaches:
- AI agents scan and restrict access to unwarranted tools; and
- Educating employees on how to use AI.
Microsoft’s Agent 365 platform keeps track of an organization’s agents and continuously cross-checks their security controls, Borden said. If an unwarranted agent is observed, Agent 365 flags it to a human. The tool, launched in November 2025, has seen early adoption by multiple financial institutions, which Microsoft declined to name.
Regarding raising awareness of the risk of shadow AI use among employees, Borden said: “It’s got to be continuous education, just like there’s continuing education around phishing and attacks to maintain security.”
Register here for the inaugural FinAi Banking Summit, taking place March 2-3 in Denver. View the full event agenda here.






