Financial institutions are embedding Artificial Intelligence into customer service, fraud detection, productivity workflows and risk analysis, but governance, visibility and security controls are not keeping pace. Recent industry research shows that two-thirds of financial services organisations report rapid Artificial Intelligence adoption, while the overwhelming majority now consider Artificial Intelligence a top cybersecurity priority heading into 2026. The challenge is especially acute because employee use of generative tools such as ChatGPT and Copilot often falls outside traditional Artificial Intelligence security discussions, even as these tools become easier to access through browsers, collaboration platforms and enterprise software updates.
Research suggests that 72% of financial services organisations have identified instances where employees are using Artificial Intelligence tools outside approved governance frameworks. This so-called shadow Artificial Intelligence is often driven by productivity needs rather than malicious intent, with staff using tools to summarise reports, analyse financial data, draft communications, automate tasks and support decision-making. Without visibility into where and how these systems are used, firms risk sensitive financial information, confidential business data or uploaded files being exposed through prompts, public platforms or generated outputs.
Traditional cybersecurity and governance models are poorly suited to the speed and decentralised nature of Artificial Intelligence adoption. Earlier technology rollouts were usually led by IT teams through controlled procurement and deployment processes, while Artificial Intelligence use can emerge organically across business units before formal oversight catches up. This is supported by research: despite the majority of financial service security professionals finding instances of shadow Artificial Intelligence, around 69% of firms report having formal Artificial Intelligence policies in place. Formal policies alone may not provide enough insight into the broader ecosystem of embedded assistants, third-party platforms and cloud-based tools employees interact with daily.
More sustainable governance depends on controlled enablement rather than blanket restrictions. Financial institutions need visibility into sanctioned and unsanctioned Artificial Intelligence use, cross-functional governance involving legal, compliance, risk, procurement and business leaders, and employee education on sensitive data handling and verification practices. Regulatory pressure is also increasing, with the upcoming EU Artificial Intelligence Act setting out risk-based rules for Artificial Intelligence developers and deployers regarding specific uses of Artificial Intelligence. Firms that build flexible governance models now will be better positioned to support safe innovation while adapting to future compliance expectations.
