Financial institutions rethink security, accountability, and governance as artificial intelligence becomes part of daily operations
San Francisco, United States, 26 March 2026 – The financial sector has always been built on the principles of safety and stability. But with the rapid rise of artificial intelligence, especially advanced systems that can act independently, these long-standing principles are now being tested in new ways.
As AI tools move from testing environments into real-world financial systems, organizations are facing a critical question: how to manage risk when decisions are increasingly driven by intelligent machines.
David Cass, Chief Information Security Officer at Keyrock and a faculty member at Harvard Extension School, believes the responsibility still lies with organizations. Even when companies rely on third-party vendors or AI-powered tools, they cannot shift accountability.
According to Cass, AI governance should not be treated as a one-time effort or a yearly review. Instead, it needs to be a continuous process that evolves along with the technology. Financial institutions must constantly monitor how AI systems are being used, updated, and integrated into their operations.
One of the biggest challenges is visibility. Many organizations struggle to track where and how AI is embedded across their systems, especially when third-party tools and shared software libraries are involved. This lack of clarity increases the risk of security breaches and system failures.
To address this, experts are encouraging the use of more advanced access control systems. Attribute-based access control, for example, allows organizations to limit who can access specific data or systems based on defined conditions. This helps reduce the potential damage if a system is compromised.
Another key concern is trust. As AI becomes more common, security leaders are demanding greater transparency from technology providers. Companies want to understand how AI systems work, how decisions are made, and how risks are managed behind the scenes.
Regulation is also struggling to keep pace with innovation. New rules often take time to develop, while AI technologies are evolving rapidly. In this gap, traditional principles of safety and risk management remain essential. Organizations are expected to apply these principles even when clear guidelines are not yet in place.
Cass emphasizes that asset management must also evolve. It is no longer enough to track physical systems and software. Companies now need to include AI models, third-party integrations, and shared components in their asset inventory. This broader view helps improve oversight and reduces hidden risks.
With over two decades of experience in cybersecurity and risk management, Cass highlights that the shift toward AI is not just a technical change but a strategic one. It requires new ways of thinking about security, accountability, and operational control.
As financial institutions continue to adopt AI, the focus will remain on balancing innovation with responsibility. Those that can manage this balance effectively will be better positioned to handle future challenges in an increasingly digital and automated world.