I am currently authoring new Datos Insights research on artificial intelligence (AI)-risk management for CISOs serving financial services institutions (FSIs). CISOs and risk leaders at FSIs have faced immense pressures and various challenges for years. Now in 2026, agentic-based AI risks and defense possibilities dominate my discussions with these remarkable leaders.
Just as we thought AI developments could not move forward any faster, the release of frontier AI models has poured accelerant on the pace of change in the market. The high-profile prerelease of Anthropic Claude Mythos (Mythos Preview), as well as the release of OpenAI GPT-5.5, are further lowering the bar for cybercriminals and creating new opportunities for defenders.
As businesses rapidly develop their internal agentic AI plans, heightened cyber-risk concerns plague CISOs, risk professionals, boards of directors, and the C-suite. Everything is changing on multiple fronts. It is truly a new Wild West for cyber risk in financial services, with high stakes for the business.
Security Themes Are Becoming Unhelpful Slogans
One theme I see in today’s market is the overuse of well-known phrases; over time, they have become mere security slogans for risk professionals. For how many years have we said something like ‘AI is a double-edged sword?’ In previous seasons, particularly in the days of generative AI, this high-level phrase was correct and helpful. AI capabilities were elevating cyber risk and creating new opportunities for defenders. The phrase helped CISOs understand the dual nature of AI technology innovation and provided a framework for prioritizing security programs.
However, I recently heard a security provider use this same phrase during an agentic AI webinar for risk leaders. Certainly, the implication of ‘AI is a double-edged sword’ is useful for nonsecurity executive leaders and consumers. However, for seasoned CISOs, fraud executives, and risk professionals, the dual nature of modern AI technological developments is well known (or it should be). The phrase can serve as a jumping-off point for deeper risk considerations, but can we get to these deeper places, please?
I recently participated in an agentic AI-risk webinar from a different vendor, which offered little beyond this high-level slogan and a product demo that could have been from five years ago. Seasoned risk professionals need so much more.
Market Hype Hurts CISOs More Than It Helps
Another theme I find unhelpful for CISO practitioners is hype. Our security market is full of hype regarding risks and product capabilities; no surprises here. I am not saying everything is hype—data-driven trends and market statistics are important, as are product roadmaps. Rather, I’m saying that the market is very noisy on the back end of successive security hype cycles (e.g., zero trust, identity, and AI).
Hype does not help most CISOs. Over my nearly 30-year security career, I have watched market hype take all the air out of the rooms where security decision-makers meet. Not all fall into this trap, but we, as security leaders, are vulnerable to the siren call of the latest hyped development, often losing our focus on planned, budgeted security improvements.
In the worst cases, CISOs pause key decisions until more clarity is reached. Often, this clarity never arrives. The red ‘easy button’ never materializes, and CISOs and their institutions fall further behind as attackers advance. I certainly remember a few decisions early in my career where hype got the best of me. It happens. We all have some tendency to focus on the next shiny thing while driving into a well-understood security pothole right in front of us.
Vulnpocalypse and Messages of Doom
The financial services market has exploded with concerns about increased attacker effectiveness, driven by agentic AI capabilities that enable more automated, orchestrated cyberattacks against the enterprise. The 2025 state-sponsored GTG-1002 cyber campaign, leveraging an older Anthropic framework, served as a proof point for the kind of novel cyberattack against which many FSI security architectures are vulnerable.
To be sure, agentic tools will enable attackers to discover and exploit application vulnerabilities more quickly than we are used to operationally. At RSAC in San Francisco in March, several vendors pitched ‘vulnpocalypse’ style messages of doom. Yes, vulnerability management is a key concern moving forward, but it is certainly not the only concern.
Project Glasswing just released a summary of initial findings one month after the project began. In that time, “most partners have each found hundreds of critical- or high-severity vulnerabilities in their software. Collectively, they’ve found more than ten thousand. Several have told us that their rate of bug-finding has increased by more than a factor of ten. For instance, Cloudflare has found 2,000 bugs (400 of which are high- or critical-severity) across their critical-path systems, with a false positive rate that Cloudflare’s team considers better than human testers.”[1]
These are challenging times, but messages of doom are rarely helpful to CISOs. A better message is that traditional processes of vulnerability detection, notification, and remediation require major changes, as attackers with access to frontier AI models can reduce the time between notification and exploitation significantly. Professionals can look under the hood of these more practically stated challenges and solve these issues. CISOs can find guidance from industry experts and top providers, but let’s not be fooled into thinking that navigating this new Wild West is only about remediating application vulnerabilities.
Securing Agentic AI Platforms
2026 has also become consumed by the critical need to secure agentic platforms that FSI enterprises are deploying. Every business I advise is deploying an agentic platform in its environment this year. Early adopters have already done so. It is fascinating!
What does it mean to secure these highly capable platforms? One thing is certain: Traditional defenses and legacy identity and access management (IAM) life-cycle solutions built for human users are ill-equipped to secure agentic platforms. The question becomes whether FSI security leaders will get on their front feet to deploy these new security solutions or if the speed of the market results in the historical security pattern of the horse getting out of the barn before security pros lock the door.
Frontier AI Models Have Begun to Change Everything for CISOs
This advisor’s view is that frontier AI models will transform FSI cybersecurity practices and the CISOs who lead them. Attacks, defense solutions, vendor partnerships, M&A, code security, and even how we categorize security solutions will evolve in significant and unpredictable ways. The evidence is in recent security product announcements, M&A transactions, and Anthropic’s recent Project Glasswing update. It is going to be a challenging and exciting season for CISOs and their teams. Some implications are likely to create difficult, systemic challenges for FSI defenders.
We are in the early stages of the frontier AI season. There is much work ahead. FSI CISOs and risk leaders cannot practically solve everything at once. Resources and budgets are measured. The transformations ahead for cybersecurity feel like storm clouds on the western horizon. We can debate how far away these storms are before they arrive at our business, but they are coming. How can CISOs make effective, proactive security investments when key aspects remain unknown?
Need for Actionable Risk Advisory in the Context of Ambiguity
CISOs, cyber-risk professionals, and even boards of directors need actionable advice now, not in a year or so, when more of this becomes clear. They will need different guidance then. As everything changes in cyber risk and defenses, cyber leaders need advice that recognizes current unknowns, examines operational implications beyond security slogans, and avoids impractical ‘boil the ocean’ style recommendations. These leaders need guidance that focuses on key solution domains and investments.
As a preview, Datos Insights recommends CISOs target four specific disciplines and domains for strategic assessment, solutioning, and deployment to defend their business, given the FSI risk implications of frontier AI models in the market:
- Envision a more robust zero-trust security architecture with a specific set of defense improvements: Other security solutions are important, but pursuing everything at once will likely produce more problems than successes. In 2026, focus on the following solutions as the most strategic and critical frameworks to enable progression toward a more effective, AI-enabled security architecture.
- Digital identity implemented in a shared fabrics/mesh model
- Data protections that deliver real-time, fine-grained authorization controls
- Attacker economics, solutions that disrupt attackers, adding more time for bad actors to reach targeted data, all to demotivate their economics
- Security operations center; the ability to extract meaningful risk signals from massive noise has become critical
- Reimagine enterprise vulnerability management:
- Vendor and open-source applications: Yes, ‘vulnpocalypse’ is hype, but let’s be clear: Attackers will take another leap forward in how quickly they detect and exploit vulnerabilities in commercial and open-source applications. Project Glasswing’s early findings confirm this. These dynamics will severely challenge legacy patch management solutions and processes, especially for those carrying significant technical debt. It is time to examine existing solutions and consider improvements as the market adjusts.
- Self-coded software security: Project Glasswing has meaningful goals in mind for defenders to better detect and remediate vulnerabilities in self-coded applications. Opinions on success vary. This advisor is an optimist: Do not expect silver bullets from Glasswing but do expect meaningful improvements to emerge from this and other, similar programs. Market conditions will pressure FSI software development teams to remediate more bugs more quickly. Assess and plan from new DevSecOps realities.
- Seek improved risk governance solutions for boards of directors: Doing so will improve cyber-risk oversight maturity and strengthen internal risk governance, thereby fulfilling fiduciary responsibilities in the new Wild West of financial services. Many FSI boards require improved capabilities in these market conditions.
- Sharpen internal risk cases and requirements:
- Distinguish between the risk cases of defending against attackers using agentic AI and securing internal agentic platforms. Some providers seem to be pitching both risk cases as the same, but they are not. We can expect some common defender solutions, but viewing these as distinct risk cases for the business to solve will pay dividends now and in the future.
- Formalize desired outcomes and requirements. Some organizations do this well; others less so. When markets evolve rapidly, it can be tempting to consider ‘requirements’ as old-school security practices that organizations no longer have time for. Beware! As frontier AI models find their place within FSI risk cases, stating essential business outcomes and solution requirements becomes more critical.
As frontier AI models enter the market, financial services have been ushered into the new cyber-risk Wild West. An upcoming Datos Insights report will flesh out these strategic implications and recommendations in greater detail, including build vs. buy considerations.
How do you think about this? I look forward to hearing your reactions and perspectives.
[1] “Project Glasswing: An initial update,” Anthropic, May 22, 2026, accessed May 25, 2026, https://www.anthropic.com/research/glasswing-initial-update.
