Banks race to build agentic AI as attackers weaponize automation
As attackers weaponize AI to move faster inside banks and enterprises, institutions like Commonwealth Bank are building agentic AI defences—while platforms such as OpenClaw reveal new supply‑chain and agent security risks.
Australia’s biggest bank is turning to agentic AI to fend off AI‑powered attackers — and says traditional security vendors can’t keep up. Commonwealth Bank of Australia (CBA) now crunches roughly 400 billion security “signals” a week with in‑house machine‑learning systems, up from tens of millions just a few years ago, to spot fraud, malware and intrusions across its network, according to a recent CBA cyber defence briefing and industry white papers.Commonwealth Bank and an Australian finance AI‑security study say this shift has slashed incident detection and response times from many hours or days to under 30 minutes in some environments, forcing a rethink of how security teams work.Seceon
Banks face attackers who already use generative models and automation to probe networks, craft phishing at scale and move laterally in minutes, with recent summaries suggesting AI‑enabled intruders can traverse corporate environments up to 85% faster than before.CyberSecStats That speed has pushed large institutions toward “agentic” architectures — AI systems that don’t just score alerts but launch their own hunts, correlate logs and trigger containment playbooks with minimal human input. For defenders, the job shifts from manually triaging tickets to supervising fleets of semi‑autonomous agents, tuning policies and validating high‑risk decisions.
At the same time, the agent platforms powering this transformation are becoming prime targets. OpenClaw, a viral open‑source AI agent framework that can operate file systems, browsers and cloud tools, has racked up hundreds of thousands of users — and a wave of security scares. Security researchers and vendors have warned that vulnerable “skills” and misconfigured deployments can enable remote code execution, data exfiltration and account takeover, prompting Cisco to label personal agents built on OpenClaw a “security nightmare” and to release a dedicated Skill Scanner tool.Cisco
Attackers have already begun targeting the OpenClaw ecosystem with infostealer malware and exploiting high‑severity flaws like the recently disclosed “ClawJacked” bug, which allowed data theft from compromised hosts.TechRadar Governments are responding: China this month banned OpenClaw from government systems and issued security guidelines after a rapid surge in workplace use, citing risks that misbehaving agents could leak or erase sensitive data.Tom’s Hardware As banks and enterprises roll out their own agentic defences, they’re discovering they must not only out‑automate attackers, but also harden the very AI platforms meant to keep them safe.
Tags