Search papers, labs, and topics across Lattice.
This paper systematically analyzes the intersection of autonomous-agent security and regulatory compliance in financial systems, identifying six key threat categories and their implications under US and EU regulations. By documenting architectural patterns from a real-world Know Your Customer deployment, the authors demonstrate how these patterns can transform compliance processes from multi-day to same-day resolutions while highlighting critical control failures. The findings emphasize that effective security in regulated environments hinges on practical implementations of auditability and least-privilege authorization rather than merely identifying new threats.
Legal accountability magnifies existing threats to autonomous agents in finance, revealing that security is more about practical compliance than novel attack vectors.
Large language model agents are entering regulated financial systems, yet the security literature characterizing their attack surface is almost entirely laboratory-based, and the practitioner guidance on regulated deployment is neither peer-reviewed nor connected to a formal threat model. We bridge the two from production experience. We map six established agentic threat categories namely prompt injection, identity and authorization, action auditability, tool abuse, data residency, and boundary policy enforcement onto the specific control obligations imposed by the US and the EU financial regulation (ECOA and Regulation B, the EU AI Act, GDPR Article 22, and FINRA's 2026 agent guidance), showing how legal accountability amplifies each threat relative to an unregulated deployment. We then document four architectural patterns from a production Know Your Customer deployment for a consumer credit product (A2A compliance choreography, grounded-RAG-for-audit, case-ID propagation, and an inference-boundary redaction proxy) that moved a multi-day manual process to same-day automated resolution for roughly four in five cases. Finally, we report three negative results, including two control failures surfaced only by internal audit and a population of legitimate applicants the automated pipeline cannot serve. Securing agents under regulation, we conclude, is less about novel attack classes than about making auditability, least-privilege authorization, and boundary policy enforcement real at production scale -- requirements current agent frameworks leave to the deploying engineer.