Lloyds Banking Group Details Pragmatic AI Security Strategy
Lloyds Banking Group is tackling agentic AI security as an engineering challenge, combining hands-on experimentation with cross-functional governance to manage risks.
Lloyds Banking Group is approaching the security of agentic AI not as a theoretical concern but as a practical engineering problem requiring design, constraint, and scaled testing. At the OWASP GenAI Security Summit during Infosecurity Europe, representatives from Lloyds outlined their strategy for embedding security throughout the AI adoption lifecycle, emphasizing collaboration with regulators and customers.
Manija Poulatova, director of security engineering and operations at Lloyds, admitted that the bank's security teams needed to deeply understand AI and agentic systems to effectively secure them. This led to security being designated as the "12th bet" alongside the bank's "11 bets" on AI and innovation, with the explicit goal of understanding and securing AI use cases. Poulatova stated a desire to move away from security teams being perceived as obstructive, aiming instead to facilitate secure adoption.
Kirsty Montignani, head of security data and AI at Lloyds, highlighted the bank's focus on low-risk, high-value use cases for initial AI deployments, such as investments, pensions, and customer support. This approach ensures tangible customer benefits while minimizing potential exposure. The bank's "AI safe adoption strategy" covers the entire lifecycle, from initial development and agent registration to runtime monitoring and decommissioning.
To manage its AI initiatives, Lloyds has created an internal "agent marketplace," a centralized platform for registering, governing, and controlling all agents. This provides a single pane of glass for security, compliance, and responsible AI oversight. Instead of siloed efforts, multidisciplinary feature teams are formed around each AI use case, ensuring collective ownership and risk mitigation before deployment. This collaborative model aligns AI adoption with the bank's core mission of serving customers safely.
Agent identity management has emerged as a primary challenge for Lloyds. The bank is developing two key agents, the Threat Hunting agent and the SRA agent, alongside third-party agents. Poulatova explained that agent identity differs from human identity, requiring design for containment and behavioral analysis to quickly identify and shut down misbehaving agents. Lloyds is piloting identity approaches with both Microsoft and Google, acknowledging the current lack of a single vendor solution.
Lloyds is also actively constraining the actions its AI agents can perform by limiting their access to tools and capabilities. Montignani explained that agents can only call approved tools, and cannot create new ones or develop new skills. This approach is crucial for reducing the potential blast radius of any compromised agent and for maintaining auditable trails required by regulators.
In a pioneering move, Lloyds collaborated with OWASP to conduct red-teaming exercises against its AI agents using the OWASP Top 10 for Agentic. Poulatova noted that human testing alone is insufficient for scaling security assurance across numerous agentic projects. The bank is exploring automated offensive tooling to identify attack classes like goal manipulation and agent hijack, having already observed instances of agent hijack, underscoring the necessity of runtime detection and behavioral monitoring.
The scale of Lloyds' IT infrastructure, encompassing approximately 23 million customers and seven billion logs annually across a vast, multi-cloud environment, presents significant challenges for red-teaming and security monitoring. This complexity underscores the importance of their pragmatic, layered approach to securing agentic AI, balancing innovation with robust risk management and regulatory compliance.