Lloyds Banking Group’s Proactive Approach to AI Security
Lloyds Banking Group is not approaching agentic AI as merely a theoretical concern or a buzzword circulating in boardrooms. Instead, the institution is treating it as a pressing engineering challenge that needs systematic design, stringent constraints, and large-scale testing. This perspective was elaborated upon during a candid presentation at the Open Worldwide Application Security Project’s (OWASP) GenAI Security Summit, held concurrently with Infosecurity Europe. Two prominent representatives from Lloyds’ security division discussed how the UK’s leading bank is successfully operationalizing AI security throughout its product development cycles, governance frameworks, and real-time defensive mechanisms, all while maintaining a keen focus on regulatory compliance and customer needs.
Manija Poulatova, the director of security engineering and operations at Lloyds Banking Group, commenced her presentation with a straightforward declaration: “We decided the only way we can actually embed security into the adoption of AI and agents is to actually understand what AI and agentic truly are.” This acknowledgment underscored the need to gain a robust comprehension of the technology to facilitate its secure implementation. Consequently, Lloyds articulated its AI and innovation roadmap, framing it around 11 key objectives labelled as “bets,” positioning security as the 12th critical bet. This strategic organization aims to delve into the nature of agentic AI and develop security controls tailored to its specific use cases.
Reflecting on an industry norm, Poulatova pointed out that security teams often adopt a “ministry of no” posture, and Lloyds is determined to shift this paradigm. Kirsty Montignani, the head of security data and AI at Lloyds, echoed this practical stance, stating, “The AI big bets are all low-risk, high-value use cases that serve our customers.” She elaborated that investment services, pensions, and customer support had been identified as initial focus areas due to their ability to not only deliver substantial benefits to customers but to also minimize exposure to risk.
“We wanted to start fresh, and we want to be really precise in our use case,” Montignani remarked, emphasizing the importance of clarity and purpose in their initiatives.
A Holistic AI Safe Adoption Strategy
Montignani proceeded to elaborate on Lloyds’ “AI safe adoption strategy,” which encompasses the entire product lifecycle. This strategy includes everything from the initial phase, where engineers gather packages and build agents, through to aspects such as promoting, monitoring, and eventually decommissioning agents. A significant innovation from this strategy is the creation of an internal agent marketplace, described by Montignani as “a single pane of glass for all agents.” This marketplace seeks to centralize registration, governance, and various controls for all AI agents.
"All the agents are in the same place, which allows us to then protect and control appropriately with auditability, traceability, etc.," she stated. Rather than isolating security, compliance, and responsible AI practices, Lloyds fosters multidisciplinary feature teams dedicated to each use case. "We bring the right people with the right skills that work together on the use case," Montignani emphasized, promoting collaboration.
Production gating in this framework is a collective responsibility, ensuring that no use case moves to its live phase until all accountable owners have confirmed that risks have been effectively mitigated. This collaborative approach not only enforces accountability but also aligns with the bank’s overarching mission to prioritize customer safety in all its operations.
Navigating Identity Management Challenges
As part of its AI efforts, Lloyds is developing two primary agents: the Threat Hunting agent and the Solicitors Regulation Authority (SRA) agent, along with additional third-party agents utilized by its workforce. Poulatova noted that one of the biggest challenges emerging from these developments is agent identity management. “The biggest question right now in the agentic space is identity, and it’s really hard to answer,” she admitted.
To address this, the bank is implementing a multi-vendor, phased approach, utilizing native cloud tools while the entire industry converges on common standards. It’s critical to understand that agent identity is not merely a reflection of human identity; it requires distinct designing to facilitate containment and behavioral analysis, thereby allowing for the efficient shutdown or constraint of misbehaving agents.
Working in collaboration with both Microsoft and Google, Poulatova indicated that they are piloting different identity strategies. “They both have an idea of how to approach AI agent identities. We’re working with both of them because right now there’s no one vendor that actually covers it all,” she explained. The bank’s model allows for the use of platform-specific controls while pursuing a strategic goal of establishing a scalable multi-cloud identity framework.
Additionally, Montignani detailed the methods used to limit the actions that agents can undertake by constraining the tools and capabilities they can access. "We make sure tools are signed every time, so that an agent, every time it calls a tool, can only call the intended tool. It cannot create tools or skills," she clarified, reinforcing the focus on minimizing potential risks and creating an auditable trail suitable for regulators’ scrutiny.
Enhancing Security with Practical Red-Teaming Exercises
Lloyds Banking Group has implemented the world’s first application of the OWASP Top 10 for Agentic in a production red-teaming environment, a collaboration that involved OWASP team members. Poulatova stressed that relying solely on human testing is no longer practical given the vast number of agentic projects. As a result, Lloyds is experimenting with automated offensive tools designed to scale defensive measures and identify various attack vectors, such as goal manipulation and agent hijacking.
“Evidence of agent hijack was observed,” Montignani stressed, underscoring the importance of runtime detection and behavioral monitoring as necessities for safeguarding their systems.
Sotiropoulos pointed out that the complexity of Lloyds Banking Group’s IT infrastructure makes red-teaming exercises particularly challenging. With approximately 23 million customers generating around seven billion logs annually, the bank’s vast and varied technological setting poses significant hurdles. “Our estate is vast, multi-cloud and, given that we are a 200-year-old institution, it has inherited legacy systems,” Montignani noted, acknowledging the technological debt that many organizations face.
Despite these challenges, Poulatova affirmed the bank’s ambition to position itself as a leading digital institution, rapidly adopting progressive technologies.
Key Takeaways for Security Leaders
For those in security leadership roles, Lloyds Banking Group’s AI agent playbook pivots around three actionable takeaways: first, select precise, low-risk, high-value use cases; second, codify and automate security controls to achieve scalability; and third, invest in runtime observability and automated adversarial testing to stay in line with evolving agentic behaviors.
In Lloyds’ perspective, this combination of hands-on experimentation, rigorous engineering standards, and effective cross-functional governance presents a realistic pathway to secure agentic AI implementations at an enterprise scale. “Get hands on. Start testing,” Poulatova urged the audience, emphasizing the importance of proactive engagement.
The OWASP conference session at Infosecurity Europe comes on the heels of Lloyds Banking Group revealing that it has realized approximately £50 million ($67.3 million) in value from generative AI initiatives in 2025, with expectations of more than £100 million ($134.6 million) expected in 2026 as they continue to capitalize on their leadership in the AI space.
Future AI Initiatives
The bank has already rolled out over 50 AI-focused use cases, including notable implementations like the Athena Knowledge Management Tool—an AI-driven internal search assistant that has reportedly reduced information search times by an average of 66%, thereby markedly enhancing customer service. Other successful use cases include the GitHub Copilot utilized by 5,000 engineers, which has driven a 50% improvement in coding efficiency, and an AI HR Assistant, which resolves approximately 90% of HR queries on the first contact.
Lloyds Banking Group has announced plans to introduce even more generative and agentic AI use cases in 2026, along with the establishment of an AI Academy aimed at enhancing the skill sets of their 67,000 employees, further demonstrating its commitment to embracing and advancing AI technologies in a secure and responsible manner.