Infosecurity Magazine reports that Lloyds Banking Group presented practical controls for agentic AI at the OWASP GenAI Security Summit during Infosecurity Europe. Lloyds framed security as its 12th "bet" alongside 11 AI and innovation bets, and described an AI safe adoption strategy covering lifecycle stages from package pulls to decommissioning, per Infosecurity Magazine. The bank described an internal agent marketplace for centralised registration, governance, auditability and traceability and said multidisciplinary feature teams combine security, compliance and responsible-AI functions. Manija Poulatova is quoted as saying, "We decided the only way we can actually embed security into adoption of AI and agents is to actually understand what is AI and agentic." Editorial analysis: This presentation exemplifies a practitioner approach that pairs hands-on experimentation with governance and tooling to make agentic workflows auditable and controllable.
What happened
Infosecurity Magazine reports that Lloyds Banking Group presented a practical playbook for securing agentic AI workflows at the OWASP GenAI Security Summit during Infosecurity Europe. Per Infosecurity Magazine, the bank described security as the 12th bet in an 11-bet AI and innovation roadmap, and outlined an AI safe adoption strategy spanning development, promotion, runtime observability and decommissioning. The presentation included an account of an internal agent marketplace described as "a single pane of glass for all agents" to centralise registration, governance, auditability and traceability, according to Infosecurity Magazine. Speakers quoted in the coverage included Manija Poulatova and Kirsty Montignani; Poulatova said, "We decided the only way we can actually embed security into adoption of AI and agents is to actually understand what is AI and agentic," per Infosecurity Magazine.
Technical details
Editorial analysis - technical context: The practices Lloyds described map to common controls used for higher-risk automation: centralized agent registries, lifecycle gating, runtime observability, and multidisciplinary feature teams that combine security, compliance and responsible-AI oversight. These controls reduce the operational surface area for agents by making provenance, configuration and runtime behavior discoverable and auditable. The agent marketplace pattern aligns with service-catalog and model-governance approaches seen in other regulated enterprises.
Context and significance
Industry context: Large financial institutions face regulatory and reputational exposure when deploying autonomous or semi-autonomous agents. Public reporting frames Lloyds' approach as pragmatic and engineering-led rather than purely policy-driven, emphasising low-risk, high-value initial use cases such as investments, pensions and customer support, per Infosecurity Magazine. For practitioners, Lloyds' emphasis on integrated teams and a single control plane for agents illustrates a repeatable pattern for managing agentic risk at scale.
What to watch
Observers should look for more granular descriptions of enforcement mechanisms (for example, policy-as-code gates, runtime policy enforcement hooks, and auditing pipelines) in follow-up presentations or technical writeups. Watch whether other regulated organisations publish similar centralized registries or publish implementation details of agent marketplaces and lifecycle controls, and whether OWASP outputs (for example, the agentic security maturity framework) are adopted as practical reference models.
Scoring Rationale #
A major bank publishing concrete operational controls for agentic AI is notable for security and ML operations practitioners, offering practical patterns for governance and runtime controls. The story is important but not frontier-breaking, so it rates as a notable, practitioner-relevant development.
Practice with real Banking data
90 SQL & Python problems · 15 industry datasets
[Suspicious Online TransactionsEasy](/problems/sql/suspicious-online-transactions)
[Delinquent Loans Over 30 DaysMedium](/problems/sql/delinquent-loans-over-30-days)
[Credit Card Utilization Risk ReportHard](/problems/sql/credit-card-utilization-risk-report)
250 free problems · No credit card