The polite phase of AI in banking ended last week. FIS picked Anthropic. Fiserv picked OpenAI seven days later and shipped a full marketplace, six co-development banks, and two live pilots on day one. The two companies that run most of the country's bank tech just locked in their next decade on different AI labs. Sponsor banks on those cores now get agent roadmaps handed to them by vendors who never asked. Throw in a community bank filing an 8-K because someone uploaded SSNs to a free chatbot, data showing embedded payments fraud moving two to three times faster than traditional channels, and the cleanest sponsor bank evaluation framework published this year, and the picture snaps into focus. Agentic banking stopped being optional. It became a vendor decision with a ticking clock, and the banks still waiting for clarity are about to pay full price for someone else's strategy.

Advertisement

FIS announced its Anthropic partnership on May 4th 2026. Seven days later, Fiserv launched agentOS on May 14, 2026 with OpenAI and AWS as strategic collaborators; and shipped a full marketplace, six co-development banks, and two live pilots on day one. The bigger story is not either announcement alone. American Banker framed it directly: Fiserv and FIS together provide the technology underpinning most U.S. banks, and both have now publicly committed to building agentic AI directly into their cores, payments, and servicing. FIS is rolling out its Anthropic-powered Financial Crimes AI Agent with BMO and Amalgamated Bank, compressing AML investigations from days to minutes. Fiserv shipped a marketplace of four Fiserv-built agents and nine third-party ones, with Salem Five, City National Bank, Bank OZK, and SouthState already building, and First Interstate Bank and Boulder Dam Credit Union running live pilots. Sponsor banks should map every agent their core provider is building to a specific workflow this quarter and decide which ones to adopt, which to block, and which to customize; before the marketing cycle starts and customer expectations follow.

The cores are picking the AI labs. The CEOs are picking the budget priorities.

PYMNTS dropped numbers on May 13 that sponsor banks cannot shrug off. Twenty-four percent of bank CEOs put AI cybersecurity as the single biggest expected payoff from AI spend. The same data shows embedded payments fraud attempts hitting two to three times the rate of traditional channels, with 35% of organizations delaying or pausing embedded initiatives because of it. Sponsor banks should make AI-driven fraud controls table stakes for any new program, because the CEOs writing checks already treat them that way.

Spending on AI cybersecurity makes sense when the alternative is a rogue employee and then an 8-K. 

AI governance moved from a policy document to a material disclosure event when a community bank had to file an 8-K acknowledging that customer names, dates of birth, and Social Security numbers were exposed because an employee uploaded the data to a public AI application. No hack. No vendor breach. Just everyday access, a personal account, and bad judgment. This is the first known case of a U.S. bank self-reporting an AI-related customer data exposure at this scale, which means examiners now have a textbook citation for every future exam. Sponsor banks should pull their internal AI acceptable use policies this week and tighten them before examiners walk in carrying this exact filing.

In a week full of warnings, there is some positive news in sponsor banking.

FinWise dropped the clearest sponsor bank scorecard of the year on May 13. Sarah Grotta laid out six practical dimensions fintechs should test: decision speed, full product depth, auditability, execution capacity, post-launch support, and stage-appropriate economics. The piece grounds everything in data. BaaS grows from $18.6 billion to $73.7 billion by 2034 at a 15.1% compound annual growth rate. More than a quarter of FDIC enforcement actions since early 2024 targeted embedded sponsor banks. Ninety percent of institutions struggle with sponsor compliance requirements. Sponsor banks should run their own programs against this list before the next fintech conversation, because the partners already read it.

The two companies powering most U.S. bank cores just picked their AI labs and started shipping agents. Sponsor banks did not get a vote. One community bank already filed an 8-K after a simple chatbot mistake. Embedded fraud runs hotter than traditional channels, and CEOs rank cybersecurity as their top AI win. The cause is clear: the infrastructure layer moved faster than most banks planned. The effect leaves sponsor banks reacting to vendor roadmaps instead of setting their own. Banks that cannot show a governance position, vendor rationale, and fraud control plan by the end of summer start losing deals to the ones that can. The slower erosion of competitive position already started. Get specific, get governed, and get loud about it with partners now.

For those of you wanting a more in-depth look at the articles (and the links to them…)

Fiserv launched agentOS, an agentic AI operating system for financial institutions, with OpenAI and Amazon Web Services as strategic collaborators, exactly seven days after FIS announced its Anthropic partnership. The platform features a banking-native agent marketplace launching with four Fiserv-built agents and nine third-party agents covering financial crimes compliance, deposit intelligence, regulatory reporting, dispute management, and reconciliation, with six co-development banks including Salem Five, City National Bank, Bank OZK, and SouthState already building agents and First Interstate Bank and Boulder Dam Credit Union running live pilots. The launch signals that the core processing duopoly is now competing head-to-head on agentic AI infrastructure for community and regional banks, with general availability targeted for August 2026.

American Banker's coverage frames the broader competitive dynamic now playing out across core banking software, with Fiserv and FIS, the two providers underpinning most U.S. banks, racing to embed agentic AI directly into their cores, payments, and servicing. Fiserv's agentOS launched today with co-developed agents from First Interstate Bank for commercial loan onboarding and Boulder Dam Credit Union for daily operational analysis, cutting report times from ten minutes to seconds, while FIS rolls out its Anthropic-powered Financial Crimes AI Agent with BMO and Amalgamated Bank. The infrastructure layer of banking is being rebuilt around agentic AI, and vendor selection decisions made in the next twelve months will define competitive positioning for years.

Bank CEOs are channeling AI investment into cybersecurity faster than any other priority, with 24% citing enhanced cyber defense as the top expected benefit of AI spending, according to new PYMNTS research. The report shows embedded payments are generating fraud attempts two to three times faster than traditional channels, and 35% of organizations have delayed BaaS or embedded finance initiatives over fraud concerns. With AI budgets sitting at 10 to 20% of tech spend for many CEOs, the data reinforces a clear directional shift. AI cybersecurity, fraud prevention, and BaaS risk controls are now the defining infrastructure priorities for sponsor banks and fintech partners navigating embedded finance in 2026.

A community bank operating across Pennsylvania, Ohio, and West Virginia filed an 8-K disclosing that customer names, dates of birth, and Social Security numbers were exposed after an unauthorized AI application accessed sensitive data, reportedly the result of an employee uploading information to a public chatbot. The incident underscores the rising importance of AI governance, vendor risk management, and acceptable use policies inside financial institutions, particularly as examiners increasingly scrutinize generative AI controls during safety and soundness reviews. Sponsor banks, BaaS providers, and fintech partners should treat this as the regulatory signal that internal AI policies, employee training, and data loss prevention controls will be central to upcoming examinations.

Bank Employee Drops Customer Data Into Public AI Tool | May 12, 2026

A finance industry writeup of the community bank 8-K filing emphasizes that this is the first known case of a U.S. bank self-reporting an AI-related exposure of customer data at this scale, with the incident likely to become a reference example for examiners across future exams. The bank operating across Pennsylvania, Ohio, and West Virginia disclosed the material event after an employee uploaded customer names, dates of birth, and Social Security numbers to an unauthorized public AI tool, with no hack and no vendor breach involved.

Forbes reported the 2023 wave of ChatGPT restrictions across major U.S. banks, with JPMorgan, Bank of America, Citigroup, Deutsche Bank, Wells Fargo, and Goldman Sachs all implementing limits or outright blocks on employee access to ChatGPT on corporate networks within days of each other. The pattern shows the banking sector's instinct was to ban first, but the May 2026 community bank 8-K demonstrates that bans without technical enforcement and monitoring did not prevent shadow AI exposure three years later.

HR Dive reports that nearly half of workers admit they have used AI tools at work even when those tools were banned by company policy, and a significant share acknowledge entering sensitive or proprietary information into those systems. The data confirms the structural gap between AI policy and AI behavior, making policy-only approaches inadequate for sponsor banks holding regulated customer data.

Morgan Stanley partnered with OpenAI to build a proprietary GPT-4-powered assistant that operates entirely inside the firm's secure environment, with all prompts and responses confined to systems governed by the firm's compliance and data protection frameworks. The walled garden model gives wealth management advisors AI access to internal research and content while keeping client data inside the firewall, demonstrating an alternative to the ban-first approach that failed across community banking.

Goldman Sachs initially restricted ChatGPT in 2023 alongside its big bank peers, then pivoted to building internal AI systems with full data governance guardrails. By 2025, Goldman had deployed internal AI tools to every employee, running inside the bank's own environment with audit controls and compliance frameworks baked in, showing that the largest banks treated the ban as a starting point rather than a destination.

The OCC, Federal Reserve, and FDIC issued updated interagency guidance on model risk management in April 2026 that explicitly covers generative and agentic AI models, including those used for customer interactions and internal decisioning. Supervisors now expect banks to treat AI systems, including chatbots and agents, as models subject to existing risk management frameworks, which effectively closes the "we did not procure it" loophole and applies regardless of whether the AI was centrally purchased or accessed through an employee's personal account.

A security researcher tested 24 AI models configured as banking customer service assistants in January 2026 and found that every single one was exploitable, with prompt injection and related attack techniques bypassing policy and eliciting sensitive information at success rates between 1% and 64% depending on configuration. The common pattern was a chatbot initially refusing with some version of "I cannot help with that" before revealing sensitive fragments under sustained or cleverly crafted prompts, confirming that even sanctioned AI deployments require adversarial testing rather than reliance on vendor security reports alone.

Sarah Grotta, EVP and Chief Fintech Officer at FinWise Bank, lays out six concrete dimensions fintechs should evaluate when selecting a sponsor bank: speed to clear yes or no decisions, infrastructure depth across deposits, cards, lending, and payments, auditability and continuous oversight, execution pace tied to real portfolio capacity, post-launch partnership quality, and economic alignment across program lifecycle stages. The piece is grounded in hard market data, with BaaS projected to grow from $18.6B in 2024 to $73.7B by 2034 at a 15.1% CAGR, more than a quarter of FDIC enforcement actions since early 2024 targeting sponsor banks in embedded finance partnerships, and Alloy's 2024 research finding 90% of financial institutions struggle to meet compliance requirements as sponsor banks. Essential reading for fintech founders evaluating sponsor partners and for sponsor banks benchmarking their own program design against rising regulatory and operational standards.

Subscribe now to get the first episodes as soon as they drop and stay ahead of the next wave of bank-fintech moves.

Listen on your favorite podcast platform: listen.frominsidethevault.com

Watch full conversations and clips: watch.frominsidethevault.com

Get email recaps and future drops: subscribe.frominsidethevault.com