Is Financial Services Ready for Agentic Payments?

Imagine telling an AI assistant: “Find me the best flight to Chicago next Thursday. Book a hotel within walking distance of the conference center, stay under my travel budget, and use my rewards points if it makes sense.”

Now imagine that assistant not only making recommendations, but actually completing the purchases on your behalf. No extra approvals, switching between apps, or manually entering payment information.

That is the emerging reality of agentic payments.

AI agents are quickly evolving from passive assistants into systems capable of taking action. They can compare products, interact with vendors, negotiate prices, invoke APIs, and execute financial transactions with no human involvement. For financial institutions, this represents a major shift in how digital commerce may operate over the next decade.

CSA and Anjuna’s new State of Cloud and AI for Financial Services 2026 survey report examines this shift. Eighty-five percent of respondents believe AI agents will “initiate and execute payment transactions” on behalf of consumers. Even more telling, 65% believe this shift will require “an entirely new model for authorization.”

These findings highlight how modern payment systems are built around the assumption that a human is directly present when money moves. Agentic AI changes that assumption entirely. How will financial institutions prove that an autonomous transaction was legitimate, authorized, bounded, and auditable?

Below, explore why agentic payments represent more than just another AI use case. Learn why they signal a fundamental shift in how financial institutions need to think about identity, trust, and security. As AI agents move into operational and transactional roles, financial institutions need to rethink how they secure financial decision-making. They need to do this before autonomous commerce becomes mainstream.

 

AI Agents Are Moving From Assistance to Action

The report shows that AI agents are no longer a future-state concept. Sixty-two percent of respondents say their organization is using AI agents. These agents are already appearing across customer service, IT operations, back-office automation, fraud detection, AML compliance, personalized advice, credit underwriting, and trading.

Not all agents are equally autonomous. Some operate as task-oriented bots. Others are more capable systems that can reason across context, use tools, and act with limited human intervention.

Fifty-five percent of organizations using agents operate under “limited autonomy,” where AI systems perform tasks with active human oversight. Another 33% allow “conditional autonomy,” where AI acts by itself in low-risk scenarios under defined guardrails. Five percent have already granted “high autonomy,” allowing AI to operate by itself for critical actions.

That 5% may sound small, but in financial services it is strategically significant. The industry has already crossed from AI assistance to AI action. Payments are the next obvious frontier.

 

Why Existing Authorization Models Fall Short

Today’s payment authorization models generally rely on proof that a person approved a transaction at a specific moment. Even when organizations heavily automate the process behind the scenes, the trust anchor is still human intent. The account holder clicked, tapped, confirmed, or authenticated.

Agentic payments introduce a delegated software actor. The user may ask that actor to perform a broad objective. Think “book the cheapest refundable flight under $600” or “renew this subscription if the price has not increased.”

The consumer may not be present when the final transaction occurs. The agent may compare options, interact with merchants, invoke APIs, negotiate terms, and execute payment within pre-approved limits.

This creates difficult questions for banks, card networks, fintechs, merchants, and regulators:

1. is the identity behind the transaction: the consumer, the agent, the merchant, or the platform operating the agent?
2. exactly did the user authorize: a specific payment, a category of purchases, a merchant, or a task outcome?
3. long does delegated authority last?
4. the consumer revoke authority instantly?
5. logs prove the agent acted within its mandate?
6. should fraud monitoring distinguish between legitimate agent behavior and automated abuse?

The report frames this as a need for “a new trust anchor before agentic commerce can possibly scale.” Without a defensible authorization model, agentic payments risk becoming either too constrained or too permissive.

 

The Security Problem Is Also a Data Problem

The report’s broader AI risk findings help explain why you cannot treat authorization as a payments-only issue. Respondents identified “leakage of sensitive data” as the top financial services AI security concern at 61%. The report notes that this leakage may arise from “prompts, files, chat history or other means.”

Agentic payments tightly connect authorization and data protection. An agent may need access to account balances, invoices, loyalty accounts, shipping details, personal preferences, and merchant credentials. It may also use retrieval-augmented generation connectors or external tools to complete a task. Every connection expands the control surface.

That's why excessive/weak permissions for AI-powered tools, cited by 33% of respondents, is such an important signal. Twenty-seven percent cited unauthorized access or exfiltration through RAG connectors or retrieval tools. Nineteen percent cited credential or secret exposure through API keys, tokens, system prompts, and plugins.

So an agent that can pay can also expose data, misuse credentials, or call the wrong tool if you haven't tightly scoped its permissions. Financial institutions should not think of agentic payments as a standalone innovation project. They should treat it as an identity, authorization, data governance, monitoring, and incident response challenge.

 

What “Good” Could Look Like

The report points toward several practical control themes. Treat agent identity as a first-class identity and access management object. Do not treat it as an invisible extension of a user account or application. That means verifiable credentials, scoped permissions, time-bounded authority, behavioral monitoring, auditable action logs, and automated credential rotation.

For payments, this could translate into authorization policies that are machine-enforceable and understandable to consumers. Higher-risk actions could require step-up approval. Unusual behavior could trigger revocation or fraud review. Every action should be attributable to the human or organizational principal on whose behalf the agent acted.

Financial institutions will also need stronger observability. Twenty percent of respondents reported AI-related incidents, while another 21% were unsure whether such incidents had occurred. If institutions cannot see what agents are doing, they cannot reliably investigate, report, or learn from failures.

 

Trust Remains the Business Model

The report closes with this: “In financial services, trust remains the business model.” Agentic payments will test that trust in new ways.

Consumers will want convenience, merchants will want conversion, and AI platforms will want reach. Financial institutions will need to ensure that autonomous transactions are secure, authorized, explainable, and compliant.

Agentic payments are a new operating model for delegated financial action. The organizations that prepare now will be better positioned to support innovation without losing control. Invest in agent-aware identity governance, data controls at the point of AI interaction, and retrieval-layer authorization.

The future of payments may be agent-driven. The future of trust will still depend on governance.

 

Check Out the Full Report

Agentic payments are only one piece of a much larger transformation happening across financial services. The full survey report explores how cloud infrastructure, AI adoption, governance, identity management, and third-party risk are converging.

Beyond payments, the report dives into:

• 61% of respondents see sensitive data leakage as the top AI risk
• financial institutions are approaching AI agent autonomy and governance
• growing challenge of non-human identities and machine credentials
• rise of AI-specific security tooling such as AI Security Posture Management (AISPM)
• third-party and supply chain risk remain the industry’s top cloud concern
• regulations like DORA and the EU AI Act are reshaping operational expectations
• recommendations for financial institutions, cloud providers, and regulators

Additionally, the report captures the reality that many security teams are already experiencing firsthand: AI adoption is moving faster than governance maturity. Financial institutions are no longer debating whether AI belongs in operations. They are trying to determine how to deploy it safely, monitor it effectively, and maintain trust as autonomy increases.

If your organization is exploring AI agents, modern cloud, or new financial services risks, check out the full report. It provides a valuable benchmark for where the industry stands today and where it appears to be heading next.