BankingNewsAI Daily Brief ·
NYDFS warned financial firms that advanced AI-driven cyberattacks demand stronger controls now.
Banking AI
Financial institutions & fintech technology
TD put an “agentic” AI model into mortgage/HELOC underwriting to cut application cycle time
TD says it has launched its first agentic AI model to streamline real-estate secured lending, with the explicit goal of speeding mortgage and HELOC applications. This is a concrete step beyond copilots: an automated workflow agent sitting inside a regulated credit decisioning process, not just drafting documents or answering questions.
Action
Benchmark your own mortgage/secured-lending workflow for where an agent can pre-fill, validate, and route documents under policy controls, then set audit, model-risk, and adverse-action guardrails before vendors and peers reset customer expectations on turnaround time.
NYDFS issued new cyber threat guidance explicitly flagging advanced AI-driven attack risk to financial firms
New York’s Department of Financial Services published updated cyber threat guidance for banks, insurers, and other financial firms, explicitly warning about risks from advanced AI. It signals supervisory expectations are evolving from “cyber hygiene” toward AI-enabled threat scenarios (automated phishing, exploit discovery, deepfake social engineering).
Action
Run an AI-specific red-team exercise (deepfake voice/payment authorization + AI phishing + agent tool misuse) and map the results to NYDFS reporting, controls, and third-party risk requirements before exam teams start asking for evidence of AI-aware defenses.
General AI
Large language models & AI infrastructure
Alibaba’s Qwen3.7-Max showed long-horizon autonomy (35 hours) — the operational bar for “agent” governance just moved
Reports describe Alibaba’s Qwen3.7-Max running autonomously for ~35 hours on complex tasks and supporting external agent harnesses (e.g., Claude Code-like tooling). The important change isn’t raw model quality—it’s persistence and tool-using autonomy, which increases both productivity upside and operational risk (runaway actions, tool misuse, cost blowouts).
Action
Implement agent runtime controls now (budget/time caps, tool allowlists, human-in-the-loop checkpoints, full action logging) so you can safely exploit long-running agents in engineering, ops, and analytics without creating unbounded execution and audit exposure.
Anthropic is moving Mythos toward broader availability after Glasswing found 10,000+ serious vulnerabilities
Project Glasswing disclosures say Claude Mythos Preview has helped uncover 10,000+ high/critical software vulnerabilities, and separate reporting suggests Anthropic is preparing “Mythos 1” for wider use in Claude Code and security products. This is the clearest signal yet that frontier “security LLMs” are productizing into enterprise workflows, not just research demos.
Action
Treat AI-assisted vulnerability discovery as an arms-race capability: integrate AI code scanning into SDLC with strict data handling, and assume attackers will have similar tools—raise your patch SLAs, secrets hygiene, and production change controls accordingly.