Dominic Jainy stands at the intersection of emerging technology and enterprise resilience, bringing a wealth of experience in artificial intelligence and blockchain to the table. As an IT professional who has navigated the complexities of machine learning integration, he offers a unique perspective on how legacy institutions can pivot toward a future defined by autonomous agents. This conversation dives into the groundbreaking work being done at Lloyds Banking Group, where the transition from traditional banking to a leading digital powerhouse is being paved with “agentic AI” strategies that prioritize safety without stifling the creative spirit of innovation.
The following discussion explores the strategic operationalization of AI security, moving beyond high-level boardroom discussions to address real-world engineering challenges. We examine the shift from a restrictive “ministry of no” culture to a proactive, multidisciplinary approach that treats security as a fundamental pillar of innovation. Key themes include the creation of centralized agent marketplaces, the daunting hurdles of identity management in a multi-cloud environment, and the necessity of automated red-teaming to protect millions of customers and billions of data logs from sophisticated threats like agent hijacking.
Integrating security into the adoption of agentic AI often involves balancing innovation with risk management. How should an organization structure its strategic “bets” to ensure that security is viewed as an enabler rather than a barrier to progress?
The shift we are seeing at major institutions like Lloyds involves a visceral realization that security must be woven into the very fabric of the innovation roadmap, rather than being an afterthought. By articulating an AI roadmap around 11 core innovation bets and establishing security as the critical 12th bet, an organization can effectively shed the “ministry of no” reputation that has historically plagued IT departments. This approach allows teams to treat agentic AI as an engineering problem that can be designed, constrained, and tested at scale rather than a nebulous threat. When security is part of the initial bet, you can focus on low-risk, high-value use cases—such as investments, pensions, and customer support—that deliver tangible benefits while keeping regulators and customers front of mind. It turns the security function into a collaborative partner that helps define the precise boundaries within which these high-stakes probabilistic systems can safely operate.
Centralization and visibility are frequently cited as the biggest hurdles in managing autonomous systems. What are the practical benefits of implementing an internal agent marketplace, and how does it change the way multidisciplinary teams collaborate?
Creating a “single pane of glass” through an internal agent marketplace is a game-changer for governance because it centralizes registration and control in one accessible location. This model provides the auditability and traceability that high-pressure environments demand, ensuring that every agent in the ecosystem is accounted for and governed under the same set of rigorous standards. Instead of working in silos, we see the rise of multidisciplinary feature teams where security, compliance, and responsible AI experts work side-by-side with engineers on specific use cases. This collective accountability means a product simply does not go live until every stakeholder is satisfied that the risks are mitigated, creating a culture of shared responsibility. This deterministic oversight is essential when you have agents interacting with sensitive current account or loan systems, as it ensures the customer experience remains consistent and secure.
Identity management is often described as the “final frontier” for agentic AI. Why is it so difficult to define agent identity, and what does a multi-vendor, phased approach look like in a multi-cloud environment?
The complexity of agent identity stems from the fact that it cannot simply be a carbon copy of human identity; it requires a unique framework that enables containment and real-time behavioral analysis. We are currently in a period where the industry is still converging on standards, which is why working with heavyweights like Microsoft and Google to pilot different approaches is so vital. By utilizing native cloud tools—such as Google Cloud Platform tools for GCP workloads and Azure-native tools for Microsoft environments—an organization can maintain control while pursuing a long-term goal of a scalable, multi-cloud identity model. The goal is to design an identity that allows us to shut down or constrain an agent the moment it begins to misbehave. It is a meticulous process of trial and error where no single vendor currently provides a complete solution, necessitating a flexible and phased design strategy.
When dealing with probabilistic systems that can act autonomously, the potential “blast radius” of a malfunction is a major concern. What specific engineering controls can be implemented to limit the actions an agent can take?
To manage the inherent unpredictability of AI, we must implement strict constraints on the tools and capabilities available to each agent. One of the most effective patterns is requiring that tools are digitally signed every single time they are invoked, ensuring that an agent can only call a pre-approved, “wanted” tool and nothing else. We must explicitly prevent agents from having the capability to create new tools or develop their own skills on the fly, which keeps their actions within a predictable sandbox. This rigorous pattern not only reduces the potential blast radius of a hijacked agent but also generates the detailed, auditable trails that regulators require. By limiting the scope of what an agent can “see” and “do,” we turn a potentially chaotic system into a manageable extension of our existing IT infrastructure.
With an estate as vast as 23 million customers and 7 billion logs per year, human testing alone cannot possibly scale. How does automated offensive tooling and red-teaming change the defensive posture against threats like agent hijacking?
At the scale of a 200-year-old bank with significant legacy tech debt, human testing is like trying to empty the ocean with a teaspoon; you need automated offensive tooling to surface sophisticated attack classes like goal manipulation. Lloyds’ deployment of the OWASP Top 10 for Agentic in a production red-teaming environment represents a massive leap forward in defensive assurance. We have already seen evidence of agent hijack in the wild, which makes runtime detection and behavioral monitoring absolutely non-negotiable components of the security stack. When you are processing billions of logs, you need automated systems that can identify the subtle deviations in agent behavior that suggest a compromise. It is about fighting fire with fire—using AI-driven defensive tools to stay one step ahead of the adversarial tactics that target autonomous agents.
Generating nearly £50 million in value through generative AI is a significant milestone for any enterprise. How can organizations balance the pursuit of this massive ROI with the reality of maintaining 200-year-old legacy systems?
The tension between modern innovation and legacy “tech debt” is palpable, but the recent successes at Lloyds prove that these two worlds can coexist if the strategy is precise. By rolling out over 50 specific use cases, such as the Athena Knowledge Management Tool which reduced search times by an average of 66%, the bank has shown that AI can provide immediate, measurable relief to established systems. For the 5,000 engineers using GitHub Copilot, the value is even more direct, with a 50% improvement in converting code for legacy systems, which actually accelerates the process of upgrading customer-facing technology. The key is to avoid getting distracted by the “buzzword” of AI and focus on practical applications, like an AI HR Assistant that resolves 90% of queries on the first contact. This pragmatic approach turns the bank’s history into an asset, using the value generated by AI—expected to exceed £100 million this year—to fund the continued modernization of the entire estate.
What is your forecast for agentic AI in the enterprise sector?
I expect that by 2026, we will see a massive shift from experimental “chatbots” to fully integrated agentic ecosystems where security is no longer a separate department but an automated, real-time function of the software development lifecycle. Institutions will move toward large-scale internal education, much like the AI Academy for 67,000 employees, ensuring that every level of the workforce understands how to interact with these autonomous systems. We will likely see the emergence of standardized “agent protocols” that allow different vendors’ AI to communicate securely, finally solving the identity management crisis. Ultimately, the winners in this space will be those who move past the “theoretical threat” phase and get hands-on with testing, using the massive ROI from early wins to build a more resilient, agent-driven future.