Securing the Boundary: Trust Context Separation in Privileged AI Agent Systems

Graph convolutional neural networks, which learn aggregations over neighbor nodes, have achieved great performance in node classification tasks. However, recent studies reported that such graph convolutional node classifier can be deceived by adversarial perturbations on graphs. Abusing graph convolutions, a node's classification result can be influenced by poisoning its neighbors. Given an attributed graph and a node classifier, how can we evaluate robustness against such indirect adversarial attacks? Can we generate strong adversarial perturbations which are effective on not only one-hop neighbors, but more far from the target? In this paper, we demonstrate that the node classifier can be deceived with high-confidence by poisoning just a single node even two-hops or more far from the target. Towards achieving the attack, we propose a new approach which searches smaller perturbations on just a single node far from the target. In our experiments, our proposed method shows 99% attack success rate within two-hops from the target in two datasets. We also demonstrate that m-layer graph convolutional neural networks have chance to be deceived by our indirect attack within m-hop neighbors. The proposed attack can be used as a benchmark in future defense attempts to develop graph convolutional neural networks with having adversary robustness.

The concept of software agents has been discussed for many decades with the vision that agents ‘inhabit some complex dynamic environment, sense and act autonomously in this environment, and by doing so realize a set of goals or tasks for which they are designed’, as defined by Pattie Maes in 1995. An illustrative example is the case of car navigation systems, which estimate a best route according to the preferences of the driver, adapt to traffic news with optimised routing and inform the user which way to go. Only recently, the tremendous development of large language models (LLMs) triggered a new wave of excitement about so-called ‘AI agents’, which are based on a LLM core enhanced with interfaces to tools and orchestration of software elements, which are programmed ex-ante. These AI agents combine two limitations: LLMs are statistical estimators for most probable ‘next best tokens’, and tools such as interfaces or orchestration have to be programmed traditionally, ie knowing which problem has to be solved. There are, however, narratives that they can transform businesses operations and increase productivity by making decisions without humans, optimising processes and adapting instantaneously to new situations. Following a brief review of the actual technical implementations, this paper scrutinises this issue from three perspectives: the so-called t-bench (‘tool–agent–user’, ie benchmark with retail, airline and telecom customer support systems), first tests with more sophisticated AI agents (such as Anthropic’s project ‘Vend’ in 2025), and real-world tests of agent-like LLM applications for financial services (such as extraction of environmental, social and governance [ESG] parameters from corporate reports). The paper concludes that the usability of AI agents depends on a quality–resource analysis for every individual use case: there is a difference between a macro-economic analysis of a set of ESG reports versus an individual decision for corporate ESG-linked lending. While tailored benchmarks for ‘fine-tuned’ LLMs to solve dedicated problems such as maths text questions are quite impressive, the current experiences with real-world cases do not support the vision that AI agents would rewrite the rules of business, but indicate a possible new Solow paradox. Originally, Robert Solow wrote in 1987: ‘You can see the computer age everywhere but in the productivity statistics.’ This paper understands this paradox as analysed by Daron Acemoğlu et al. in 2014: that IT-using industries show no additional productivity gains, in contrast to the view that IT is making workers redundant and ‘automates’ performance increase, despite the continuously increasing output of the IT-producing industry. Today, this paradox might reappear for AI-agent-using versus AI-agent-producing sectors of economy. This article is also included in The Business & Management Collection which can be accessed at https://hstalks.com/business/.

PurposeCompanies must understand consumer responses to AI-provided services to ensure their effectiveness. This is especially important for critical moments of truth, such as service recovery situations. In this article, we examine consumer preferences for AI versus human service recovery depending on the recovery situation: (1) locus of failure (customer vs company failure); (2) type of symbolic recovery (explanation vs apology); and (3) type of utilitarian recovery (monetary vs functional redress).Design/methodology/approachThree experimental studies were conducted using video-based scenarios that simulated customer chat conversations in financial services and healthcare contexts.FindingsResults show that customers favor AI over human agents in cases of customer failures, while they prefer human agents in cases of company failures. Moreover, customers favor AI agents when given an explanation of the failure or monetary redress, whereas they prefer human agents when receiving an apology for the failure or functional redress. Differences in perceived trustworthiness of AI versus human agents, including their perceived competence, benevolence, and integrity, in these contexts are the underlying psychological process that explains our findings.Originality/valueThis article reveals novel insights into the effectiveness of AI versus human service recovery as a function of service failure and strategy context. Our findings demonstrate the need to align the type of service recovery agent with the specific type of service failure and recovery strategy to maximize customer satisfaction and, in turn, loyalty.

We present Mind-Tool, an AI-augmented system implementing domain memory architecture for operational infrastructure management. Unlike conventional AI assistants that operate statelessly, Mind-Tool maintains an organized memory layer (persistent knowledge files), a desired-state model (conversational goal tracking) and a continuous reasoning engine that updates digital assets over time. Deployed for managing complex IT infrastructure (Proxmox clusters, Kubernetes, networking, security systems) over a 90-day production period, Mind-Tool achieved 94% task success rate with 68% workflow automation and 62%- time reduction compared to manual approaches. Our architecture independently validates recent parallel research by anthropic demonstrating that effective AI agents require persistent domain memory rather than relying solely on large context windows. We provide quantitative results from production deployment, identify key architectural differences between autonomous coding agents and operational infrastructure agents and demonstrate that competitive advantage in AI agent systems lies in domain memory design rather than model intelligence confirming through independent development and extended operational use that domain memory represents a fundamental pat- tern for practical agent systems in human-collaborative domains.

This paper surveys the landscape of AI agent frameworks, highlights their core features and differences, and explores their applications in financial services. We synthesize insights from recent industry reports, academic research, and technical blog posts, focusing on frameworks such as CrewAI, LangGraph, LlamaIndex, and others. We also discuss the challenges and opportunities of deploying agentic AI in production environments, with an emphasis on financial trading, investment analysis, and decision support. We analyze the rapidly evolving landscape of agentic AI systems, focusing on their architecture, capabilities, and practical implementations in banking, trading, and risk management. The study examines prominent frameworks including LangGraph for stateful agent orchestration, CrewAI for collaborative multi-agent workflows, and AutoGen for conversational agent systems, alongside industry platforms like IBM watsonx and NVIDIA NIM. The study examines both technical frameworks (LangGraph, CrewAI, AutoGen, etc.) and practical implementations in financial institutions. We highlight productivity gains (up to 80% time reduction in data tasks), risk management improvements, and workforce transformation challenges. The paper concludes with recommendations for financial institutions adopting agentic AI solutions. Our analysis reveals three key findings: (1) specialized agent frameworks achieve 50-80% productivity gains in financial data tasks compared to traditional approaches, (2) multi-agent systems demonstrate particular promise in complex domains like algorithmic trading and fraud detection, and (3) successful deployment requires addressing critical challenges in workforce upskilling, risk alignment, and regulatory compliance. The paper provides a theoretical foundation for agentic AI in finance, introducing formal models for agent design patterns, multimodal fusion, and market microfoundations. We further present a summary of several evaluation frameworks for assessing agent performance across financial use cases, including portfolio optimization and AML compliance. The study concludes with recommendations for financial institutions adopting agentic AI, emphasizing the need for standardized architectures, robust testing protocols, and hybrid human-AI workflows.

Event-triggered output feedback tracking against random deception attacks for nonlinear systems.

Role of FinTech in Accelerating Financial Inclusion in India

Abstract—The proliferation of digital financial services has created a fragmented and insecure data landscape, overwhelming individuals seeking to manage their financial health. Traditional cloud-based personal finance tools require users to surrender sensitive data, posing significant privacy risks. This paper introduces ASTRAFIN, a secure, local-first AI agent designed for autonomous financial health analysis. ASTRAFIN leverages on-device Natural Language Processing (NLP) models to parse and extract data from varied sources, including PDF bank statements and UPI SMS, ensuring sensitive information never leaves the user's device. We detail the system's core, a multi-tool AI agent built on the ReAct (Reasoning and Acting) framework, which autonomously reasons about the user's financial state. This agent orchestrates a suite of integrated tools for automated transaction categorization, predictive budget tracking, and web-based deal discovery. A key innovation is the implementation of a stateful memory system using a local vector database, enabling the agent to maintain long-term context and provide personalized, longitudinal analysis. By integrating Python-based ML models, advanced NLP concepts, and secure API integration, ASTRAFIN provides a privacy-centric, intelligent, and autonomous solution to empower individuals in managing their financial well-being. Keywords—AI Agent, Local-First Software, ReAct Framework, Privacy-Preserving NLP, Financial Data Parsing, Vector Database, Autonomous Decision-Making, Personal Finance, Transaction Categorization, Web Scraping

The rapid evolution of autonomous AI agents has introduced unprecedented opportunities across domains such as finance, healthcare, defense, and smart infrastructure. However, these advancements come with heightened security risks, including adversarial attacks, system manipulation, data breaches, and unauthorized decision-making. This chapter explores emerging trends in securing autonomous AI agents, emphasizing proactive defense mechanisms, resilient system design, robust monitoring strategies, and ethical AI governance. By integrating advanced cryptographic techniques, continuous learning defenses, and multi-layered security frameworks, the chapter highlights pathways to mitigate vulnerabilities while fostering innovation. Additionally, it outlines research opportunities aimed at developing adaptive, trustworthy, and explainable AI agents capable of functioning securely in dynamic environments. The discussion also considers regulatory compliance, interoperability, and cross-domain collaboration as critical enablers of resilient autonomous AI systems.

Advances in Artificial Intelligence (AI) and Machine Learning (ML) are expected to create a new wave of inefficiencies in economic activities, leading to massive productivity gains and reduction of costs. In central banking, AI and ML can help with central bank objectives, such as maintaining price and financial stability, monitoring the business cycles, and serving as a basis for issuing Digital Currencies, for further adoption by users and businesses. At the same time, the massive adoption and deployment of AI technologies and products come with ethical and security risks, such as algorithmic biases and exploitation of VUCA situations with cyberattacks and prompt attacks for leading AI/ML Models, thus undermining Security and Safety, and reinforcing trust, key requirements for the modern Digital Payments platform Central Banks, Retail Banks, and other Payment Institutions are expected to build and scale. How may Central Banks help secure and ethically deploy, by both the private sector and themselves, AI technologies applied to payments, particularly Digital Currencies? We identify priorities and the right regulatory guidelines and sandboxes, to ethically and securely develop financial services using these technologies. Our conclusions are based on a literature review and survey results with practitioners, in Central Banks and the Private Sector, working on or in charge of implementing these regulations to support the Central Bank Digital Currency in payment systems. We specifically address the following main questions. How are Central Banks currently supporting the Security and Trust of Digital Payments? What role may Central Banks play in creating the incentives for the Private Sector to ethically and securely leverage AI/ML technologies to build intelligent financial services in Digital Payments, while not crowding them out? At the Multi-Lateral Level, how to combine these efforts for interoperability and to better address Cybersecurity risks?

The Promotion of Transfer-of-Funds Liberalization Across International Economic Law

Recent trends in aerospace Power Management and Distribution (PMAD) systems focus on using commercial off-the-shelf (COTS) components as standard building blocks. This move to more modular designs has been driven by a desire to reduce and development times, but is also due to the impressive power density and efficiency numbers achieved by today's commercial DC-DC converters. However, the PMAD designer quickly learns of the hidden costs of using COTS converters. The most significant cost is the required addition of external input filters to meet strict EMI requirements for space systems. In fact, the high power density numbers achieved by the commercial manufacturers are greatly due to the lack of necessary input filters included in the COTS module. The NASA Glenn Research Center is currently pursuing a digital control technology that addresses this problem with modular DC-DC converters. This paper presents the digital control technologies that have been developed to greatly reduce the input filter requirements for paralleled, modular DC-DC converters. Initial test result show that the input filter's inductor size was reduced by 75%, and the capacitor size was reduced by 94% while maintaining the same power quality specifications.

An evaluation of indirect attacks and countermeasures in fingerprint verification systems

In the existing literature on innovation, financial services firms are attributed with a dependence on external knowledge inputs. Meanwhile, relative importance of sources of knowledge for innovation, modes of knowledge inflow, cooperation partners, advantages and disadvantages of cooperation for innovation remain underexplored. This study has unveiled that the most important internal sources of knowledge for innovation in financial services are frontline employees, new service development teams, bank executives, and backstage staff. Highly valuable modes of knowledge inflow for innovation are human resource development, purchase of equipment, and informal personal interactions. Financial services firms benefit from cooperation for innovation with external partners in the following aspects: increase in customer satisfaction, developed new skills of employees, new technologies, access to knowledge and expertise, decreased costs, and finding a new approach to solve a problem. Costs associated with external cooperation for innovation remain the most influential disadvantage of this mode of inbound open innovation.

It has been pointed out repeatedly that broad access to appropriate and lasting financial services is important for poverty reduction, as this contributes to higher income and better food security (ADB, 2000; Heidhues, 1998; Zeller et al., 1997). Enhanced access to financial services can support sustainable land use through increased agricultural productivity. This is achieved by giving farmers the opportunity to use external production inputs. Higher agricultural productivity can potentially contribute to natural resource protection; with higher yields on existing fields, farmers may be less prone to move into vulnerable, marginal areas.3 Besides, access to appropriate financial services also improves the ability of poor farmers to better manage external shocks. This again reduces the probability of farmers beginning to exploit marginal areas in times of crises and, therefore, supports resource protection.