In August 2024, a major European investment bank discovered its algorithmic trading system had been accessing client portfolios using credentials belonging to a trader who had left the firm three months earlier. The automated system continued executing trades worth €47 million daily, operating under a digital identity that should have been deactivated. The incident, kept confidential until regulatory filing requirements forced disclosure, illuminates a dangerous blind spot in financial services: artificial intelligence systems are accumulating live credentials with minimal oversight.
The problem extends far beyond a single institution. As trading algorithms become more sophisticated and autonomous, they require persistent access to market data feeds, execution platforms, and client accounts. Yet these AI systems operate using the same credential frameworks designed for human users—frameworks that assume conscious decision-making, regular password changes, and the ability to recognise suspicious activity.
The Credential Accumulation Crisis
Financial institutions have embraced AI trading at unprecedented scale. According to Greenwich Associates, algorithmic trading now accounts for 85% of equity trading volume in developed markets, up from 65% in 2019. Each trading algorithm requires multiple sets of credentials: market data access, order management systems, risk monitoring platforms, and regulatory reporting tools.
The Bank for International Settlements' 2024 survey of 47 major banks revealed that institutions deploy an average of 127 distinct AI trading models, each requiring between 8 and 23 separate credential sets. This creates what researchers term "credential sprawl"—a web of digital identities that grows faster than governance frameworks can manage.
PwC's Financial Services Technology Survey found that 73% of banks cannot accurately inventory which credentials their AI systems hold, while 81% lack automated processes to revoke AI access when algorithms are decommissioned. The European Banking Authority's recent stress testing identified credential management as a "material operational risk" across 89% of supervised institutions.
The insurance sector faces parallel challenges. AI systems underwriting policies, processing claims, and managing investment portfolios require access to vast databases containing sensitive customer information. Lloyd's of London reported that credential-related breaches in member organisations increased 156% between 2022 and 2024, with AI systems involved in 34% of incidents.
Why Traditional Security Fails
Conventional identity and access management (IAM) systems treat AI as sophisticated users rather than fundamentally different entities. Privileged access management (PAM) solutions store AI credentials in vaults, but algorithms often require persistent access that bypasses human approval workflows. Single sign-on (SSO) reduces credential proliferation but creates single points of failure when AI systems are compromised.
Multi-factor authentication becomes meaningless when algorithms cannot respond to push notifications or biometric requests. Zero Trust architectures promise continuous verification, but struggle with AI systems that generate thousands of access requests per second during volatile trading periods.
The fundamental issue is structural. Traditional security models assume that users create, know, and manage their credentials. This assumption breaks down when applied to AI systems that may operate continuously for months, accessing resources through credentials that exist beyond any individual's knowledge or control.
Redefining Credential Control
The solution requires abandoning the assumption that identity equals access. Instead of allowing AI systems to hold credentials, organisations need architecture where credentials are generated, encrypted, and distributed by central authority—never exposed to the systems that use them.
This approach, pioneered by companies like MyCena, separates credential ownership from credential usage. When an AI trading system needs to access a market data feed, it requests access through an encrypted channel. The credential management system authenticates the request, retrieves the appropriate credential from secure storage, and facilitates the connection without ever exposing the actual authentication data to the AI system.
The AI system gains access to required resources but never possesses the credentials themselves. This makes the access "unphishable"—even if the AI system is compromised, attackers cannot extract credentials that were never present in the system's memory or storage.
For financial institutions, this architecture provides granular control over AI access patterns. Trading algorithms can be granted time-limited access to specific market segments, with credentials automatically rotated without system downtime. When algorithms are retired or modified, access revocation is immediate and complete, eliminating the orphaned credentials that plague traditional deployments.
The Regulatory Response
Regulators are beginning to address AI credential risks explicitly. The European Central Bank's draft guidance on AI in banking, published in October 2024, requires institutions to maintain "comprehensive inventories of AI system access rights" and demonstrate "technical controls preventing unauthorised credential retention by automated systems."
The Federal Reserve's recent supervisory letter SR 24-7 instructs banks to ensure that "artificial intelligence and machine learning applications cannot independently create, modify, or retain authentication credentials." The Prudential Regulation Authority has indicated similar requirements will be incorporated into UK banking rules by 2025.
Insurance regulators are following similar paths. Solvency II's upcoming technical standards revision includes provisions requiring "demonstrable technical controls over automated system credentials" for AI applications processing customer data or making underwriting decisions.
The Path Forward
Chief Information Security Officers and Chief Risk Officers in financial services face an immediate choice. They can continue applying human-centric security models to AI systems, accepting the growing accumulation of unmanaged credentials and associated regulatory risks. Or they can implement credential control architectures that treat AI systems as fundamentally different from human users.
The European investment bank that discovered its rogue trading algorithm has since implemented credential control systems across all automated trading operations. The firm reports zero credential-related incidents in the eight months following deployment, while reducing credential management overhead by 67%.
As AI systems become more autonomous and widespread, the credential risks will only intensify. Financial institutions that address these challenges now—through proper architectural controls rather than incremental security additions—will find themselves better positioned for both regulatory compliance and operational resilience in an increasingly AI-driven industry.