BACK

The State of AI in Financial Services in 2025 — views from our front row seats

Peter Hung
August 28, 2025

Introduction: “Everyone wants an AI win”

That’s what we’ve been hearing across financial institutions. We are in an unprecedented moment where traditional financial institutions are actively seeking to adopt new technology, even from early-stage companies. Historically, large corporations, have built a reputation that is reactive. They’ve avoided being the first to adopt new technology, being wary of the risks of failure. But the narrative is changing. Today the most successful financial institutions are the ones that are “shifting left”, working with earlier stage companies that are at the edge of new ideas or even actively building new technology out themselves. This shift is helping them differentiate and establish category leadership for the years ahead.

It’s an exciting time to be involved in startups, as an explosion of ideas are being created and funded (and even getting acquired or going public). Companies are landing customers faster than ever, and AI has created a catalyst for financial institutions to establish an imperative in adopting new technology.

At Illuminate, we have front row seats to the global problem statements and priorities of technology across the leading financial institutions, and are collaborating with each of them to establish the next generation of technology. These are our strategic partners — JPM, Citi, Barclays, BNY, Jefferies, S&P Global, Euroclear, Deutsche Börse, and SGX — and we work with senior leaders and executives every day.

Over the course of the last two years, we’ve been listening closely to their needs and connecting founders with decision makers. We’re excited to share the areas where we’re seeing the strongest demand and growth across our conversations.

Content Overview

  1. Our quick perspective on agents
  2. What is the spaghetti sticking against the wall?
    - The explosion of agents driving enterprise efficiency
    - Rise of Tech/Agent-enabled Businesses — the best innovators?
    - Infrastructure Modernization
    - The Hidden Crisis in Enterprise Financial Operations, and building the Next Generation of the CFO Stack
  3. AI Infrastructure — build the road or the homes first?

Our quick perspective on agents

If you’re reading this, you are likely a founder, an investor, LP, or someone interested in the space. You have heard of “agents” many times. That said, the term “agents” is thrown around so casually in startup vernacular that it has become ambiguous. Is everything an agent?

Agents, interestingly, were defined by Franklin & Graesser in 1996 in their paper: “Is it an Agent, or Just a Program?: A Taxonomy for Autonomous Agents”.

Autonomous Agents: “A system situated within and part of an environment that senses that environment and acts on it, over time, in pursuit of its own agenda”

Now AI Agents as defined today:

Computational entity with an awareness of its environment that is equipped with faculties that enable perception through input, action through tool use, and cognitive abilities through foundation models backed by long-term and short-term memory. — MongoDB

MongoDB has built a simple graphic that illustrates the constitution of an Agent which is 1) Perception — ability to ingest data, 2) Plan, 3) take action and use tools, 4) and store memory.

Agents are not merely programs. Programs run pre-defined instructions, lack autonomy and environmental embedding, and expert systems may process information “intelligently” but lack ongoing interaction with an environment and cannot take its own initiative.

The Autonomy vs. Control Dilemma

Deploying agents inherently run into a dilemma, especially within companies bound by strict regulations, compliance requirements, and security concerns. Fully autonomous agents could in theory deliver the greatest efficiency by minimizing human involvement. But they will inevitably make mistakes or even grave mistakes, that could impact customers. What happens if an AI agent executes a wire transfer incorrectly or approves a loan for a fraudulent customer? On the other hand, imposing too many guardrails will create an endless “IF/THEN” tree and we will revert back to expert systems with minimal autonomy. Ultimately, it’s important to set up principals and policies for agents to act upon, not “death by a thousand rules”.

Today, most organizations deployments remain limited to “low consequence transactions” but we’re gradually shifting to “higher consequence transactions”, which will naturally involve more rules. Finding the right balance between autonomy and control will be critical as adoption progresses.

What is the spaghetti sticking against the wall?

The explosion of AI Agents driving enterprise efficiency

Tech and Operations represent a massive budget in financial services, with the majority spent on salaries. JPM alone has a technology budget of $18 billion. We are seeing an explosion of companies building and selling AI agents across various verticals and departments. What we have found frequently as areas of interest and discussion:

  • Security: SOC teams are overwhelmed and inefficient, dealing with high alert volumes, manual workflows, and analyst burnout. This function relies on a large number of highly specialized people yet there never seem to be enough. Large orgs may already have numerous tools (SIEMs, SOARs, MDRs) but still face excessive noise. CISOs want a single point of observability, including AI. Specific areas of manual challenges include IAM and Third/Fourth-party risk management. Identity Access Management is highly manual due to siloed systems and IAM involves a large volume of granular permissions, and mapping permissions to job functions may not be well-documented or business-context aware, which involves manual work to provision/deprovision/access review. Third-Party and Fourth-Party governance is another challenging process given vendors may have different systems for security postures, lack of real-time visibility to third/fourth party risk posture, and vendor risk reviews are completely manual, usually point in time, with non-standardized documents.
  • DevOps and DevSecOps: these functions are inundated with alerts which are unclear or false positives, leading to a mountain of tickets being created, and operational headaches. The problem is compounded for DevSecOps (Development, Security, Operations) which is notorious for ambiguous ownership. Depending on the organization, the hat may be worn by the DevOps team (and security may not be their core expertise) or the Security team. AI agent companies are building solutions to understanding and reduce alerts (and ultimately alert fatigue) and improving remediation efficiency and accuracy.
  • Customer Operations: the global contact centre market is estimated to be $500 billion dollars, and to operate a contact centre, labour accounts for 65–75% of the costs. Many companies are solving for Tier 1 support (basic support, common issues), but the greater opportunity lies in more complex / higher consequence, “customer operations”. These interactions span multiple systems, including customer ticketing, phone systems, fraud systems, payment systems and beyond. However, integration has been a challenge for AI agents in this category due to understanding/integrating with an organization’s SOPs (Standard Operating Procedures).
  • Fraud: Fraud is evolving rapidly. As Sam Altman recently warned, we are at an AI fraud crisis in banking. From our previous article, fraud volumes in the US grew 3.7x in 4 years, and global fraud losses are estimated to be almost $500 billion in 2024. The ability to replicate voices can be achieved with as little as a five dollar subscription and <1 minute clip of someone’s voice (I have done this using the voice of Mark Beeston, our Founder and Managing Partner). The results are alarmingly accurate and easy to reproduce.

“AI has fully defeated most of the ways that people authenticate currently” — Sam Altman

  • Compliance and Underwriting: these workflows are critical yet highly fragmented and manual i.e. “paper pushing”. Financial institutions must comply with regulations across multiple jurisdictions, requiring large teams to manage documents, policies and procedures. Given the criticality of this function, and its reliance on accuracy, firms are hiring aggressively. Neobanks and crypto firms, in particular, have scaled headcount rapidly to keep pace with growth.
  • Financial Analysis and Capital Markets: surprisingly, this has been a category that we have seen the most delight from with our bank partners, likely as these agents are where there is the most clear delight (and one I personally resonate with as well) — the ability to take a begrudgingly painful process of pulling comps, conducting deep equity research, pulling financial data, reviewing SEC data, can now be automated. Additionally, use cases in capital markets include what Float (automating trade capture and trade confirmation) and Theia Insights (custom thematic classification and risk factor models) are building.

Rise of Tech/Agent-enabled Businesses — the best innovators?

Tech-enabled businesses are service businesses with a tech-first approach to operations. Unlike SaaS companies, these companies scale revenue by people and the work they can perform. Theoretically with tech, they can perform more (and often higher quality) work compared to a traditional service-based firm. They may buy technology or build their own tech.

Get Peter Hung’s stories in your inbox

Join Medium for free to get updates from this writer.

Subscribe

We have spent a lot of time in the wealth management category and what we have learned is that companies like Compound are building AI to automate back office operations. They are customers of their own technology as they are providing the service themselves to their customers and their end customers. As an example, advisors spent 30% of their time on administrative tasks, like onboarding clients which is the #1 pain point. Due to the fragmented nature of systems they use (financial forecasting, portfolio management, CRMs, etc), they need to input the same client information multiple times.

TENEX.AI is an example in security where it is an outsourced Managed Detection and Response (MDR) firm that is AI-native. The company employees a services-first approach with skilled humans in the loop but powered with AI tools to operate more efficiently.

There is a fascinating flywheel effect occurring in this category. They build technology → technology is dogfood by their users → they get direct feedback → they improve the product → build more technology.

What is interesting is that this theoretically drives faster and shorter product cycles as the “customer” of the product are the company’s own employees. Compared to lengthy enterprise sales cycles, which may be 6 to 18 months, the feedback loops are faster.

Traditional tech-enabled firms operate on lower gross margins compared software companies (~40%) and as a result, they have to reduce OpEx spend to maximize EBITDA margin, which enables them to command a higher multiple. AI agents will help reduce operating costs and ultimately expand margin and enterprise value for these firms.

The Hidden Crisis in Enterprise Financial Operations, and building the Next Generation of the CFO Stack

The CFO stack is a complex web of manual workarounds. Despite two decades of software companies that have emerged in the CFO Stack and Accounts Payable / Accounts Receivables automation, Corporate Treasurers have been throwing bodies to solve various problems. While many startups have emerged like Ramp and Brex help solve problems in the SMB and Middle Market, Enterprises, particularly ones in traditional and complex industries with a high volume of variable costs like manufacturing and supply chain & logistics have been severely underserved.

Enterprises struggle with fragmented systems that create persistent data reconciliation challenges, which is emphasized for organizations that are decades old and run on disconnected systems across ERPs (sometimes multiple), billing, payments, forecasting, and a lot of excel. This makes it impossible to get financial visibility without significant manual intervention. There is a fundamental inability reconcile general ledgers and sub-ledgers. As a result, cash flow forecasting is a critical pain point because CFOs because of the lack of proper data inputs leads to prediction inaccuracies, and ultimately treasurers have to maintain excessive liquidity buffers, which could be otherwise deployed for other means such as strategic initiatives.

OpenEnvoy is tackling this massive problem, starting with overhauling the outdated technology in the data capture of Accounts Payables and Accounts Receivables by guaranteeing 100% accuracy through technology. Even with companies like AvidXchange, Melio, BILL, we frequently hear how painful it is to use these systems due to their legacy OCR. While they may be “highly” accurate, it is not accurate enough, and enterprises need 100% accuracy down to the line-item level. To supplement this accuracy, enterprises throw bodies at this problem, either hiring offshore resources for people to manually fix invoices which are expensive, often understaffed, and are still prone to human-error.

As mentioned by one of our strategic partners, the holy grail of the CFO stack is being able to “track a single dollar from the initial sale through to purchase orders to an shareholder earnings report”. For this category, we believe layering AI above existing systems is insufficient. Companies must earn the right to build intelligence. It starts with getting the most granular data right, then you earn the right to handle (and possibly monetize) transactions, then build intelligence.

Infrastructure Modernization

Banks still rely heavily on mainframes and COBOL (Common Business-Oriented Language) for their core banking systems, which was written in the 1960s and 1980s. Mainframes have been reliable and capable of handling millions of transactions per second. However, these legacy systems are experiencing challenges due to an aging developer base (fewer and fewer people write COBOL), inflexible and monolithic code structure, poor compatibility with modern software, and ultimately high maintenance costs.

Yet the problem is not easy to solve — you cannot just translate COBOL into a modern language. Companies like Mechanical Orchard understand the system behaviour and building a system that is “socially-aware” so they can infer the business logic of the transactions happening. It is an extensive process of reverse engineering, equivalence testing, and moving the system into the cloud. AI is then used to write deterministic code to satisfy various conditions.

Mainframe migration has been a topic for multiple decades, but the urgency has been compounding due to aging systems becoming a risk where critical operations are running on outdated systems, and with the rapid adoption of AI, data intensive workloads and cloud computing requires flexible infrastructure with real-time observability and dynamic scaling.

AI Infrastructure — build the road or the homes first?

Along with agentic applications of AI, we have a spent a lot of time with founders “building the roads” for AI. While AI agent companies (the houses) are exploding in growth, infrastructure companies ensure long-term readiness and ability to scale to avoid the risk of “congestion” and expensive retrofitting. We’re actively looking at infrastructure in conjunction with AI applications.

Some areas of interest we have spent time on:

  • AI/ AI Agent security: AI Security companies is a critical technology for financial institutions adopting AI, and often the first company FIs are looking for before rolling out AI in production. They safeguard organizations from threats and vulnerabilities across the AI lifecycle (development and deployment) to ensure data remains private and unaltered. However, it is unclear if this category is enough to survive as a standalone category as CISOs prefer to have fewer vendors, and there has been at least three notable acquisitions at the time of this article (Robust Intelligence acquired by Cisco for $400M, Protect AI acquired by Palo Alto Networks for $500M+, and Prompt Security acquired by SentinelOne for $300M).
  • Scaling Agents: when you have built agents, how do you scale them up to hundreds, thousands and beyond, and not need to manage that workload? Running agents are expensive given the amount of compute they consume, resulting in the ongoing debate of Gross Margin concerns in the startup industry. While early, there are startups building serverless infrastructure to deploy agents and scale them efficiently. Companies like High Dimensional Research enable agents to run on virtual machines with their own filesystem that can sleep/wake instantly and spin up/down new agents as needed limiting wasted compute, but also with the ability to branch/snapshot/rollback virtual machines, enabling stateful and observable VMs/Agents. This is a massive breakthrough as scaling stateful services is traditionally hard and expensive.
  • Agent Monetization: building the system for agentic businesses to accept payments, with the granular pricing logic and accurate billing events is notoriously complex. Traditional systems like Stripe rely heavily on webhooks which results in missed or duplicated events and limit server reads making it hard to reconcile payments. The developer experience has streamlined exponentially through generated code yet the DX for payments remains to be very slow. We’re excited by companies like Flowglad and Paid.ai that is tackling the agent monetization problem.

Financial Institutions are riding the AI wave

This article, while long, is just the surface level of problems and opportunities we’ve explored. We’re excited by the proliferation of problems and opportunities that are emerging across financial services.

If you’re a founder in AI building for financial services, enterprises (or aspire to), I would love to jam further. Please reach out at ph@illuminatefinancial.com.

THEMES