At the "New Challenges in Financial Regulation: Green, Digital, and Artificial Intelligence" thematic forum of the 2026 Tsinghua Wudaokou Global Finance Forum held in Chengdu, Lü Zhongtao, former Chief Technology Officer of the Industrial and Commercial Bank of China (ICBC), stated that AI is driving a profound dual transformation in the financial industry, focusing on both enterprise operations and efficiency. He emphasized that AI agents will become the core infrastructure of future banking, propelling the sector from the open banking model of 3.0 to the AI agent banking model of 4.0. This shift will reshape internal organizational structures and externally deliver more inclusive and convenient services.
Lü Zhongtao noted that AI agents have evolved from possessing cognitive abilities like "seeing, speaking, and thinking" to achieving action capabilities involving "autonomous decision-making and collaborative execution." They are now becoming the central driver for enterprise implementation. Open-source personal agents, represented by models like OpenClaw, demonstrate the potential to act as digital employees capable of performing substantive tasks.
In Lü's view, to build differentiated competitive barriers, the key lies in converting proprietary business knowledge and tacit experience into reusable intellectual assets. This expands the cognitive scope, enabling AI agents to perform more professionally in complex tasks and establishing a human-machine complementary model where "humans control core decisions, and agents execute with precision." At the current stage, the focus should be on developing role-specific AI agents to advance "role + skill" development, forming a business closed loop of "role + task," and comprehensively empowering both customers and employees.
Regarding AI application security, Lü Zhongtao pointed out that alongside the vigorous development of generative AI, inherent risks like content hallucination in large models have given rise to multidimensional new security threats, including prompt injection, cognitive planning misoperations, and tool poisoning. Security has become a major bottleneck for enterprise AI adoption. Enterprises urgently need to systematically construct a comprehensive security defense system that is monitorable, traceable, intervenable, and auditable, focusing on six key areas: agent positioning, knowledge engineering constraints, multi-agent checks and balances, permission governance, offensive and defensive capabilities, and full-process monitoring.
On regulation, to standardize the compliant application of AI technology in the financial industry, Lü Zhongtao recommended following three principles: "differentiating between internal and external use, gradual opening, and controllable responsibilities and rights," and implementing categorized supervision. Application-oriented AI agents should adopt differentiated strategies for internal versus external deployment.
Lü Zhongtao specified that for external services, a prudent and strict approach should be maintained, emphasizing assistance and guidance, with a temporary avoidance of making decisions on behalf of customers. For internal empowerment, innovative pilots can be conducted under secure and controllable conditions, gradually opening tool-based AI agents, such as those similar to "Claw." These should be deployed in isolated environments like sandboxes to reduce risks of data leaks and non-compliant operations, ensuring that operational traces are traceable and responsibilities are assignable.
Comments