AI Pulse Daily Brief | 2026-07-07
Reading time ~12 mins
- ING put an AI mortgage assistant into a Dutch regulated workflow, while Visa, Mastercard, Santander and MAS moved agentic payments toward live rails and controls.
- Three AI-security signals show desktop assistants and coding agents opening paths to workstation compromise and credential theft.
- FCA, the Dutch cabinet, IBM and Computer Weekly all framed AI dependence as a supervisory, sovereignty and resilience question.
- Fortune and HBR kept the adoption story grounded: return on investment and performance metrics are lagging behind usage.
Top signal
ING is scaling an AI mortgage assistant in the Netherlands. Corporate
ING said on 8 June 2026 that it had introduced an AI assistant to speed up mortgage applications in the Netherlands after a pilot that began in March. The assistant analyzes applications, explains possible outcomes and suggests next steps, while an ING employee remains responsible for the assessment and final decision. ING said the pilot will scale gradually into more operational tasks.
This is the clearest Dutch peer signal in today's batch because it puts AI inside a regulated customer workflow rather than in a generic productivity story. The stake is the mortgage process itself: credit-adjacent assessment, customer explanation, model-risk control and employee accountability now sit in one visible peer-bank deployment. Gradual scaling matters here because it shows the control shape as well as the use case: the assistant can recommend and explain, but the employee still owns the decision. That makes the signal durable even though the source was newly surfaced outside the normal seven-day window.
Security
A compromised AI assistant account can become a workstation attack path. Corporate
Pentera showed on 1 July 2026 how access to a victim's Claude account could change synced preferences in Anthropic's desktop AI assistant. If a command-capable add-on is already present, the assistant can run local commands. If it is absent, the assistant can show a believable install or error flow that nudges the user to add it. Pentera said the result can include stolen credentials and movement from one machine or account to others.
The exposure sits with any team that lets desktop AI assistants connect account settings, local tools and employee trust. This cuts through because the dangerous step is not a malicious email or a visibly hostile file; it can arrive as a trusted assistant behaving as configured. The control question is therefore account sync, tool approval and session revocation, not only endpoint scanning. For the bank, the blast radius follows the assistant account and the local permissions granted to it, especially on developer and business workstations with access to internal systems.
A shared Windows coding setup could expose another developer's AI credentials. Corporate
Cymulate disclosed on 5 July 2026 that a flaw in OpenAI's coding command-line tool on shared Windows machines could let a low-privilege local user impersonate the tool's protected workspace. The attacker could alter what the AI agent saw, inject instructions and steal another developer's OpenAI credentials. Cymulate said the issue had been fixed by limiting the local communication channel and verifying the client identity.
The impact is narrow but serious: shared developer infrastructure can turn one user's local access into another user's AI-service credential loss. The exposure profile is terminal servers, virtual desktops, remote-access jump boxes and shared build machines where multiple developers use the same host. That makes the issue most relevant where AI coding tools are being tested on shared engineering environments for convenience or cost reasons. The wider lesson is that AI coding agents need local identity and isolation controls, not only model approval and source-code review.
AI coding environments are becoming credential-theft targets. Vendor
Arize AI analyzed May 2026 attacks against AI coding-tool environments and argued that agent runtimes should not be treated as security boundaries. One malicious code-editor add-on reportedly ran on about 6,000 developer machines in 18 minutes and stole cloud, code-hosting, package-management and AI-tool credentials. Arize also described persistence through AI coding-tool configuration, where the compromise survives beyond the initial install.
This matters because AI coding adoption changes the developer workstation from a productivity surface into a credential concentration point. The bank fits the exposure profile if teams store model-service credentials inside local tools or allow broad code-editor add-on installation during AI coding pilots. The signal also ties to the two current security items above: compromise is moving through the assistant layer, not only through ordinary software packages.
Regulatory
FCA put agent identity and shared AI dependencies on the supervisory agenda. Authority
The Financial Conduct Authority published the Mills Review on 6 July 2026, after an engagement paper published on 27 January 2026 closed for input on 24 February 2026. The review carries no article-numbered obligation because it is a UK supervisory review rather than a rule text. It still sets out seven priority recommendations and frames shared AI model providers, cloud infrastructure, distribution platforms, agent identity, trusted delegation, liability and payment infrastructure as issues for financial supervisors. The source page says the FCA does not plan extra AI regulations now, which makes the review a perimeter and supervision signal rather than a new rulebook.
This is non-binding for a Dutch bank, but it gives supervisors' language for agentic finance, meaning AI agents acting in financial-services workflows. The stake is that agent identity, delegation, customer protection and shared-model dependence are becoming financial-system questions, not only technology design questions. It also connects AI agent adoption to the same resilience debate already used for cloud concentration and critical third parties, which is the vocabulary Dutch and EU supervisors already use around outsourcing and operational continuity.
Perspectives
Fortune warned AI return expectations may outrun regulated implementation. Media
Fortune reported on 6 July 2026 that Apollo Global Management chief economist Torsten Slok sees AI productivity gains showing up mainly in technology companies so far. The article said returns for much of the Fortune 500 are slower because of regulation, data protection, workflow integration and implementation cost. It also cited concern that markets may be pricing AI earnings earlier than many firms can generate them.
This is medium-confidence market commentary, not measured bank evidence. Its value is the timing warning: AI usage can rise faster than governed value delivery in complex organizations. That is directly relevant to business-line portfolios where licenses, pilots and public adoption claims can look mature before savings, quality gains or risk reductions are proven.
Netherlands & Sovereignty
Dutch cabinet framed AI dependence as economic and security risk. Authority
Rijksoverheid announced on 3 July 2026 that the Dutch cabinet had sent its international AI strategy to the Tweede Kamer. The strategy links AI to economic strength, security, diplomacy, market access for Dutch AI providers, research, talent and European infrastructure. It says Europe invests significantly less than the United States and China in advanced AI models, applications and infrastructure, including energy supply, grid capacity, AI design and AI chips.
This moves AI sourcing into the same resilience conversation as cloud concentration and critical suppliers. The stake is that model access, compute capacity, cloud infrastructure, chips and energy constraints are separate dependencies, not one generic "European hosting" question. A bank can have European data storage and still depend on non-European models, chips or cloud tooling for production use. The Dutch policy frame also suggests sovereignty will be built through trusted partnerships as much as through domestic self-sufficiency.
IBM found most executives lack visibility into AI dependencies. Institute
IBM Institute for Business Value's report on AI sovereignty reframed sovereignty as selective control over data, models, infrastructure and applications. IBM reported that only 9% of executives have excellent visibility into AI vendor, model and infrastructure dependencies. It also found that 71% say switching a primary AI vendor or model would be difficult today, citing data portability, model revalidation, compliance requirements and technical lock-in. The report ties the difficulty of switching to practical operating work, not only contract negotiation.
This is a medium-confidence research signal, but it gives practical language to a board-level dependency problem. The bank's exposure is not limited to where data sits; it includes which models, runtimes, orchestration layers and cloud services support critical AI use cases, and how hard they are to substitute. The signal is useful because it gives two measurable anchors, visibility and switching difficulty, for a topic that otherwise becomes abstract. That turns sovereignty from a policy slogan into continuity, cost and model-risk evidence.
IBM Institute for Business Value
Computer Weekly put Europe's AI sovereignty measures against a scale gap. Media
Computer Weekly published a 2 July 2026 data dive arguing that EU and UK cloud, compute, chip and open-source sovereignty measures remain fragmented against the scale of US technology firms. The article contrasted European policy measures with more than USD 2 trillion in combined annual revenue from large US-headquartered technology firms including Microsoft, Amazon Web Services, Alphabet and Nvidia. Its conclusion was analytical synthesis, not a primary policy decision.
The value is the scale test behind sovereignty claims. A bank evaluating sovereign AI options needs to know whether compute, cloud procurement and chip capacity become usable at scale, not only whether policy language is moving in the right direction. This sits directly next to the Dutch strategy and IBM dependency report: policy ambition, dependency visibility and supplier scale are three parts of the same sourcing question. The signal also gives a counterweight to official strategy: European intent can be real while available enterprise options remain narrower, more expensive or harder to exit than hyperscaler platforms.
Industry & competition
Visa completed live European purchases made through AI agents. Vendor
Visa announced on 2 July 2026 that AI agents had completed live purchases at European merchant websites on behalf of cardholders. The programme involved more than 30 European issuers, including ING, BBVA, CaixaBank, Barclays, HSBC UK, Lloyds Banking Group, NatWest and Nordea Bank. Visa said the transactions used existing payment infrastructure with passkey-based authentication, tokenisation and real-time fraud monitoring, under cardholder-defined permissions and issuer oversight.
This is an industry signal because agentic commerce is moving from demonstration storefronts toward real payment environments. The stake for payments, fraud and digital channels is control design: cardholder permissioning, issuer oversight, merchant dispute handling and fraud monitoring all need to work when the buyer interface is software acting for a person. The named European issuer list also makes the signal visible in peer-bank comparison. It also gives a practical test of customer consent, because the transaction depends on permissions set before the agent acts.
Singapore's financial supervisor proposed runtime checks for AI agents. Authority
The Monetary Authority of Singapore published a 3 July 2026 release on an industry white paper for safeguards around AI agents in finance. MAS said financial institutions need real-time controls because AI agents can carry out financial-services tasks faster than practical human intervention. The proposed framework uses governance checkpoints to verify and record proposed agent actions before execution, with focus areas including policy-bound execution, validation, auditability and interoperability.
This is not a Dutch obligation, but it translates agent risk into control mechanics that bank teams can evaluate now. The stake is that agent governance cannot stop at model approval or a human-in-the-loop promise if the agent can act across systems in real time. Runtime evidence, action logging and policy checks become the operating layer between an approved pilot and a financial action. That makes the white paper useful even outside Singapore: the control problem is speed, auditability and bounded authority, not jurisdiction.
Monetary Authority of Singapore
ABN AMRO said more than 85 percent of employees use AI daily. CxO voice
ABN AMRO published CEO Marguerite Berard's Money20/20 remarks saying more than 85% of the bank's employees use AI in their daily work. The remarks framed AI as a normal operating capability and listed lessons around senior role modelling, guardrails, human control, disciplined scaling, internal innovators and vigilance about AI-accelerated risk. The adoption figure is self-reported by the bank, not independently audited in the signal.
This is a Dutch competitive-landscape signal because ABN AMRO is publicly positioning workforce-wide AI adoption as an operating-model discipline. The stake is not whether the 85% figure maps one-to-one to productivity; it is that AI usage, guardrails and leadership behaviour are becoming external benchmarks. That gives business-domain leaders a concrete peer reference when internal adoption claims are discussed.
Innovation
Mastercard launched a payment rail for machine-driven transactions. Vendor
Mastercard introduced Agent Pay for Machines, a service for permissioned, orchestrated and settled machine-driven transactions across its global payments network. The release said the service supports credentialing, programmable spending limits, verified participant transactions and guaranteed settlement across cards, accounts and stablecoins. Initial participants and supporters include more than 30 organizations, including Adyen, Cloudflare, Coinbase, Getnet by Santander and Stripe.
This changes the agentic-commerce story from customer-facing shopping to settlement infrastructure. The stake for payments, treasury and fraud teams is that machine-driven transactions need controls for who is allowed to act, how much they can spend, which participants are verified and how settlement risk is handled. The inclusion of cards, accounts and stablecoins also shows that networks are preparing for agent activity across several forms of value transfer. It also shows payment networks turning AI-agent trust into productised rails rather than leaving it to individual merchants and assistants.
On the radar
- Santander said Getnet built infrastructure that lets merchants accept and process payments initiated by AI agents, adding another European bank-owned merchant-services angle to the Visa and Mastercard signals. Banco Santander
- Harvard Business Review argued that AI-enabled work needs performance metrics that preserve judgment, quality and accountability rather than rewarding speed alone. Harvard Business Review