fintech

A Few Cents Can Hijack a Banking AI Assistant: Agent Security Is an Engineering Problem, Not an Alignment One

blue41 helped bunq, Europe's second-largest digital bank, fix an indirect prompt injection in its financial AI assistant: a tiny transfer with instructions hidden in the description could turn the assistant into a phishing channel. The real lesson is tool permissions, confirmation gates, and treating external data as untrusted input.