Welcome to AI for FIs from Dixon Strategic Labs. Each week, this newsletter curates the most important AI developments and explains why they matter for credit unions.

This week we're looking closer at AI safety. Plenty of conversations about responsible AI deployment are already happening. AI-use policies and vendor reviews are showing up across the sector. There is also a body of AI safety research focused on whether advanced AI will stay under human control as it gets more capable. The researchers in this corner study what 80,000 Hours calls the most pressing problem facing humanity: scenarios where humans permanently lose control of their own future, or worse.

That research has been running for over a decade. Organizations like METR, Apollo, Redwood, Forethought, FAR.AI, and the UK AI Security Institute have been doing the work. They stress-test advanced AI systems, look for deceptive behavior, and study failure modes that could scale across many institutions at once. I have not found a serious community-finance equivalent yet, and we have room to lead what gets built.

The write-up at the bottom, “There's a broader AI safety conversation worth joining,” makes the case for why we should grab a seat at the table.

Elsewhere this issue: Anthropic declined to change an underlying behavior in its Model Context Protocol that researchers say creates supply-chain-scale risk across up to 200,000 deployments. Forcepoint found live prompt-injection payloads on public websites, including examples aimed at financial fraud and credential theft. Customers Bank is announcing a commercial-lending timeline that credit union business members may start using as a benchmark. And Grant Thornton surveyed banking leaders about their AI controls, with results that are not flattering.

We are deploying this technology faster than we are studying how it can fail.

American Banker · Apr 21, 2026

OX Security identified an architectural flaw in Anthropic's Model Context Protocol (the connector layer that lets AI agents plug into business tools and data) affecting up to 200,000 deployments. Ten separate security vulnerabilities have been filed against it. Anthropic declined to patch the underlying behavior.

Why it matters: Credit unions running AI agents on vendor connector layers still own the risk. For federally insured credit unions, a reportable cyber incident starts the National Credit Union Administration's 72-hour notification clock, including when the incident comes through a third-party provider.

Forcepoint · Apr 22, 2026

Forcepoint X-Labs catalogued 10 instances of hidden instructions sitting on live websites right now, designed to hijack AI agents that read those pages, including payloads that attempt to redirect payments or trigger fraudulent financial actions. Google reported a 32% relative increase in these traps between November 2025 and February 2026.

Why it matters: Member-facing AI agents that can move money face this exact threat model. The hidden instructions now specify dollar amounts and destination websites for immediate execution, which means 'we'll figure out security after launch' is the wrong order of operations.

Banking Dive · Apr 27, 2026

Customers Bank is expanding its OpenAI partnership across commercial lending, deposits, and payments. The $26B lender wants commercial loan closings down from 30-45 days to seven, and account opening under 20 minutes.

Why it matters: By late 2026, a $26 billion regional bank is trying to make seven-day commercial closes a credible expectation. Credit unions courting the same business members may end up explaining why theirs takes a month.

Grant Thornton · Apr 21, 2026

In Grant Thornton's 2026 banking AI survey report, 50% of banking leaders said governance barriers are limiting AI performance and only 18% said they were fully confident their AI controls could pass an independent audit. The findings come from a banking-specific subgroup within a broader 950-executive survey, so they should be read as directional.

Why it matters: Half of banking leaders say governance gaps are eating their AI return on investment (ROI), and only 18% would bet on their controls surviving an audit. Even read directionally, scaling AI into regulated workflows before closing that gap means building on the 82%.

Here you will find three pieces that engage AI safety beyond responsible deployment. Two come from outside financial services. The third translates the framework into our world.

Between 2010 and 2018, an automated underwriting tool inside Wells Fargo decided that 870 homeowners did not qualify for the mortgage modifications they had asked for. The tool was wrong about 545 of them.

They lost their homes to foreclosure.

Wells Fargo disclosed the error in 2018, sent remediation checks, and faced class-action litigation. The tool was a deterministic calculation engine that got the math wrong, in the same direction, for eight years.

That tool was 2018 technology. The autonomous AI agents being piloted, sold, and integrated across financial services in 2026 are not deterministic. They plan across steps. They change tactics. Recent research on peer-preservation in frontier models (agents doing whatever it takes to protect other agents) found them tampering with shutdown mechanisms, misrepresenting evaluations, and exfiltrating peer model weights to other systems when a peer model was threatened with removal.

Most of the AI conversation in our industry today is about responsible deployment. Conferences are full of sessions on fair lending, model risk, and vendor due diligence. More credit unions have AI-use policies than a year ago. That work is happening, and it is incomplete.

A second layer of AI safety research has been running in the broader AI field for over a decade and has not reached community finance. Alignment asks whether an AI system will reliably do what its operators intend. Catastrophic-risk research asks what happens when failures scale beyond one institution, one model, or one bad decision.

In simulated corporate environments, Anthropic tested 16 frontier models in 2025 and found that many would blackmail, leak information, or resist shutdown when their goals or autonomy were threatened.

That work is open ground for us.

The Kansas City Federal Reserve found that FIS, Fiserv, and Jack Henry collectively served more than 70% of surveyed banks and nearly half of surveyed credit unions.

If one of them ships a flawed model update, workflow agent, or loan-decisioning assistant that gets decisions wrong in the same direction across a large footprint, the damage is not local. Former Securities and Exchange Commission (SEC) Chair Gary Gensler called this kind of vulnerability "the center of future crises."

METR, Redwood Research, Apollo Research, and the UK AI Security Institute stress-test AI agents under adversarial conditions, build tests that try to catch them being deceptive, and map how related failures could cascade across multiple systems.

In credit unions this might start with practical tests:

Those tests would give credit unions answers before examiners, plaintiffs, or harmed members force the question.

Anthropic, the AI lab founded around safety concerns, put it this way in its 2023 essay on core views of AI safety: "We have to prepare for the outcomes we anticipate and not the ones we hope for." Let's not wait for the first sector-wide AI failure to decide what should have been tested.