Earlier this week, stock trading app Robinhood launched Agentic Trading and Agentic Credit Card, features allowing customers to deploy AI agents for the purpose of making trades and credit card purchases. The organization asserts it is approaching this agentic AI deployment with a “safety-always mindset” by implementing limited account access, spending controls and the ability to disable agents. Furthermore, it is offering fraud detection, manual approvals (if a user opts in for them) and the ability to preview trades “when appropriate.” 

But are these measures sufficient? Security magazine speaks with Senior Vice President of Offensive Security at Darktrace Justin Fier to learn more. 

The first concern Fier brings up is the uncertainty around accountability.

“Allowing AI agents to trade stocks raises serious questions about responsibility and trust,” he says. “Money managers and licensed traders go through significant certification and oversight because people are trusting them with their money. If an AI agent gives bad advice, hallucinates, misunderstands market conditions, or makes a trade that causes someone to lose money, who is responsible? Is it the platform, the model provider, the agent, or the end user? And is that responsibility clearly defined?”

The sensitivity of data and accounts involved is another.

“The broader concern is the precedent this sets for putting too much trust in systems that can act on a user’s behalf before the controls and accountability are mature. People are increasingly giving AI agents access to sensitive systems including financial accounts, health data, email, and corporate applications, all of which can have real-world consequences if the agent makes the wrong decision, is manipulated, or is compromised,” Fier asserts. 

Finally, Fier urges individuals and organizations to consider the security risks. 

“From a security perspective, the risk is that these agents often operate through access the user has already granted. That means malicious, unexpected, or manipulated activity may look like normal user activity. If an agent is compromised or steered into taking the wrong action, defenders may not immediately know whether it was the person, the agent acting on that person’s behalf, or an attacker abusing the agent’s permissions,” Fier says. “Organizations and consumers need to know when an agent is acting, what it can access, what actions it can take, and how to stop it before the consequences become real. We should not be accepting a model where people hand over broad authority to AI agents and only find out after the fact that the guardrails or security controls were not strong enough.” 

Robinhood says users can bring in their agents “from anywhere” and connect them to the organization’s AI-native Model Context Protocol (MCP) servers. “Our mission has always been to democratize finance for all, and now, that mission extends to AI agents,” commented Vlad Tenev, CEO of Robinhood. 

“In a financial setting, consequences can be serious,” Fier warns. “By the time someone realizes the agent was wrong, compromised, or manipulated, the damage may already be done with money already lost.”