Researchers propose new framework to protect users when AI agents fumble with their money

What do you do when your AI agent hallucinates with your money? | Fortune

Right now, nobody has to. And that, a group of researchers argues, is the defining vulnerability of the agentic AI era. In a paper published on April 8, researchers from Microsoft Research, Columbia University, Google DeepMind, Virtuals Protocol and the AI startup t54 Labs have proposed a sweeping new financial protection framework called the Agentic Risk Standard (ARS), designed to do for AI agents what escrow, insurance, and clearinghouses do for traditional financial transactions. The standard is open-source and available on GitHub via t54 Labs. We are talking about an entire "agentic economy" here, t54 founder Chandler Fang told Fortune in an emailed statement; "it is very different from simply using AI agents for financial tasks." He said there are two fundamental types of agentic transactions: human-in-the-loop financial transactions and agent-autonomous transactions. Everyone's focus is on the human-in-the-loop stuff, he said, and that's a real problem, because the financial ecosystem currently has no way to operate other than to defer all liability back to a human. It all comes down to the probabilistic nature of this technology, the researchers explained. The core problem the team identifies is what they call a "guarantee gap," which they define as a "disconnect between the probabilistic reliability that AI safety techniques provide and the enforceable guarantees users need before delegating high-stakes tasks." This description recalls what leadership expert Jason Wild previously told Fortune about how AI tools are probabilistic, befuddling managers everywhere. "Without a way to bound potential losses," the t54 team wrote, "users rationally limit AI delegation to low-risk tasks, constraining the broader adoption of agent-based services." Model-level safety improvements, they argue, can reduce the probability of an AI failure, but cannot eliminate it. Large language models are inherently stochastic, meaning that no matter how well trained or well tuned an AI agent is, it can still hallucinate and make mistakes. When that agent is sitting on top of your brokerage account or executing financial API calls, even a single failure can produce immediate, realized loss. "Most trustworthy AI research aims to reduce the probability of failure," said Wenyue Hua, Senior Researcher at Microsoft Research. "That work is essential, but probability is not a guarantee. ARS takes a complementary approach: instead of trying to make the model perfect, we formalize what happens financially when it isn't. The result is a settlement protocol where user protection is deterministic, not probabilistic." The researcher's solution borrows directly from centuries of financial engineering. ARS introduces a layered settlement framework: escrow vaults that hold service fees and release them only upon verified task delivery; collateral requirements that AI service providers must post before accessing user funds; and optional underwriting -- a risk-bearing third party that prices the danger of an AI failure, charges a premium, and commits to reimbursing the user if things go wrong. The framework distinguishes between two types of AI jobs. Standard service tasks -- generating a slide deck, writing a report -- carry limited financial exposure, so escrow-based settlement is sufficient. Tasks involving the exchange of funds -- currency trading, leveraged positions, financial API calls -- require the agent to access user capital before outcomes can be verified, which is where underwriting becomes essential. It is the same logic that governs derivatives markets, where clearinghouses stand between counterparties so that a single default doesn't cascade. The paper maps ARS explicitly against existing risk-allocation industries in a table: construction uses performance bonds, e-commerce uses platform escrow, financial markets use margin requirements and clearinghouses, and DeFi uses smart contract collateralization. AI agents, the researchers argue, are simply the next high-stakes service category that needs its own version of that infrastructure. Financial regulators are already circling. FINRA's 2026 regulatory oversight report, released in December, included a first-ever section on generative AI, warning broker-dealers to develop procedures specifically targeting hallucinations and to scrutinize AI agents that may act "beyond the user's actual or intended scope and authority". The SEC and other agencies are watching closely. But ARS is pitched as something regulators haven't yet built: not a set of rules, but a protocol -- a standardized state machine that governs how funds are locked, how claims are filed, and how reimbursements are triggered when an AI agent fails. The researchers acknowledge ARS is one layer of a larger trust stack, and that the real bottleneck will be building accurate risk-pricing models for agentic behavior. "This paper is the first step in setting up a high-level framework to capture the end-to-end process associated with agent-autonomous transactions and what the risk assessment looks like," Fang told Fortune. "Further down the road, we should introduce more specific details, models, and other research to understand how we figure out risk across different use cases."

Researchers Propose New Way to Manage Financial Risk When AI Agents Fumble Trades - Decrypt

Accurate failure-rate estimates remain the main challenge as both over- and underestimation create systemic risks. As AI agents begin to handle payments, financial trades, and other transactions, there's growing concern over the financial risks that fall on the human behind the agent when those systems fail. A consortium of researchers argues that current AI safety techniques do not address that risk, and new insurance-style techniques need to be considered. In a recent paper, researchers from Microsoft, Google DeepMind, Columbia University, and startups Virtuals Protocol and t54.ai proposed the Agentic Risk Standard, a settlement-layer framework designed to compensate users when an AI agent misexecutes a task, fails to deliver a service, or causes financial loss. "Technical safeguards can offer only probabilistic reliability, whereas users in high-stakes settings often require enforceable guarantees over outcomes," the paper said. The authors argue that most current AI research focuses on improving how models behave, including reducing bias, making systems harder to manipulate, and making their decisions easier to understand. "These risks are fundamentally product-level and cannot be eliminated by technical safeguards alone because agent behavior is inherently stochastic," they wrote. "To address this gap between model-level reliability and user-facing assurance, we propose a complementary framework based on risk management." The Agentic Risk Standard adds financial safeguards to how AI jobs are handled. For simple tasks where the user only risks paying a service fee, payment is held in escrow and released only after the work is confirmed. For higher-risk tasks that require releasing money upfront, such as trading or currency exchanges, the system brings in an underwriter. The underwriter evaluates the risk, requires the service provider to post collateral, and repays the user if a covered failure happens. The paper noted that non-financial harms such as hallucination, defamation, or psychological harm remain outside the framework. The researchers said the system was tested using a simulation that ran 5,000 trials, adding that the experiment was limited and not designed to reflect real-world failure rates. "These results motivate future work on risk modeling for diverse failure modes, empirical measurement of failure frequencies under deployment-like conditions, and the design of underwriting and collateral schedules that remain robust under detector error and strategic behavior," the study said.