Tyk at FDX Virtual Summit 2025

Publish on 17 Nov, 2025 - by Laura Heritage
Last updated: 17 Nov, 2025

The future of banking APIs: Key insights from the FDX Virtual Summit

How AI agents are transforming Open Finance and what it means for your API strategy.

Earlier this month, over 700 financial services professionals gathered virtually for the FDX Summit to tackle one of the industry’s most pressing questions: How will AI reshape the future of Open Finance?

As a proud participant in this critical conversation, Tyk came away with insights that every bank, fintech, and financial services provider needs to understand. The overarching message was clear: AI agents are already here, and they’re fundamentally changing how APIs are consumed, secured, and monetized.

Numbers that demand notice 

A couple of the statistics from the summit really brought home the urgency of the need to focus on AI and Open Finance: 

  • 50% of all API calls are now coming from AI agents, not human developers
  • By 2027, 30% of financial transactions will be initiated by autonomous agents acting on behalf of consumers, according to industry leaders’ projections

What’s remarkable is that this dramatic change is already happening. Cloudflare’s data, presented at the summit, shows how significantly web traffic patterns have already shifted:

  • Google now scrapes sites 10 times more per visitor than before AI
  • OpenAI scrapes 1,500 times per visitor
  • Anthropic scrapes an astonishing 60,000 times per visitor

Your API infrastructure is now serving intelligent systems that interact with your services in entirely new ways, not just human developers. 

The four types of API consumers 

The summit highlighted that financial institutions must now cater to four distinct consumer types:

  1. 10x developers – Traditional expert developers who need comprehensive API documentation
  2. Mainstream developers – The majority, who require SDKs, code samples, and developer tools
  3. Citizen developers – Business users leveraging low-code/no-code solutions
  4. Agentic AI – Autonomous systems that will likely outnumber all human developers combined

Each of these consumers requires different support mechanisms. For example, while human developers read documentation, AI agents consume your OpenAPI specifications directly. This fundamental shift demands that your API specs be perfectly accurate, machine-readable, and kept rigorously in sync with your implementation.

The hidden risk of API drift

Research presented at the summit revealed a concerning finding: 25% of top APIs don’t conform to their own specifications, and 89% had updates in the last six months.

In a world where AI agents rely entirely on your specs (not your documentation), this drift becomes a critical vulnerability. When your API spec says one thing but your implementation does another, human developers might figure it out. AI agents? They’ll fail, and they’ll take your customer experience down with them.

This is where API management is mission-critical. At Tyk, we’ve seen this challenge firsthand with our banking customers. Yes, your API gateway is still about security and traffic management, of course, but it’s also about ensuring specification accuracy, preventing drift, and maintaining the contract your agents depend on.

Protecting intent

Traditional security controls are built for human speed and scale. However, threats now operate at machine speed. AI-powered attacks can:

  • Chain APIs in unexpected sequences
  • Exploit business logic in ways developers never anticipated
  • Adapt in real-time to bypass traditional defenses
  • Manipulate parameters to alter internal application states

The solution? Using AI to defend against AI. This encompasses:

  • Behavioral modeling of API usage patterns
  • Real-time anomaly detection on workflows (not just individual calls)
  • Understanding the context and intent behind API calls
  • Deep visibility into how agents are orchestrating your APIs

This reinforces the critical importance of comprehensive API observability, granular access controls, and the ability to understand and govern complex API interaction patterns. All benefits that Tyk customers enjoy.  

The Model Context Protocol (MCP) revolution

One of the most practical takeaways from the summit was the emergence of MCP as a new standard for agent-API interaction, though it’s not entirely without flaws. Think of MCP servers as the SDKs for AI agents.

Leading organizations are already implementing MCP servers to make their APIs agent-ready. This provides a standardized way for AI systems to:

  • Discover available APIs and capabilities
  • Understand how to orchestrate multi-step workflows
  • Access contextual information needed for intelligent decision-making

For banks and fintechs, the implication is clear: If you want AI agents to work with your services, you need to meet them where they are. This means packaging and presenting your APIs in ways that AI systems can natively consume.

The trust advantage

Interestingly, the summit highlighted a crucial advantage that established financial institutions have over fintechs and tech platforms (no matter how nimble and powerful): trust.

As one panelist pointedly asked: “Do you want to give all your sensitive data to Zuckerberg or Elon’s Grok? Or would you rather work with a brand you trust that has done the testing, has the controls, and will protect your data after the agent is done using it?”

Traditional financial institutions have spent decades building trust, implementing controls, and demonstrating reliability. In an AI-driven world where data flows through multiple intelligent systems, that trust premium becomes even more valuable, provided you couple it with the technological sophistication to actually deliver agent-ready services.

Industry collaboration in action

The FDX announced the launch of a new AI-focused Task Force (co-chaired by Plaid and PNC) to address several critical matters:

  • Authorization management standards for AI agents
  • Data provenance and transparency requirements
  • Security frameworks for agent-to-agent communication
  • Implications for the FDX standard as AI adoption accelerates

This represents exactly the kind of industry collaboration needed to ensure open finance evolves in a secure, standardized way that benefits everyone.

What this means for your API strategy

Based on the summit discussions, there are some clear, key actions that financial institutions need to prioritize:

1. Audit your API specifications

  • Ensure 100% alignment between specs and implementation
  • Implement real-time drift detection
  • Ensure your version control is rigorous

2. Invest in API governance

  • Product managers (not just engineers) must be deeply involved
  • Your API specs are now your contract with AI consumers
  • Business logic validation must be automated and continuous

3. Build for agent readiness

  • Consider implementing MCP servers for key use cases
  • Provide API context plugins for AI coding assistants
  • Create API copilots to assist both human and AI consumers

4. Enhance your security posture

  • Implement behavioral analysis across API call chains
  • Deploy contextual anomaly detection (not just rate limiting)
  • Use AI-powered defenses to combat AI-powered threats

5. Maintain your trust advantage

  • Lead with security and reliability messaging
  • Be transparent about AI governance and controls
  • Position your financial institution as the trusted partner 

Power your AI-ready API strategy with Tyk 

At Tyk, we’re already working with leading banks to address a huge range of challenges. These include:

  • Universal API management: Whether your APIs serve Open Banking standards, proprietary channels, or emerging agent protocols, Tyk provides consistent governance, security, and observability
  • Specification-first approach: Our platform ensures your API implementations stay aligned with your OpenAPI specs, which is critical for agent reliability
  • Advanced security for AI agent interactions: Tyk extends the same governance, security, and management capabilities you use for traditional APIs to MCP endpoints, ensuring AI agents accessing your systems are properly authenticated, authorized, and monitored
  • Multi-protocol support: As new standards like MCP emerge, Tyk’s flexibility allows you to expose your services through multiple protocols without rebuilding your backend
  • Observability for complex flows: Tyk enables you to understand how agents are orchestrating your APIs, with detailed analytics on multi-call workflows and unusual patterns

The bottom line

The FDX Summit made one thing abundantly clear: AI agents are transforming Open Finance right now, so you need to move fast. The infrastructure you build today will determine whether AI agents enhance your customer experience or bypass you entirely.

Financial institutions that treat this as a distant future concern will find themselves outpaced by competitors who are already making their APIs agent-ready. In contrast, those who act now, ensuring specification accuracy, implementing modern security controls, and building for the four types of API consumers we outlined above, will be positioned to capture the enormous opportunities that agentic AI unlocks.

Ready to make your APIs agent-ready? Let’s talk about how Tyk can help you navigate the shift to AI-driven Open Finance. Contact our team today