By Vinay Kumar Sankarapu, Founder, Lexsi.ai
AI is no longer a banking “pilot.” It is becoming banking infrastructure. Underwriting, fraud detection, AML, customer service, and document-heavy operations are being rebuilt around model-driven workflows. That shift changes the question leadership teams must answer. It is no longer “Can we deploy AI?” It is: When AI becomes part of the operating system, who owns it?
That is what sovereign AI actually means. Not a flag planted on a model, but control over how intelligence is created, used, audited, defended, and migrated over time. Banks have always managed concentration risk and operational resilience. AI introduces those same risks in new disguises, and early success often hides them.
Risk hiding in plain sight
Vendor concentration is the most visible. If core workflows depend on one provider’s uptime, pricing, policy constraints, and product roadmap, the bank trades long-term leverage for short-term speed. Data residency risks follow quickly, because prompts are not “just text.” They carry sensitive intent, customer context, and institutional knowledge. Then there is the quieter issue of business intelligence leakage. The more a bank externalises its fraud heuristics, underwriting rationale and operational playbooks through repeated interaction, the more those patterns become observable and, in the wrong hands, exploitable. And finally comes the trap that sounds technical until it becomes expensive, vector lock-in. Once a bank’s knowledge layer is tuned to a specific embedding space, switching models stops being procurement decision and starts being a reconstruction project.
Why the open vs. closed binary fails banking
The market tends to frame a neat binary: go all-in on frontier, closed models for capability, or all-in on open source for sovereignty. Banking reality makes that binary fail.
A frontier-provider-only approach can accelerate time-to-value, but it constrains inspection, limit deep customisation, and make it difficult to produce an audit-grade explanations of model behaviour. An open-source-only approach improves control and bargaining power, but open weights are not a complete answer. Frontier performance in production is not only about weights, it is also about the safety scaffolding around them, alignment methods, evaluation harnesses, red-teaming, and continuous monitoring. That scaffolding remains uneven in the open ecosystem, especially for regulated workflows.
So, the right answer is not choosing a side. The right answer is owning the missing layer that makes either side usable.
The missing layer
That missing layer is frontier research in the most practical sense: the discipline of making AI dependable under real banking constraints. It encompasses several capabilities that are less glamorous than model selection but far more consequential at scale.
Interoperability prevents hard wiring the bank to one model’s quirks and creates the freedom to change providers without rebuilding governance. Alignment turns policy into testable constraints and escalation logic, not just documents. Safety engineering and red-teaming must be built around a bank’s threat model, because prompt injection, data exfiltration, jailbreak attempts, and fraud manipulation are not theoretical in financial services. They are active attack surfaces.
It is assurance through continuous evaluation, drift detection, monitoring, and traceability that can withstand scrutiny months later during audits and disputes. And incident readiness matters because production AI will fail in ways that deterministic software teams are not prepared for.
The portfolio approach
The most resilient strategy is to run a model portfolio. Banks will use a mix of closed and open models, and eventually internal models for selected workloads, chosen by latency, cost, language requirement, privacy constraints, and use-case sensitivity. But a portfolio only works if the bank builds an interoperability fabric and an assurance spine that remain constant while models change. If switching models forces the bank to reinvent governance and rewrite systems, it does not have sovereignty. It has a rotating dependency.
There is also a strategic point many misses. A bank’s competitive moat may not be the base model. It may be the safety case it can defend, the evaluation suites tied to its workflows, the adversarial tests it runs continuously, and the monitoring and audit trails that make automation accountable. Those capabilities become banks IP, and preserve optionality. They let banks jump-start with frontier models, then transfer workloads to more controlled deployments when needed, without breaking governance.
From adoption to defense
As AI becomes mainstream across the enterprise, banks must shift from adoption to defense. Defense is not fear – it is maturity. It is treating AI like critical infrastructure it has become, with standards for interoperability, alignment, safety, assurance, and incident response built in from day one.
Adopting AI is easy. Scaling it without surrendering control is where most struggle. Every institution that outsources its AI logic without owning the assurance layer is quietly making a bet, that its vendors’ interests will remain aligned with its own. History suggests that bet rarely ages well. Sovereign AI at scale will not be built by choosing between closed and open models. It will be built by banks that owns the missing layer, the frontier research and assurance layer that makes intelligence portable, governable, and safe. The banks that are not being cautious; they are being strategic.