Artificial Intelligence (AI) is advancing at a pace that outstrips traditional security frameworks. Generative AI has already changed how financial institutions analyze data, create insights and engage with customers. The next frontier, agentic AI, is even more transformative. These systems can reason, plan and act autonomously, interacting with APIs, orchestrating workflows and even collaborating with other agents across payment gateways, credit systems and fraud detection platforms.
While frameworks like MITRE ATLAS/ATT&CK, the OWASP LLM Top 10, the NIST AI Risk Management Framework and ISO/IEC 23894 provide valuable guidance, they were not designed to address the systemic risks and emergent behaviors unique to multi-agent AI ecosystems in highly regulated sectors like banking.
To address this gap, the Cloud Security Alliance (CSA) introduced MAESTRO (Multi-Agent Environment, Security, Threat, Risk and Outcome) in 2025. This article provides a deep dive into MAESTRO, what it is, how to apply it in your organization and how it strengthens resilience in business services using banking industry scenarios. In future articles, we will explore how MAESTRO complements MITRE, OWASP, NIST and ISO for a comprehensive AI risk program.
