Top Tier International Bank

A global financial institution with more than 6,000 developers recently completed a phased deployment of Codenotary AgentMon to secure and govern the rapidly growing use of agentic AI systems across its engineering organization. The initiative was driven by a sharp increase in autonomous AI tooling inside developer workstations, CI/CD pipelines, and runtime infrastructure, where internal teams were using frameworks and tools such as custom coding agents, CLI-based LLM assistants, and orchestration pipelines capable of autonomous tool execution.

The bank’s engineering fleet was heterogeneous: approximately 60% of developers operated on Linux workstations, while the remaining population used macOS and Windows environments. In parallel, agentic workflows had begun expanding into build pipelines and elastic runtime scale-out environments, creating a new operational challenge. Security teams recognized that traditional SIEM and endpoint tooling lacked visibility into LLM prompts, tool calls, token flows, and autonomous execution chains occurring inside these AI-driven systems.

AgentMon was deployed as an OTLP-native observability and governance layer spanning developer endpoints, CI/CD infrastructure, and production runtime nodes. Telemetry from agentic sessions was collected through authenticated OTLP gRPC ingestion with TLS and bearer-token enforcement. The platform provided full-span tracing of prompts, tool execution, and inter-agent workflows while enriching telemetry with developer identity, Git attribution, repository metadata, and cost telemetry.

One of the bank’s primary requirements was ensuring that sensitive internal information could not be leaked through autonomous agent workflows. AgentMon’s enrichment pipeline performed inline PII filtering and suspicious-input detection before telemetry storage, allowing the institution to monitor agent behavior without exposing regulated data. The deployment was fully self-hosted within the bank’s private infrastructure, satisfying internal compliance and residency requirements.

Within weeks of deployment, the bank identified multiple classes of operational risk that had previously been invisible. These included agents attempting to access unauthorized repositories during CI jobs, prompt injection attempts targeting internal coding assistants, abnormal token-consumption spikes tied to runaway automation loops, and unapproved external model usage by isolated development teams.

AgentMon also enabled the bank to establish accountability across its AI estate. Every prompt, token stream, and tool invocation became attributable to a specific developer, repository, project, or runtime service. Engineering leadership used the platform’s dashboards to correlate AI usage with DORA metrics, software delivery performance, and operational cost efficiency.

The result was a measurable reduction in unmanaged AI risk while allowing development teams to continue scaling agentic automation safely across the enterprise.