The regulations governing financial data have always assumed human judgment would sit at the data boundary. Here's how Bonfy puts that judgment back — inside the AI reasoning loop, where the compliance decision actually gets made.
TL;DR: GLBA, Reg S-P, and FINRA attach their obligations to customer relationships, not data types — and that worked because a human supplied the judgment. AI agents have removed the human without removing the obligation: an authorized Copilot or agent, fully within its permissions, can blend two clients' data or surface one relationship's information in another's context — a compliance failure no breach alert will catch. The gap is about use, not access, and Bonfy closes it with an entity-aware knowledge graph that learns who each piece of data belongs to, Contextual Data Enforcement across the grounding, output, and data-in-use layers (including an MCP server agents call mid-reasoning to ask "is this safe?"), and per-agent risk modeling. With Reg S-P deadlines already passed for large firms and imminent for smaller ones, this is a live obligation, not a future one.
******************
In his latest Substack article, Bonfy CEO, Gidi Cohen makes an argument that lands harder than most, because it's correct: GLBA, Regulation S-P, and FINRA don't attach their obligations to data types. They attach them to relationships. A customer is a specific person in a specific ongoing engagement, and every protection the framework defines presumes the institution knows whose data it holds, what relationship surrounds it, and whether a given use is appropriate for that customer in that context.
For decades, that presumption held because a human filled the gap. The relationship manager knew which client was which. The compliance officer caught cross-client contamination in outbound communications. The advisor understood, intuitively, that this information belonged to this client and had no business showing up in that context.
AI agents have removed that human from the loop without removing the obligation. A Copilot drafting client communications, a custom agent fielding a support inquiry, a retrieval system assembling an investment summary — each inherits broad access and none of the relational judgment that made the access safe. The agent does not know that combining two clients' positions in one response crosses a line GLBA and Reg S-P were written to protect. It does not know that surfacing one client's holdings in the context of another's inquiry is a potential unauthorized use under Reg S-P's 2024 amendments. It cannot know, because it has no model of the customer relationship at all.
This is the gap. And closing it is precisely what Bonfy was built to do.
The instinct in most security programs is to reach for access controls. But the failure mode here isn't a breach. It's the authorized agent, operating entirely within its legitimate permission boundary, making a data-handling decision that violates a relational obligation. Nothing gets exfiltrated. No alert fires in a conventional DLP or SIEM deployment. And yet the institution has a compliance failure under GLBA's Safeguards Rule, Reg S-P's unauthorized-use provisions, or FINRA's customer-information protection requirements.
Permissions tell you what an agent can reach. They say nothing about what it should use, for whom, and in what context. That distinction is the entire ballgame in financial services, and it's the distinction legacy controls were never designed to see. Endpoint DLP can't follow a cloud-hosted agent. DSPM catalogs data at rest but goes blind the moment that data is pulled into a prompt, blended with another client's records, and reasoned over in transient memory that never exists as a file or a network object.
Bonfy starts from a different question. Not what agents exist and how are they configured, but what data is flowing through them, and is it safe for this customer, in this context, right now.
Bonfy's Adaptive Content Security (ACS) platform secures the data layer of AI agents — the content moving in, through, and out of agent workflows — rather than just their configuration. Three capabilities do the work the missing human used to do.
1. An entity-aware engine that actually understands the customer relationship
This is the foundation, and it maps directly onto what the regulations require. Bonfy builds a self-supervised business-context knowledge graph that learns your organization's structure, its customers and consumers, and the relationships among them. In plain terms: Bonfy understands who a piece of data belongs to, and which human or agent is putting it at risk.
That is the customer relationship, rendered into something an enforcement engine can reason about. When a wealth-management agent assembles a client summary, Bonfy can recognize that the NPI in hand was obtained through a relationship with one customer and has no place informing a response prepared for another. The judgment the regulatory framework has always assumed — this belongs to this client; it doesn't go there — stops depending on a person remembering to apply it.
2. Contextual Data Enforcement at the moment data is retrieved and assembled
Bonfy enforces in three layers across the agent lifecycle, so the relational obligation is checked everywhere a violation could originate:
That third layer is the one the source argument points at without naming: enforcement living inside the AI reasoning workflow, at the moment data is retrieved and assembled, where the compliance decision is actually being made. That's not a metaphor for Bonfy. It's a runtime call.
3. Agents treated as first-class entities
Bonfy extends its risk modeling to treat agents as entities in their own right — alongside humans, contractors, and service accounts — with risk scoring and behavioral insight per agent. This is exactly the posture FINRA's 2026 Annual Regulatory Oversight Report gestures toward when it flags autonomous agents as an emerging risk warranting novel oversight: tracking what specific agents do, and restricting what they can reach. Because Bonfy correlates activity across channels and actors, it can surface patterns like this agent repeatedly combines data from regulated repositories with an unsanctioned external tool — rather than treating each event as an isolated blip.
None of this requires ripping out your AI program or adopting a new agent framework. Bonfy integrates natively with Microsoft 365 — Exchange Online, SharePoint, Entra, Copilot, and Purview — and complements Microsoft Purview by providing high-accuracy, entity-aware labeling and cross-SaaS enforcement: Purview governs Microsoft, Bonfy governs the whole enterprise. Coverage extends across Google Workspace, Salesforce, HubSpot, Slack, on-prem file stores, AWS S3, browser-based and shadow-AI usage, and — through the MCP server — custom and autonomous agent workflows. One platform, one policy set, one knowledge graph governs the advisor sending an email and the agent summarizing a knowledge base.
For large broker-dealers, investment advisers, and investment companies, Reg S-P's 2024 amendment compliance deadline was December 3, 2025. For smaller entities, it's June 3, 2026. These are live obligations governing AI systems that are already moving customer data across financial institutions every day.
The frameworks didn't change when AI arrived. AI simply removed the human mechanism through which those frameworks were enforced. The regulations still know what a customer relationship is. Now your AI agents can too — because Bonfy gives them an engine that understands whose data this is, and judgment that fires at the exact moment it matters.
See how Bonfy secures the data layer of your AI agents, copilots, and GenAI workflows against GLBA, Reg S-P, and FINRA obligations. Schedule a demo.