Banks & Payments Processors - Agentic AI In PCI DSS

In this photo: figuring out how to put Koog (a JVM-based framework designed to build and run AI agents) inside a PCI DSS environment with Vadim Briliantov (Technical Lead and creator of Koog), Anton Yalyshev (Kotlin Product Manager), and Svetlana Isakova (Developer Advocate). "Built together" - the banner above us - turns out to describe exactly what's happening below it. I came to #KotlinConf2026 to deliver my talk, "Kotlin as a Safety Net: Type-Driven Reliability in the Finance Industry". But after catching Vadim Briliantov's session on building enterprise-ready AI with Koog, the connection between our topics was impossible to ignore. For organizations already leveraging the JVM, my first impression is that Koog offers a meaningful set of primitives that actually align with the controls a PCI DSS environment demands, rather than fighting them: - JVM-native: Supports Kotlin and Java equally. - Strict boundaries: Strong control of input and output by default. - Built-in observability: OpenTelemetry-native from the ground up. - Compensation primitives: A RollbackToolRegistry to manage tool side-effects on checkpoint restore. But here is the big caveat: Framework choice is maybe 20% of the PCI lift. The other 80% - tokenization, segmentation, KMS, logging, and vendor management - happens regardless of your tech stack. These are first impressions, not a finished thesis. Turning this into something production-ready requires proper business cases, deep comparison with other frameworks, deep technical risk analysis, and solving for the non-technical risks: regulatory compliance, liability allocation for agent actions, auditability of non-deterministic outputs, model version pinning, and multi-year change management. A request to the practitioners: If you're running agentic AI inside a regulated finance environment (a bank, payments processor, or PCI-scope fintech), I want to hear from you. What's working? What hurts? What surprised you in production? Drop your pros and cons in the comments. I'll synthesize the strongest input into a follow-up piece with Koog. #Kotlin #Koog #LangGraph #AIAgents #Fintech #PCIDSS #SoftwareArchitecture