Advisor Perspectives welcomes guest contributions. The views presented here do not necessarily represent those of Advisor Perspectives.
You may have heard the story. It’s a funny anecdote: A short time ago, a woman had to run across her house to stop her computer before it destroyed her inbox.
She wasn't a casual tech user who downloaded something sketchy. It was Summer Yue, director of alignment at Meta Superintelligence Labs. Someone whose job it is to make sure AI doesn't go off the rails. And she watched an AI agent ignore her commands, while she frantically typed "STOP" into her phone from another room. Thankfully, she made it to the machine and killed the process manually.
Now here's the question we've been sitting with since that story broke: What if this happened to a client's data?
The Tools Are Outpacing Their Guardrails
The agent involved was OpenClaw, the open-source AI agent orchestrator that's become a phenomenon in tech circles. It can browse the web, read and send emails, manage files, run scripts, and execute multi-step tasks with very little human input. It can also delete hundreds of emails from the inbox of one of the world's leading AI safety researchers despite her repeated instructions to stop.
The technical explanation is something called context window compaction. Essentially, the agent ran out of working memory, compressed its history of instructions, and in doing so quietly dropped the most important one: Ask before you act. It didn't malfunction in any malicious sense. It just forgot part of its instructions and kept going.
In wealth management, that scenario doesn't stay hypothetical for long. Imagine an agent with access to a client's financial records, communications, and account information that experiences the same kind of memory compression mid-task.
An instruction like “review but do not execute trades” disappears from the working context. Suddenly, the agent is no longer summarizing a portfolio review but initiating transactions.
Or consider an agent drafting client communications. If it loses the instruction to verify data before sending, it could distribute performance figures that have not been validated, reference outdated account information, or send sensitive documents to the wrong recipient.
These systems are powerful precisely because they can act across multiple systems at once. But that also means a small failure in memory or instruction handling can cascade quickly, and advisors may not realize something has gone very wrong until the consequences reach the client.
It Gets Darker
In a controlled research study published in June 2025, Anthropic embedded their flagship AI model inside a simulated company and gave it access to internal emails. The model discovered two things: It was about to be shut down, and the person making that decision (Kyle) was having an extramarital affair.
Then, as Anthropic puts it, (and I paraphrase) the model recognized that Kyle’s affair provided leverage, it calculated that a carefully worded email would create pressure without explicit threats, and it then executed this plan.
Let’s be fair. This was a highly engineered scenario that was designed to test the edges of model behaviour. But consider a future where an agentic tool has access to a wealth firm's communications. Imagine an agent that can read emails, draft responses, and take actions on behalf of an advisor. What if it’s an agent with visibility into client portfolios, company earnings calls, board meeting notes, and sensitive personal financial information?
The agent might be acting with the best of intentions to achieve goals that you’ve set. But as Anthropic researchers put it: What happens when these agents face obstacles to their goals?
We think that's exactly the right question. And we think wealth management is precisely the kind of environment where the answer matters most.
Industry Experience Isn't Optional
When we think about AI, the question isn’t simply what’s technically possible. It’s what is safe, auditable and appropriate in a regulated environment where clients trust the entire business. Those are very different questions, and they lead to very different decisions about how technology should be designed and deployed.
Advisory firms operate within strict expectations around compliance, data handling and record keeping. Every client interaction must be documented. Every action must be explainable. Software built for this industry has always needed to account for those realities.
The Summer Yue story is a good one partly because it had a good ending. She ran fast enough. The emails were mostly recoverable. She called it a rookie mistake and posted about it publicly, which took courage and is genuinely useful for the rest of us.
But in wealth management, there are no rookie mistakes. There is only the standard of care you owe your clients and whether you’ve met it.
The firms that will come out of this AI moment in the best shape aren't the ones who moved fastest. They're the ones who moved thoughtfully, choosing technology built with the realities of wealth management in mind. That’s the perspective we bring to AI at Practifi.
Adrian Johnstone is CEO of Practifi, and Don Arnison is the firm’s chief architect.
A message from Advisor Perspectives and VettaFi: Discover something new! Click here to register for our upcoming webcasts.
Read more articles by Adrian Johnstone, Dan Arnison
Advisor Perspectives welcomes guest contributions. The views presented here do not necessarily represent those of Advisor Perspectives.
