AI adoption, agentic security and build vs buy: Key topics from the 2026 Citi AI Summit

Citi’s 4th annual AI Summit in Menlo Park underscored the firm’s deep and expanding connections in Silicon Valley, bringing together key figures from across the bank to engage with the technology ecosystem.

Citi is a leader in driving employee adoption of AI and strategically embedding the technology across its operations. Citi Ventures’ access to the innovation community at the Summit reinforces this advantage, distinguishing Citi as the preeminent global bank for investing in, adopting and advising emerging AI leaders.

The Summit served as a tangible example of this dynamic, demonstrating the firm’s forward-looking orientation and willingness to address all the contours of the ongoing AI conversation. This matters because AI is no longer a future consideration – the technology is already influencing entire industries, cost structures, security postures and workforce productivity.

Below are some key insights and takeaways from the event.

AI capability growth is accelerating

Across panels and sideline discussions, one theme was clear: the pace of AI capability growth is accelerating.

Participants pointed to the continued demand for compute as AI adoption scales. More powerful models are enabling new use cases at a steady drumbeat, extending AI’s reach well beyond traditional automation into high stakes domains such as drug discovery, national security and advanced robotics. While novel, these new models put an even greater strain on compute demand, limiting the wider-scale use of AI.

Meanwhile, panelists said companies are using token quotas to curb tokenmaxxing, or the deliberate overuse of tokens to demonstrate higher productivity. Enterprises need to address the issues to control costs, prevent abuse and provide fair, predictable access to shared AI resources.

For enterprises, this acceleration raises both opportunity and urgency. The question is no longer whether AI will materially affect business models, but how quickly organizations can adapt their operating models to benefit from its impact responsibly and at scale.

The conversation continues: build vs. buy, costs and control

Two unresolved debates stood out.

First, the future of the “build versus buy” decision remains unsettled. Some argued that AI will fundamentally shift development in house, allowing companies to build far more software themselves. Others believe organizations will still focus internal build efforts narrowly on core differentiators, relying on vendors elsewhere. The next year is expected to bring clarity as enterprises test where AI genuinely adds value.

Second, managing AI related costs is becoming a strategic concern. As usage scales, expenses tied to LLM APIs, cloud infrastructure, security, compliance and monitoring are rising. Approaches discussed ranged from token quotas to tiered access by role, to deploying portfolios of models that dynamically balance sophistication and cost. There is no single playbook, yet, but the pressure is on to appropriately manage related spend.

Agentic AI

Agentic AI generated significant interest, tempered by realism about enterprise complexity. Speakers consistently cautioned against viewing agents as a wholesale replacement for existing systems or human judgment, especially when they lack context or a full understanding of workflow.

A core challenge lies in distinguishing deterministic tasks from probabilistic ones. Rule based automation excels at the former, while LLM based agents are better suited for the latter. Successful enterprise implementations blend the two, often with humans in the loop to supervise outcomes and manage risk.

Another recurring theme was the “telemetry problem.” Many enterprises lack fully documented, granular understandings of how their workflows operate in practice. Training effective agents requires deep visibility into these non-linear, real world processes.

Securing AI

Few topics generated as much urgency as cybersecurity. The emergence of AI models capable of discovering zero day vulnerabilities introduces a fundamentally new threat vector.

Participants acknowledged a real risk: adversarial actors could fine tune or develop models to exploit unseen weaknesses in critical infrastructure, operating systems and databases. While some AI developers are acting responsibly, delaying releases to allow for patching, the potential for misuse is there.

On the agentic front, a recurring theme was that agentic governance and guardrails are no longer optional. Leading organizations are deploying tools to trace agent behavior, evaluate performance and enforce policies to prevent unintended or harmful outcomes.

Overall, there was strong consensus that securing AI systems remains a maturing endeavor. Industry standards, foundational tooling and best practices are still evolving, leaving many organizations in an experimental phase. Yet awareness of these risks is rising rapidly, and the expectation is that investment and innovation in AI security will accelerate to meet the moment. Protecting AI enabled systems is quickly becoming a board level priority.

Using AI to augment, not replace

Overall, there was strong consensus that securing AI systems remains a maturing endeavor. Industry standards, foundational tooling and best practices are still evolving, leaving many organizations in an experimental phase. Yet awareness of these risks is rising rapidly, and the expectation is that investment and innovation in AI security will accelerate to meet the moment. Protecting AI enabled systems is quickly becoming a board level priority.

For large enterprises, value is being realized by enabling existing teams to do more, faster cheaper and with higher quality. Sales, marketing, operations and customer service were repeatedly cited as areas where AI can materially boost output and, in some cases, contribute more meaningfully to the bottom line.

Physical AI progressing, but with constraints

While digital AI is advancing rapidly, discussions around physical AI and robotics were notably more measured. Panelists emphasized that the physical world imposes constraints that data driven models alone cannot overcome.

Unlike large language models, which benefit from trillions of internet scale tokens, robotics requires “physical world models” that incorporate physics, embodiment and environmental interaction. Real world training data remains scarce, and while synthetic data and imitation learning offer incremental gains, they do not yet close the gap.

The consensus was clear: general purpose humanoid robots for homes and public spaces will take longer to materialize than some predictions suggest. In contrast, progress will continue more quickly in constrained environments, such as warehouses and factories, where specialized robots can operate under defined conditions and deliver near term value.

The AI conversation continues

The Citi AI Summit made one thing unmistakable: AI is an ongoing, evolving technology with no settled endpoints. Citi is at the nexus of this ongoing conversation, consistently bringing together investors, operators, founders and thought leaders addressing and solving many of the real world problems discussed at the Summit.

By bringing a venture capital perspective and tying discussions to enterprise reality, Citi Ventures is helping to illuminate the contours of what comes next. We are excited to continue investing in the future!