Regulated Enterprise Constraints Endpoint Controls And Identity Barriers
Sources: 1 • Confidence: Medium • Updated: 2026-03-31 04:43
Key takeaways
- Marco Argenti said Goldman relies on signed executables and locked-down endpoints consistent with a bank security posture.
- Marco Argenti said every Goldman developer is enabled with agentic AI tools, including early deployment of Devin and use of tools like Cloud Code and Copilot’s agent mode.
- The hosts identified internal token-budget allocation and optimizing model performance versus cost as an unresolved engineering and incentive problem inside organizations.
- Marco Argenti said that in Goldman's environment, LLMs can generate source code but cannot directly produce a runnable signed executable because builds and signing are required for execution.
- Marco Argenti argued that the shift from chat-style assistants to agentic systems is driven by models that create a plan before responding rather than returning the first plausible answer.
Sections
Regulated Enterprise Constraints Endpoint Controls And Identity Barriers
- Marco Argenti said Goldman relies on signed executables and locked-down endpoints consistent with a bank security posture.
- Marco Argenti said that in Goldman's environment, LLMs can generate source code but cannot directly produce a runnable signed executable because builds and signing are required for execution.
- Marco Argenti said Goldman enforces information barriers by tying user and application access, including each AI agent/session, to an identity badge that restricts data visibility at the source.
- Marco Argenti said Goldman employees generally cannot install software that is not available through the corporate app store due to endpoint lockdown controls.
- Marco Argenti said building Goldman's GSAI platform took nearly two years due to requirements such as cybersecurity and information barriers.
- Marco Argenti said casual 'vibe coding' approaches are unsuitable for bank-grade AI because of requirements such as cybersecurity and information barriers.
Workforce Skill Shift Toward Specification And Supervision
- Marco Argenti said every Goldman developer is enabled with agentic AI tools, including early deployment of Devin and use of tools like Cloud Code and Copilot’s agent mode.
- Marco Argenti said agentic AI is changing developer work from hands-on coding toward planning, specification, and product-management-like tasks where explanation becomes more important than writing code.
- Marco Argenti said Goldman measures developer AI ROI primarily by increased output evidenced by projects consistently finishing ahead of schedule with improved quality.
- Marco Argenti said effective work with AI agents requires people to explain desired outcomes, delegate work across specialized agents, and supervise outputs, mirroring core management skills.
- Marco Argenti predicted AI will push many employees toward manager-like roles focused on ideation, clear specification, delegation, and evaluation, and that not everyone will transition quickly without training and cultural exposure.
- Marco Argenti suggested AI can reduce developer fatigue by automating repetitive toil such as library upgrades or bulk UI changes.
Centralized Model Gateway Routing And Token Governance
- The hosts identified internal token-budget allocation and optimizing model performance versus cost as an unresolved engineering and incentive problem inside organizations.
- Marco Argenti said token-cost governance requires centralized model access via a model gateway that meters usage and routes each request to an appropriate quality-cost tradeoff rather than letting teams call model APIs independently.
- Marco Argenti said Goldman's AI platform group spends significant effort deciding which data to retrieve for a question and which model to route it to in order to stay on a quality-cost Pareto frontier.
- Marco Argenti argued users should be insulated from token-level cost concerns and encouraged to use models heavily while a central platform team optimizes cost.
- Marco Argenti predicted that token unit costs will fall substantially but total token consumption will rise faster, making tokens a major ongoing cost line item comparable to labor rather than a marginal IT cost.
Sdlc Controls Human In Loop And Pipeline Investment
- Marco Argenti said that in Goldman's environment, LLMs can generate source code but cannot directly produce a runnable signed executable because builds and signing are required for execution.
- Marco Argenti said Goldman enforces a zero-trust-style SDLC where senior humans review AI-generated changes and CI/CD pipelines run security and technology risk checks before production deployment.
- Marco Argenti said Goldman does not allow AI systems to auto-approve code changes and instead limits them to creating pull or merge requests that require human approval.
- Marco Argenti predicted that banks do not necessarily lose meaningful development velocity under these controls if they invest sufficiently in governance and pipelines and engage regulators transparently about knowns and unknowns.
Agentic Capabilities Definition And Enterprise Safe Variants
- Marco Argenti argued that the shift from chat-style assistants to agentic systems is driven by models that create a plan before responding rather than returning the first plausible answer.
- Marco Argenti said Goldman is not using OpenClaw directly but is incorporating OpenClaw-like agent characteristics into its own platform, including continuous observation loops, task scheduling, and self-modifying behavior via instruction files.
- Marco Argenti distinguished 'speed' as short-term sprinting from 'velocity' as sustained progress that avoids hitting security, scalability, and quality walls.
- Marco Argenti characterized OpenClaw-style agents as having three core properties: continuous observation in a loop, scheduled task execution, and the ability to change behavior via editable instruction files.
Watchlist
- The hosts identified internal token-budget allocation and optimizing model performance versus cost as an unresolved engineering and incentive problem inside organizations.
Unknowns
- What are the actual active-user metrics for the internal assistant (e.g., daily/weekly active users, retention by cohort, usage by business line) and how are they defined?
- What are the token volumes (tokens per prompt, mix by model), unit costs, and total monthly spend associated with the reported prompt volume?
- How is answer quality measured for retrieval-driven assistant outputs (accuracy, citation correctness, latency, freshness), and what is the attributable impact of data curation versus model choice?
- What is the operational process for onboarding new data sources (time-to-connect, required reviews, ongoing maintenance) and how often do connectors break or drift?
- Which specific third-party software categories and vendors were displaced, and what functionality was rebuilt internally versus eliminated?