Dive into real-world AI agent deployments in enterprise banking, bypassing demo hype to explore five practical systems for API enforcement, compliance, and incident response in the MENA region.

I've watched three "agentic AI" vendors pitch Alrajhi in the last quarter. Same pattern every time: slick demo, zero latency, perfect context awareness, and a pricing model that assumes compute is free.
Then you ask about throughput. About audit trails. About what happens when your KYC agent hallucinates a compliance decision at 2 AM and your transaction pipeline is already choking on Ramadan traffic.
Silence.
This post is the opposite. Five agents I actually run. Laravel backend, Next.js frontend, React Native for our merchant app. No vendor magic. Just mechanical engineering with LLMs bolted to real infrastructure.
What it does: Reads OpenAPI specs, generates Laravel request classes, TypeScript interfaces, and React Native API hooks. Flags breaking changes before they hit staging.
We bank with 40+ third-party APIs. Card networks, local switches, government identity services. Each has "documentation" — PDFs scanned in 2019, Swagger files that lie, endpoints that return 200 with HTML error pages.
The agent lives in a GitHub Actions workflow. Not some chatbot interface. It:
The friction: It still hallucinates required fields. I keep a HUMAN_VERIFY label. Anything touching monetary amounts gets eyeballs.
The architecture win: Our mobile team stopped shipping type errors to production. React Native's loose typing was killing us — this agent adds guardrails without slowing anyone down.
Continue Reading
What it does: Parses Central Bank audit requests, queries our ClickHouse transaction warehouse, generates SAR (Suspicious Activity Report) drafts with evidence chains.
Jordan's central bank can request 90 days of transaction history with 48 hours notice. Used to take four engineers three days. Now one agent + one compliance officer.
How it's built:
The wall we hit: GDPR-style data residency rules. Can't send transaction data to OpenAI. We run Llama 3 70B on-prem via vLLM. Slower. More GPUs. But the data never leaves our Amman DC.
MENA reality check: Cloud AI services assume US/EU latency budgets. Our fiber to Frankfurt is 60ms on a good day. On-prem inference is non-negotiable for anything customer-facing.
What it does: Pre-submission testing for React Native apps. Generates test accounts, executes core flows, screenshots failures, compares against baseline.
App Store rejections cost us launch windows. Apple's "guideline 4.2" — minimum functionality — is subjective and applied inconsistently across MENA reviewers.
This agent runs on GitHub Actions with Maestro + Detox. But the intelligence layer:
The gravity: It can't fix your architecture. If your app is actually a wrapped website, no agent helps. But it catches the stupid stuff — broken deep links, missing loading states, Arabic text truncation in RTL layouts.
Real numbers: Reduced our submission-to-approval time from 14 days to 4 days. Not because Apple got faster. Because we stopped submitting broken builds.
What it does: Watches PagerDuty, reads runbooks, suggests remediation steps, opens PRs for common fixes.
Not auto-remediation. That's a liability nightmare in banking. But decision support for the on-call engineer at 3 AM.
Architecture:
The tsunami scenario: During last year's Jordanian government salary disbursement, our card processing spiked 400%. The agent correctly identified the pattern — "annual bulk payment, third-party processor throttling" — and surfaced the manual failover procedure we'd documented but never automated.
The catch: It suggested a failover that would have violated our active-active architecture contract. Human override. Always.
What it does: Reviews Laravel PRs for N+1 queries, missing authorization gates, leaky abstractions. Not style — substance.
We tried Copilot, CodeRabbit, the usual suspects. Too noisy. Banking code has patterns that generic tools don't recognize.
Custom agent built on:
phpstan output as structured inputWhat it catches that others miss:
with()DB::raw()The headroom: We're training it on our React Native codebase next. Mobile has different failure modes — async storage leaks, bridge bottlenecks, biometric prompt timing. Generic tools don't understand React Native's threading model.
The newsletter that inspired this promised "no code" agent setup. Here's what that looks like in month six:
"No code" is a demo conceit. Production agents need infrastructure. Observability. Fallbacks. The same disciplines as any distributed system.
Connectivity: Our agents run with retry logic that would seem paranoid in Silicon Valley. ISP routing changes. Government-mandated filtering updates. Ramadan traffic patterns that break statistical models.
Regulatory velocity: Saudi SAMA, Jordan Central Bank, UAE CBUAE — each has different AI governance guidance. We architect for evidence extraction, not just accuracy. Every agent decision needs audit trail.
Talent density: We can't hire 50 ML engineers. Our stack optimizes for Laravel developers who can read model cards. The agent infrastructure is boring, well-documented, boring again.
After six months of production agents, one pattern emerged:
Agent as queue worker, not API endpoint.
Every agent in our stack is Laravel-side, not frontend. React Native and Next.js call standard APIs. The AI layer is implementation detail, not interface. This lets us:
Your users don't care if AI generated the response. They care if their salary hit their account. Architecture follows from that.
I'm experimenting with agent-to-agent negotiation for our reconciliation pipeline. Multiple vendors, conflicting data formats, manual mapping currently.
The hypothesis: agents can negotiate schema mappings better than humans, because they don't get bored and they don't assume "obvious" equivalences.
Early friction: they converge on mappings that are technically valid but business-wrong. Need to inject domain constraints as guardrails, not prompts.
You're probably running some "AI-powered" feature by now. Maybe Copilot in your IDE, maybe a customer support bot.
When did you last check its error rate? Not the dashboard number — the actual false positives, the hallucinations that shipped, the decisions made without human visibility?
In banking, we have a phrase: "trust but verify." For AI agents, I'd add: "automate but audit."
What's your agent infrastructure actually costing you — in compute, in cognitive load, in decisions you didn't know were being made?
Drop me a reply. Curious how this plays out in other MENA stacks, other regulated industries.

AI Engineer & Full-Stack Tech Lead
Expertise: 20+ years full-stack development. Specializing in architecting cognitive systems, RAG architectures, and scalable web platforms for the MENA region.
Practical AI + full-stack insights for MENA builders. No spam.




Browse the latest articles or explore the full archive.