Pular para o conteúdo principal
Tech86 Logo
Close
IA

SantanderAI: The Bank That Open-Sourced Its AI Stack

Gabriel Ferraresi· CEO | Tech86June 21, 20264 min
aiopen-sourcebankinggovernancesecurity

Santander just did something no major bank has done: it published its AI stack as open-source. The SantanderAI GitHub has 14 repositories under the Apache 2.0 license, no fanfare, no press release. And the AI community noticed before the journalists — over 600 followers and 200+ stars in weeks. We have been tracking the repository and the signal is clear: this changes the banking AI playbook.

What is in SantanderAI

According to the repository, the 14 repositories cover everything from synthetic data generation to LLM governance:

  • gen-fraud-graph: synthetic fraud graph generator that scales to 100M+ accounts. Entirely synthetic data — zero real customer data. Solves the classic fraud testing problem: real data is protected by LGPD/GDPR, and generic synthetic data does not capture real fraud network topology.
  • mech-gov-framework: mechanical governance framework for LLM decisions with 3 governance regimes (R1/R2/R3). Explicit, auditable rules — not subjective guidelines. In regulated sectors, this is what regulators demand.
  • ralph: iteration loop for AI CLIs (Codex, Claude Code, Gemini CLI, and Devin) that automatically switches agents when one hits the token limit. Vendor-agnostic abstraction in practice.
  • autoguardrails: research scaffold that searches for the guardrail policy that minimizes attack rate. Security as optimization, not as checklist.
  • sota-stressed-datasets: datasets with noise, ambiguity, and contradictions to test model robustness. Getting the happy case right is not enough — models need to survive the stressed case.
  • llm_bridge: vendor-agnostic bridge for OpenAI, Bedrock, and Gemini. Eliminates lock-in to a single LLM vendor.
  • mutatis-mutandis: research code on algorithmic discrimination with counterfactual comparators. AI fairness with scientific rigor.

5 of the 12 code repositories are directly about security, governance, and AI fairness. This is positioning: Santander takes responsible AI seriously enough to publish its guardrails. In a sector where an AI error can wrongly deny credit or flag innocent fraud, publishing your security framework is leadership and recruitment — probably both.

The European playbook vs. the American playbook

According to Evident, an AI benchmarking company for the financial sector, Capital One, Bank of America, and JPMorgan hold 75% of banking AI patents. Santander went in the opposite direction: it opened the non-core. It is the European innovation playbook — collaborate on infrastructure, compete on product.

What is not a competitive differentiator (guardrails, bridges, synthetic data, governance frameworks) becomes open-source. What is core (proprietary models, customer data, pricing strategy) stays closed. The logic is simple: if every bank needs guardrails, why does each one build its own? Collaborate on infrastructure, differentiate on product.

The industrialized OSPO

According to the organization's README on GitHub, Santander's Open Source Program Office has two tracks:

  • Fast Track: SLA under 4 hours for forks, datasets, generic SDKs. Quick approval for low-risk contributions.
  • Full Track: 2-4 weeks for models and frameworks with IP, with review by the FOSS Review Board (OSPO Lead + Legal + CISO + Architect). Rigorous process for code involving intellectual property.

It has a CLA based on the Apache ICLA. It has automated scans that verify code before publishing to ensure nothing internal leaks. Everything uses synthetic or anonymized data. Zero real customer data. The process is industrialized — not a loose repository, but a structured program with security and legal review.

The signal for the market

Santander has publicly committed to being an "AI-native bank" by 2027. According to a statement from the bank, AI generated over 200 million euros in savings in 2024. ChatGPT Enterprise for 15,000 employees. 6,000 devs with copilots. SantanderAI is the artifact of that commitment — you can literally see the stack being built.

No traditional media coverage. No press release. The AI community noticed before the journalists. That is how open-source influence works: bottom-up, not top-down. And that is how a European bank signals it takes AI seriously — not with patents, but with code.

At Tech86, we see this movement as part of a larger trend: the AI infrastructure layer is becoming a commodity, and differentiation is migrating to the application. When guardrails, bridges, and synthetic data are open-source, the value is in how you integrate, calibrate, and operate them — not in the code itself. We help companies do exactly that: adopt the open-source infrastructure layer and differentiate on the application.

Need expert guidance?

Schedule a consultation with our specialists.

AI Engineering Consulting

Frequently Asked Questions

SantanderAI is Santander's open-source organization on GitHub, with 14 repositories under the Apache 2.0 license (and CC BY 4.0 for datasets). According to the repository, it includes a mechanical governance framework for LLMs, a synthetic fraud graph generator, a vendor-agnostic bridge for OpenAI/Bedrock/Gemini, robustness datasets, and research code on algorithmic discrimination. Santander adopted the European playbook: collaborate on infrastructure, compete on product. What is not a competitive differentiator (guardrails, bridges, synthetic data) becomes open-source. What is core (proprietary models, customer data) stays closed.

No. According to the organization's README on GitHub, Santander's OSPO (Open Source Program Office) runs automated scans before publishing to ensure nothing internal leaks. Everything uses synthetic or anonymized data. Zero real customer data. The gen-fraud-graph generates synthetic fraud graphs; the sota-stressed-datasets generates data with noise, ambiguity, and contradictions. No customer data leaves the bank.

According to Evident, an AI benchmarking company for the financial sector, Capital One, Bank of America, and JPMorgan hold 75% of banking AI patents. Santander went in the opposite direction: it opened the non-core. It is the European innovation playbook — collaborate on basic infrastructure, compete on the final product. US banks protect IP; Santander shares infrastructure to accelerate the ecosystem and attract talent. 5 of the 12 code repositories are directly about security, governance, and AI fairness — positioning that works as both leadership and recruitment.

According to the organization's README on GitHub, the OSPO has two tracks: Fast Track (SLA under 4 hours for forks, datasets, generic SDKs) and Full Track (2-4 weeks for models and frameworks with IP, with review by the FOSS Review Board — OSPO Lead + Legal + CISO + Architect). It has a CLA based on the Apache ICLA. It has automated scans that verify code before publishing. Everything uses synthetic or anonymized data. The process is industrialized — not a loose repository, but a structured program with security and legal review.

Blog — Get in Touch

Have a question about our articles or services? Our team is ready to help.

Schedule a Meeting

Book a time slot.

Schedule Now

Email

Send us a message.

[email protected]

WhatsApp

Quick conversation.

Address

Avenida Paulista, 1636 - São Paulo - SP - 01310-200

Tech86 Specialist

Online now

Hello! How can we help scale your business today?

Tech86 Engineering

We Value Your Privacy

We use cookies and similar technologies to optimize your experience, analyze site traffic, and personalize content. By clicking "Accept All", you agree to the use of all cookies. Read our Privacy Policy.