WASHINGTON—Artificial intelligence is rapidly reshaping cybersecurity risks facing the global financial system and now poses a potential systemic threat to banks, credit unions and other financial institutions, according to a new warning from the International Monetary Fund, as security experts caution that AI-powered attacks are accelerating faster than many organizations can defend against them.
The IMF warned in a May 7 blog post that attackers can now use advanced AI tools to infiltrate financial systems, lowering the barrier to entry for cybercriminals while increasing the speed and scale of attacks. The IMF said the financial sector’s reliance on shared digital infrastructure—including software providers, cloud platforms and payment networks—creates the risk that a single vulnerability exploited across multiple institutions could have cascading consequences throughout the global financial system, BankInfoSecurity said.
“Financial services firms are the ones pretty much leading the charge on addressing the risks posed by AI to their organizations from a vulnerability standpoint,” Allie Mellen, principal analyst at Forrester, told BankInfoSecurity, noting that compliance demands, the high cost of breaches and executive-level attention have pushed financial institutions ahead of many other industries in cybersecurity preparedness.
BankInfoSecurity reported that new AI models are simultaneously strengthening defensive capabilities while also expanding offensive risks. As CUToday.info has extensively reported, Anthropic recently provided limited access to its Claude Mythos Preview model through Project Glasswing, allowing select organizations to identify and patch vulnerabilities before broader release. The model reportedly uncovered thousands of previously unknown vulnerabilities, some of which had survived decades of code reviews. Meanwhile, OpenAI this week launched Daybreak, an AI-driven vulnerability scanning initiative with enterprise partners including Cloudflare, Cisco, CrowdStrike, Oracle and Zscaler.
Mellen told BankInfoSecurity the uneven access to advanced AI cybersecurity tools is creating additional concerns for smaller institutions. While large firms such as JPMorgan Chase may have the resources to deploy cutting-edge defenses, regional banks, credit unions and smaller financial institutions often operate in the same threat environment with significantly fewer cybersecurity resources.
The IMF urged policymakers and financial institutions to prioritize operational resilience and assume some defenses will eventually fail, focusing on containment and recovery to prevent isolated breaches from escalating into broader systemic events. Mellen, however, argued institutions should instead intensify investments in prevention, attack-surface visibility and faster patching capabilities as AI dramatically accelerates the pace at which vulnerabilities are discovered and exploited.
“We need to take advantage of that opportunity and that moment, and that visibility, in order to make the changes that we need to protect the systems that we have,” she told BankInfoSecurity.