By Tobias Adrian, Tamas Gaidosch, Rangachary Ravikumar
WASHINGTON DC., May 8, 2026 — Artificial intelligence [AI] is transforming how the financial system copes with vulnerabilities and reacts to incidents. Yet it is also amplifying cyber threats that can undermine financial stability when the offensive capabilities of intruders outpace defences.
IMF analysis suggests that extreme cyber‑incident losses could trigger funding strains, raise solvency concerns, and disrupt broader markets.
The financial system relies on shared digital infrastructure that’s highly interconnected, including software, cloud services, and networks for payments and other data. Advanced AI models can dramatically reduce the time and cost needed to identify and exploit vulnerabilities, raising the likelihood of simultaneously discovering and targeting weaknesses in widely used systems. As a result, cyber risk is increasingly about correlated failures that could disrupt financial intermediation, payments, and confidence at the systemic level.
Anthropic’s recent controlled release of its Claude Mythos Preview, an advanced AI model with exceptional cyber capabilities, underscored how quickly risks are increasing. Mythos could find and exploit vulnerabilities in every major operating system and web browser—even when used by non-experts. This foreshadows how fast‑moving, AI‑driven cyber risks could destabilize the financial system if not managed carefully, and why authorities must focus on building resilience through supervision and coordination—rather than treating these developments as purely technical or operational issues.
On the other hand, OpenAI’s specialized, restricted cyber version of GPT‑5.5 assumes vulnerabilities and attacks will grow, and emphasizes equipping defenders more quickly and at scale, under appropriate governance and trusted access models.
Advances change risk equation
Models such as Mythos illustrate the nature of the challenge because they amplify existing cyberattack techniques by operating at machine speed. Attackers have the advantage over defenders because discovering and exploiting vulnerabilities can occur faster than patching and remediation. In a financial system built on common software and shared service providers, this can create simultaneous vulnerabilities across many institutions.
For now, some mitigating factors remain. Advanced AI cyber capabilities are not yet widely available, and closed, industry‑specific financial software is harder to target than open‑source infrastructure. But these buffers are likely to erode quickly as model training expands, capabilities diffuse, and leaks occur. Temporary containment is unlikely to substitute for durable defenses.
Financial stability implications
The new AI‑enabled cyber tools focus the discussion on financial stability:
Risks are systemic. Attacks become more dangerous when discovery and exploitation scale rapidly, with implications for financial stability.
Risks cut across sectors. The financial sector shares digital foundations with energy, telecommunications, and public services. That means AI‑assisted attacks can propagate across sectors that rely on the same infrastructure.
AI may further concentrate risk and failures with one vulnerability rippling across many institutions. Reliance on a small number of software platforms, cloud providers, or AI models increases the impact of any single exploited weakness.
These features elevate cyber risk to a potential macro‑financial shock. Confidence effects, payment disruptions, liquidity strains, and fire‑sale dynamics could follow if multiple institutions are affected simultaneously. For financial authorities, the question is whether the system is prepared to absorb cyber incidents without destabilizing core financial functions.
AI in cyber defense
AI is also a critical part of the solution. When attackers operate at machine speed, defenders must do the same. Financial institutions increasingly use AI‑supported tools to detect threats, prevent fraud, identify vulnerabilities, and respond to incidents.
AI also can help reduce vulnerabilities at the development stage rather than patching them after release. For widely used financial infrastructure, these gains can meaningfully reduce systemic exposure. But these benefits will materialize only if institutions invest in integration, governance, and human oversight—areas that supervisors increasingly need to assess. This also includes business continuity and disaster recovery, cyber and quality assurance programs, and good cyber hygiene practices.
Resilience-first policy framework
AI-driven cyber risk demands a policy response that treats cybersecurity as a core financial stability issue. Existing measures remain relevant, but they must be expanded and sharpened for a world of faster, automated, and increasingly sophisticated attacks. Policymakers should prioritize robust resilience standards, supervision focused on systemic transmission channels, and close public-private collaboration on threat intelligence and incident response.
Defences will inevitably be breached, so resilience must also be a priority, specifically to limit how far incidents spread and ensure rapid recovery. Controls to stop the spread of attacks can prevent local breaches from escalating into system‑wide disruptions. These measures are often costly and complex, but they are among the most effective tools for containing AI‑enabled attacks.
From a supervisory perspective, this underscores the need to focus not only on prevention, but on response, recovery, and continuity of critical functions. Cyber stress testing, scenario analysis, and board‑level oversight of cyber risk are becoming indispensable components of financial stability frameworks.
International cooperation is vital
The Mythos episode also highlights governance challenges. Cyber risk does not respect borders. As AI capabilities spread across countries, inconsistent oversight could weaken a globally interconnected system.
Emerging and developing economies, which often have more severe resource constraints, may be disproportionately exposed to attackers targeting regions with weaker defenses. That’s why stronger international coordination, more information sharing, and expanded capacity development are critical to preserving global financial stability.
As AI reshapes the cyber landscape, the central question for authorities is whether the financial system can continue to function under severe stress. Answering that question requires putting systemic risk—and the tools to manage it—at the center of the AI‑cyber conversation.
Buy your copy of thecooperator magazine from one of our country-wide vending points or an e-copy on emag.thecooperator.news
