The financial system relies on shared digital infrastructure that’s highly interconnected, including software, cloud services, and networks for payments and other data. Advanced AI models can dramatically reduce the time and cost needed to identify and exploit vulnerabilities, raising the likelihood of simultaneously discovering and targeting weaknesses in widely used systems. As a result, cyber risk is increasingly about correlated failures that could disrupt financial intermediation, payments, and confidence at the systemic level.

As an example, Anthropic’s recent controlled release of its Claude Mythos Preview, an advanced AI model with exceptional cyber capabilities, underscored how quickly risks are increasing. Mythos could find and exploit vulnerabilities in every major operating system and web browser—even when used by non-experts. This foreshadows how fast‑moving, AI‑driven cyber risks could destabilise the financial system if not managed carefully, and why authorities must focus on building resilience through supervision and coordination—rather than treating these developments as purely technical or operational issues.

On the other hand, Open AI’s specialised, restricted cyber version of GPT‑5.5 assumes vulnerabilities and attacks will grow, and emphasises equipping defenders more quickly and at scale, under appropriate governance and trusted access models.

Advances change risk equation

Models such as Mythos illustrate the nature of the challenge because they amplify existing cyber attack techniques by operating at machine speed. Attackers have the advantage over defenders because discovering and exploiting vulnerabilities can occur faster than patching and remediation. In a financial system built on common software and shared service providers, this can create simultaneous vulnerabilities across many institutions.

For now, some mitigating factors remain. Advanced AI cyber capabilities are not yet widely available, and closed, industry‑specific financial software is harder to target than open‑source infrastructure. But these buffers are likely to erode quickly as model training expands, capabilities diffuse, and leaks occur. Temporary containment is unlikely to substitute for durable defences.

Financial stability implications include systemic risk, risks cutting across sectors that rely on the same infrastructure, and concentrated risks rippling through many institutions, all of which combined, elevate cyber risk to a potential macro-financial shock with disruptions to payments, liquidity strains and many institutions being affected simultaneously.

International cooperation

The Mythos episode also highlights governance challenges. Cyber risk does not respect borders. As AI capabilities spread across countries, inconsistent oversight could weaken a globally interconnected system.

Emerging and developing economies, which often have more severe resource constraints, may be disproportionately exposed to attackers targeting regions with weaker defences. That’s why stronger international coordination, more information sharing, and expanded capacity development are critical to preserving global financial stability.

As AI reshapes the cyber landscape, the central question for authorities is whether the financial system can continue to function under severe stress. In conclusion, according to the IMF, answering that question requires putting systemic risk—and the tools to manage it—at the centre of the AI‑cyber conversation.