IMF Warning: AI Cyber Threats Could Shake Finance

The International Monetary Fund has issued a stark warning about the future of cybersecurity. In an article published on 7 May, the IMF said that, in the hands of bad actors, the next generation of AI will "undermine financial stability".

The warning comes as advanced AI models have displayed their prowess in exploiting cyber risk by allowing attackers to scale operations rapidly across interconnected systems relied upon by banks, payment providers and financial institutions. 

Severe cyber incidents could have a plethora of consequences such as triggering funding pressures, damaging confidence and disrupting wider markets if multiple institutions are hit simultaneously.

As financial firms become more reliant on shared digital infrastructure – panning across cloud platforms, software providers and payment networks – IMF notes that this concentration of technology providers greatly increases the risk of a single weakness, spreading fast across the wider financial system.

“AI in cybersecurity offers huge potential to improve detection, speed up response times, and strengthen defences,” says Andy Ward, SVP International at Absolute Security. 

“However, with emerging AI tools such as Claude Mythos, cyber threats are also becoming smarter and faster. 

“In the wrong hands, it is inevitable that businesses will face increasingly sophisticated attacks. Without robust cyber resilience strategies and real-time visibility, the finance sector risks sleepwalking into deeper vulnerabilities.”

AI cyber tools increase risks for banks 

IMF shed light on the growing concern around advanced AI cyber models which are capable of automating attacks at machine speed. 

The report picked up Anthropic’s latest model, Claude Mythos Preview and as an example of how rapidly these capabilities are evolving.

With tools of this nature that can dramatically bring down the time and cost required to identify weaknesses in heavily guarded operating systems and browsers, the power dynamics shift, making even the less experienced attackers more dangerous. 

The organisation warned that offensive capabilities may soon outpace existing cyber defences.

IMF argues that cyber threats are no longer isolated operational issues but increasingly systemic financial risks. 

A successful attack affecting shared infrastructure could potentially disrupt payments, restrict access to liquidity and create wider instability across markets.

The fear is a shared one, with Governor of the Bank of England, Andrew Bailey warning that AI systems could “crack the whole cyber risk world open”.

Financial firms urged to prioritise cyber resilience

The solution to the AI cyber problem, according to the IMF is AI, which could also strengthen cyber defence if deployed responsibly. 

Financial institutions are already using capable AI tools to detect fraud, identify vulnerabilities and improve incident response times.

However, the organisation said prevention alone would not be enough, warning that cyber breaches are ultimately inevitable. 

“Defenses will inevitably be breached, so resilience must also be a priority, specifically to limit how far incidents spread and ensure rapid recovery,” IMF notes. 

“Controls to stop the spread of attacks can prevent local breaches from escalating into system‑wide disruptions. These measures are often costly and complex, but they are among the most effective tools for containing AI‑enabled attacks.”

The IMF warned that emerging markets could be disproportionately vulnerable due to weaker cyber resilience and limited resources. 

As AI capabilities become more widely available, the organisation said inconsistent regulation and oversight between countries could create weak points within the global financial system.

Datactics CEO Stuart Harvey also warned that poor data management could make cyber incidents more damaging.

“If your data is a mess, then security teams don’t stand a chance in the event of a cyber attack or data breaches,” he said. 

“Messy data increases exposure and makes breaches harder to contain. Good security starts with good data discipline and if you don’t know your data, you can’t protect it.”

Recognising the risk, the IMF has called for greater international cooperation, stronger information sharing and improved cyber resilience standards to reduce the risk of large-scale disruption.

It also urged regulators to treat cybersecurity as a core financial stability issue rather than simply a technical challenge, warning that the pace of AI development means authorities must move quickly to strengthen defences before risks escalate further.