UK Financial Regulators Warn Banks to Defend Against Frontier AI Cyber Threats
The Bank of England, Financial Conduct Authority and Treasury issued a joint statement on May 15 requiring UK financial services firms to strengthen defenses against cyber attacks powered by frontier AI models.
The three bodies said frontier AI systems already perform cyber attacks faster, at greater scale and more cheaply than skilled human attackers. As these models advance, the risks to firm safety, customer protection and financial stability will grow.
"Firms that have underinvested in core cybersecurity fundamentals are likely to become progressively more exposed," the statement said.
What Regulators Want From Financial Services Firms
Governance and strategy: Boards and senior management must understand frontier AI risks and fund defenses accordingly. This includes protecting legacy systems and obtaining cyber insurance.
Vulnerability management: Firms need to identify, prioritize and fix security gaps rapidly and at scale, using automation where feasible.
Third-party risk: Financial services firms must manage frontier AI threats across their supply chains, including open source software. They should monitor and control external applications, libraries and services integrated into their operations.
Protection: Deploy access controls, network segmentation and data protection measures. The regulators recommend using automated and AI-enabled defenses to match the speed of AI-driven attacks.
Response and recovery: Firms must be able to respond to disruptions and recover operations quickly, in line with cyber resilience guidance published in October 2025.
Next Steps for Management
The regulators will continue monitoring frontier AI developments through the Cross Market Operational Resilience Group. Financial services firms should consult resources from the UK National Cyber Security Centre on vulnerability management, frontier AI fundamentals and using AI to detect security gaps.
Management teams responsible for technology budgets and strategy should review AI for Executives & Strategy to understand how frontier AI changes the cyber risk equation. Those overseeing security teams may benefit from the AI Learning Path for Cybersecurity Analysts, which covers practical approaches to managing AI-driven threats.
Your membership also unlocks:
