IMF warns that AI is amplifying cyberattacks and threatening financial stability
The International Monetary Fund said advanced AI models are making it faster and cheaper for attackers to find and exploit vulnerabilities in financial systems, creating risks that could disrupt payments, undermine confidence, and trigger broader market instability.
The warning comes as frontier AI models demonstrate capabilities that alarm security experts. In April, Anthropic released Claude Mythos, an advanced model that researchers found could identify and exploit vulnerabilities in every major operating system and web browser-even when used by people without technical expertise.
The IMF said Mythos "underscored how quickly risks are increasing." Models operating at machine speed can amplify existing cyberattack techniques across financial infrastructure faster than human defenders can respond.
Why AI-driven attacks pose systemic risk
Financial institutions rely on shared digital infrastructure: common software platforms, cloud services, and payment networks. When AI discovers a vulnerability in widely used systems, attackers can target multiple institutions simultaneously.
The IMF identified three factors that elevate AI-enabled cyber risk to a macro-financial threat:
- Risks are systemic. When discovery and exploitation scale rapidly, attacks become more dangerous across many institutions at once.
- Risks cross sectors. Financial services share digital foundations with energy, telecommunications, and public services, so breaches can cascade across industries.
- AI concentrates failure. A single exploited weakness in shared software or cloud infrastructure can ripple across dozens of institutions.
If multiple financial institutions are breached simultaneously, the consequences could include payment disruptions, liquidity strains, and fire-sale dynamics that undermine confidence in the entire system.
How financial institutions should respond
The IMF said AI itself is part of the solution. Financial institutions increasingly use AI tools to detect threats, prevent fraud, and respond to incidents faster than humans can. AI can also identify vulnerabilities during development rather than patching them after systems go live.
But attackers still have the advantage. Discovering and exploiting vulnerabilities happens faster than patching and remediation.
The IMF recommended three core strategies:
- Make resilience a priority. Controls that stop attacks from spreading can prevent local breaches from escalating into system-wide disruptions. Cyber stress testing, scenario analysis, and board-level oversight of cyber risk are essential.
- Use AI for defense. When attackers operate at machine speed, defenders must do the same. This requires institutions to invest in integration, governance, and human oversight-areas supervisors need to assess.
- Strengthen international coordination. Inconsistent oversight across countries weakens a globally interconnected system. Stronger information sharing and capacity development are critical, especially for emerging and developing economies facing resource constraints.
The IMF said the challenges posed by advanced AI models must be addressed through "resilience, supervision, and international coordination." Without these measures, financial markets remain vulnerable to attackers equipped with the latest AI tools.
For finance professionals managing these risks, understanding both the attack surface and defense mechanisms is critical. Learn more about AI for Finance and AI for Cybersecurity Analysts to stay current with evolving threats and defenses.
Your membership also unlocks:
