IMF: AI-driven cyberattacks could spark financial crisis

The International Monetary Fund wrote in a May blog post that AI-driven cyberattacks could disrupt payment systems, push firms toward insolvency and strain market liquidity.

The IMF noted many banks and other financial institutions rely on the same cloud providers and digital infrastructure. A single exploited flaw in shared systems could cascade across banks, clearinghouses and other critical services.

The warning followed the release of Anthropic’s AI model, Mythos. Anthropic limited access through Project Glasswing, distributing the model to 40 firms it identified as critical, including Nvidia, Apple, Amazon Web Services and Microsoft. The company provided British banks with access at the end of April, prompting rapid risk assessments by UK regulators.

Anthropic chief executive Dario Amodei has announced plans to work with government officials to support defense efforts in the United States and allied countries.

An independent report published in April found Mythos effective at detecting software and cyber risks but cautioned that future models are likely to be more capable. Security researchers have urged firms to use AI tools to find weaknesses while tightening controls on how those tools are used.

The IMF urged institutions to focus on integration, strong governance and human oversight when deploying AI-based scanners. It advised firms to strengthen business continuity and disaster recovery plans, cyber and quality assurance programs, and everyday cyber hygiene.

“Without robust cyber resilience strategies and real-time visibility, the finance sector risks sleepwalking into deeper vulnerabilities,” warned Andy Ward, international senior vice-president at Absolute Security.

In an April speech at Columbia University, Bank of England governor Andrew Bailey said Mythos might “crack the whole cyber risk world open.” His remarks underlined concerns that AI could lower the skill barrier for finding and exploiting software faults.

The IMF called for greater international cooperation, clearer regulatory standards for model deployment and security testing, and faster information sharing between governments and the private sector. The fund noted emerging economies may be more exposed because they often depend on international services and shared infrastructure.