UK banking regulator warns AI-driven cyber risks are a top threat

In short: The UK’s main banking safety regulator says AI is increasing cyber security risks for banks and it is now one of his biggest concerns.

What happened

Sam Woods, the outgoing chief executive of the Bank of England’s Prudential Regulation Authority (PRA), told the Financial Times that he is “very concerned” about weaknesses in banks’ IT systems. He said AI-related cyber security risk is “top of the list” of unsettled threats that could lead to serious problems.

Woods said global tensions are making the situation worse, because there are more “bad actors” who may try to attack banks online. Cyber security means protecting computer systems from break-ins, like putting stronger locks and alarms on a house.

His warning comes as more powerful AI models are released. He pointed to Anthropic’s Claude Mythos Preview, which Anthropic launched in April with limited access, saying it could find hidden weaknesses in IT systems and could be misused for hacking. Anthropic has since said it will expand access to 150 organisations across 15 countries, and Woods said some UK banks are expected to be included.

Woods said banks should speed up “patching,” which means quickly installing software fixes, like repairing a known hole in a fence. He also said banks should map which parts of their systems are most risky, including some open-source code (software building blocks shared publicly).

Why it matters

If attackers can use AI to spot weak points faster, banks may face more data theft and service outages, which can affect everyday people trying to access money and make payments. Woods also said it is not realistic for the PRA to tightly regulate banks’ use of AI while the technology is moving so fast.

Source: Financial Times