IMF Warns AI Has Made Cyber Risk a Financial Stability Threat

Forrester’s Allie Mellen on Preparing for a Mythos-Level Surge in Vulnerabilities

Jennifer Lawinski •
May 13, 2026    

See Also: AI Impersonation Is the New Arms Race-Is Your Workforce Ready?

Attackers can now wield powerful AI tools to infiltrate the financial system, lowering the barrier of entry for would-be cybercriminals while simultaneously speeding up the pace of onslaught. The shared digital infrastructure underpinning much of the finance industry – software, cloud providers and payment networks – creates an even greater risk, the IMF wrote in a May 7 blog post. The fund warned that a single vulnerability discovered and exploited across dozens of institutions could be devastating for the global financial ecosystem.

“Financial services firms are the ones pretty much leading the charge on addressing the risks posed by AI to their organizations from a vulnerability standpoint,” said Allie Mellen, principal analyst at Forrester. Compliance requirements, the elevated cost of breaches in financial services and direct executive attention have pushed the sector ahead of most industries, Mellen said.

New models are compounding the problems, creating an uneven playing field while putting AI everywhere all at once, playing offense and defense, and also deeply embedded into the data and systems being defended.

Anthropic’s Project Glasswing has given limited access to its Claude Mythos Preview model to a select group of organizations to find and patch zero-day vulnerabilities before the model is released in the wild, giving defenders a head start, but the frontier model has found thousands of previously unknown vulnerabilities, many of which endured through decades of code review.

And while AI compounds the risk landscape, AI firms are pitching products and services that embed AI across enterprise systems. Last week Anthropic pitched financial services executives on a suite of new AI agents and products built for the sector. This week, OpenAI launched Daybreak, an AI vulnerability scanning initiative with enterprise partners including Cloudflare, Cisco, CrowdStrike, Oracle and Zscaler. Daybreak runs on GPT 5.5 and 5.5 cyber versions and will help “accelerate cyber defenders and continuously secure software.”

Mythos is still only accessible by approved partners, but Mellen said Anthropic is gatekeeping “because they have to.” The offensive capabilities that make Mythos dangerous to release into the wild are the same ones that enable robust defenses. But this system exacerbates one of the IMF’s core arguments – that not all parts of the financial sector have access to the same tools and defenses, creating weaknesses that could have devastating consequences.

Access to cutting-edge AI capabilities “is size-dependent,” Mellen said. “We’re not going to see that if we go down market into some of these smaller financial institutions.” Regional banks, credit unions and smaller financial firms are operating in the same threat environment as JPMorgan with a fraction of the security resources.

The IMF’s most alarming doomsday scenario imagines that AI attackers could find and exploit a vulnerability common across dozens of institutions simultaneously, bringing down a whole system with a single bug.

While this mega breach is possible in theory, it hasn’t happened and the nature of individual enterprise architectures would make it unlikely, Mellen said. A flaw that allows privilege escalation inside one firm’s environment may not be accessible from the outside at another. “We haven’t seen any evidence that there’s going to be a chained and coordinated multi-stage attack that affects multiple financial services firms at this time,” she said.

The more concrete threat comes from the sheer tempo of change in the vulnerability landscape, Mellen said. Gone are the days of predictable Patch Tuesdays, where vulnerabilities were patched on periodic schedules. “It is likely that we’re going to have to have a much more frequent patching schedule than we have had before, because we’re going to be finding things much faster,” Mellen said.

Development and security teams will manage more vulnerabilities, demanding faster triage and remediation, and that will require tighter alignment, she said.

The IMF encourages policymakers to prioritize resilience over prevention and accept that defenses will be breached and that IT teams should focus on containment and recovery to keep local breaches from becoming systemic attacks.

Mellen disagrees with that recommendation. With the volume of alerts expected to increase dramatically, she said financial institutions should prioritize detection and prevention over response and recovery, especially if they won’t have increased headcount.

“I would put as much as you can, especially now, into establishing appropriate prevention capabilities, into understanding your attack surface, into building better workflows that are more dynamic and give you better quality detections for the attacks coming in,” she said.

The cyber-capability challenge is also compounded by the challenges of creating governance and cooperation across a globally interconnected system. “Cyber risk does not respect borders,” the IMF said. Developing nations and countries with more severe resource constraints could be targeted, and even a CEO’s public statement or a government contract could put a target on an enterprise’s back.

Anthropic decided to limit access to Mythos in certain geographies. As countries develop their own regional AI models – from China’s DeepSeek to Mistral AI in Europe to ChatGPT and Claude in the United States – geopolitics needs to be a part of the AI risk calculation for the finance industry, Mellen said.

“You need to be having regular geopolitical risk conversations that delve into the core geopolitical changes that have been happening and how they can affect your business,” she said.

Mellen said that despite the challenges facing the industry, she is cautiously optimistic that the financial system will be able to weather the coming storm if companies make the right decisions and investments now.

“Mythos, in particular, has given us an opportunity to make those changes, to prioritize patching and application security measures that we had not previously invested in,” she said. “And we need to take advantage of that opportunity and that moment, and that visibility, in order to make the changes that we need to protect the systems that we have.”