A security operations analyst is hunched over at their desk in the office, analysing an alert pattern that flags as highly unusual. Upon further investigation, it seems like the potential hack is an automated initiation. In industry terms, artificial intelligence (AI) and machine learning have a hand in it.

Recently, BaFin, Germany’s Federal Financial Supervisory Authority, has flagged serious AI-driven cyber risks owing to the fast-paced development of AI models such as Anthropic Mythos. 

Cybersecurity risks in light of AI advancements have been in the limelight for a while now, considering that AI regulations are still new and relatively subjective. 

em360tech image

Reuters reported, BaFin warned earlier today that cyber risks were “growing” and “substantial” because of the AI advancement. The federal institution declared a “new division” with the responsibility to undertake “targeted inspections at financial firms.”

The German Federal institution’s President Mark Branson explained in an official statement that new AI models now possess the ability to spot weaknesses in computer systems at extremely high speed.

"These new AI models can identify many vulnerabilities in both new and existing IT systems with remarkable speed," said Branson. "They will be able to exploit the vulnerabilities they find ever more rapidly."

Hailing it as an “urgent and essential investment”, BaFin’s President added that the financial industry can afford to strengthen cybersecurity.

Also Watch: How to Prepare for AI Agents at Work

Inception of Anthropic Mythos, the Culprit?

The truth of the matter is that the inception of AI models like Claude Mythos by Anthropic has resulted in challenges for the global banking industry. 

Challenges such as accessing and rapidly testing new technologies for standard regulations to be set up. This continues to shed light on the degree of preparation by financial institutions worldwide. 

Banks fear falling behind competitors, especially if they don’t promptly comprehend and adopt AI use cases despite their cybersecurity risk concerns. 

Claude Mythos is believed to be so robust that it can rapidly detect vulnerabilities in banking systems, automate complex analysis, and possibly alter fraud detection, trading, operations, and cyber defence. 

Owing to such potentials, banks are racing both to gain access to the technology for competitive advantage and to study how to protect themselves against the new risks it introduces.

Globally, regulators are worried about Anthropic’s latest Mythos launch, as several financial enterprises continue to rely on traditional legacy IT systems. 

These old IT systems may still carry hidden vulnerabilities. To top that, the adoption of AI tools has the potential to expose those vulnerabilities rapidly and on a large scale.

The official announcement by the German authorities has had worldwide repercussions, including a few US banks that have reportedly gained access to Claude’s Mythos. 

Also Read: Anthropic Mythos Breach Raises New Questions About AI Access Control

Why Cybersecurity Spending Needs an Urgent Rise?

BaFin’s President believes that the boost in cybersecurity expenditure across the financial sector could ultimately help in reacting faster to those rapidly developing, unpredictable AI technologies. 

The finding would be used to create a new division that will initiate targeted “IT spotlight” inspections at financial firms. The inspections will focus on full-scale audits, authorising regulators to investigate more enterprises on a bigger scale. Additionally, it would also allow regulators to react faster in the face of new, obscure emerging cyber threats and incidents.

The consensus among regulators points to broader concerns regarding AI changing the nature of cyberattacks.

Up until three years ago, a team of cybersecurity operations analysts and experts were tasked to manually spot vulnerabilities in software and banking infrastructure. Now, AI and machine learning are paving the way for automated anomaly detection. 

Such AI tools and technology help attackers move at machine speed while the attacked organisations are still catching up to the adoption of AI. 

Regulators therefore see AI not only as a powerful business tool for banks, but also as a major cybersecurity challenge that could threaten financial stability if institutions are not prepared.

Also Watch: Is Your Holiday Traffic Human—or AI-Driven and Under Attack?