A warning issued by the IMF on May 7 has injected fresh urgency into the debate surrounding artificial intelligence and financial security.

In a blogpost published on its website, the Fund has cautioned that the rapid evolution of AI could threaten global financial stability by enabling increasingly sophisticated cyberattacks against critical financial infrastructure.

Using the example of Claude Mythos – a highly advanced, next-generation AI model developed by Anthropic – the IMF has highlighted how swiftly such advanced AI systems can reduce the time, expertise, and cost required to detect and exploit vulnerabilities.

AI’s more strident evangelists have long dismissed even measured warnings about its risks as the mutterings of Luddites resistant to technological progress. Yet when an institution as consequential as the IMF sounds the alarm over the cybersecurity threats AI poses to the global financial system through its ability to amplify cyberattacks, destabilise financial networks and expose systemic vulnerabilities across borders, such caution becomes far harder to deride.

The question is no longer whether AI will transform global finance as that reality is already upon us. The real challenge now is whether governments, regulators and financial institutions can move with sufficient urgency to contain the dangers accompanying this transformation while still harnessing AI’s immense potential for efficiency, inclusion, and growth.

The emergence of Mythos, in particular, has offered a highly unsettling glimpse into how rapidly AI is outpacing existing safeguards. Withheld from public release last month because of fears over the scale of the cybersecurity threats it could unleash, the model possesses the ability to identify and exploit previously unknown ‘zero-day’ vulnerabilities in major operating systems and web browsers with alarming speed and sophistication.

More troubling still is that AI systems are lowering the technical barriers for malicious actors, reducing the need for highly specialised expertise to exploit such flaws. Zero-day vulnerabilities are especially dangerous because organisations remain unaware of them until after they have been exploited, leaving no opportunity to patch weaknesses before an attack occurs.

Reports that unauthorised individuals may nonetheless have gained access to Mythos have only intensified anxieties over whether even the companies developing these technologies can contain them once progress gathers momentum.

What this episode underscores is the urgent need for governments and regulators worldwide to more effectively and swiftly challenge the power and autonomy of technology giants and AI firms, which for years have largely been permitted to innovate faster than oversight mechanisms can evolve. Exacerbating matters is the speed with which breakthroughs in AI capabilities can be replicated across industries, including by open-source developers whose models can become freely available with few meaningful safeguards.

In the context of global finance, the dangers are especially acute because of the highly interconnected nature of financial systems.

A vulnerability exploited within one institution, platform or cloud provider could trigger cascading disruptions across banking networks, payment systems and capital markets far beyond the original point of breach.

As the IMF has warned, these risks are systemic and carry the threat of contagion across sectors and borders, as growing dependence on a small number of dominant digital platforms magnifies the impact of any single compromised system. Its call for a far more robust regulatory and policy response by governments, one that treats cybersecurity as a central pillar of financial stability, is therefore timely and necessary.

While advanced economies may still possess the resources, institutional capacity and knowledge base to withstand such threats, emerging economies with weaker digital defences, and limited technical expertise and financial resources could prove far more vulnerable. That reality alone should compel far greater international cooperation before the consequences of regulatory inertia surrounding AI become impossible to contain.