Britain’s top banking regulator has warned that artificial intelligence-driven cyber security threats represent the most significant emerging risk facing lenders, citing growing concerns that increasingly powerful AI tools could be exploited by malicious actors.

Sam Woods, chief executive of the Prudential Regulation Authority (PRA), told the Financial Times on 4 June that vulnerabilities in banks’ technology systems exposed by advanced AI models were a major concern. “If I had to point to an area where it feels to me like it is unsettled and it could lead to a significant problem, this would be top of the list,” he said.

Woods linked the heightened threat to a deteriorating geopolitical environment, arguing that ongoing international conflicts had increased cyber security risks for financial institutions. He said the combination of sophisticated AI capabilities and hostile actors had elevated concerns about the resilience of banking infrastructure.

The Financial Times reported that Woods’ concerns have intensified following the launch of Anthropic’s Claude Mythos Preview, an AI model introduced in April with restricted access because of its ability to identify previously unknown software vulnerabilities. Anthropic announced this week that access would be expanded to 150 organisations across 15 countries, with Woods indicating that some UK banks are expected to participate.

According to Woods, banks need to increase both the speed and volume of software patching, identify higher-risk open-source components within their systems and prioritise cyber security work within broader technology programmes. He added that it was not “plausible” for the PRA to regulate banks’ use of AI while the technology was evolving so rapidly.

The regulator’s current focus remains on how banks use AI in areas such as customer service and financial crime prevention. Woods said the PRA would become more concerned if institutions began relying on AI to make critical decisions relating to capital requirements and risk management.

Woods’ comments come as both banks and regulators increase investment in AI technologies. The PRA is reducing its workforce by around 150 employees, equivalent to 10 per cent of staff, through voluntary redundancies in order to redirect resources towards technology and AI initiatives. Woods said he regretted not “pushing harder” to modernise the regulator’s technology capabilities earlier.

The outgoing PRA chief also cautioned against weakening post-financial crisis safeguards. While supporting limited adjustments to capital rules and acknowledging that some reforms, including restrictions on bankers’ bonuses, had gone too far, Woods warned: “It would be a historic error to take a large amount of capital out of the UK banking system.”

---