IMF: AI Cyber Threats' Impact on Fintech Infrastructure

The International Monetary Fund (IMF) has published a warning about how AI in the hands of bad actors could "undermine financial stability".

The alert carries particular weight for fintech companies, digital payment platforms and neobanks that operate on shared infrastructure and cloud-based systems.

According to the IMF, advanced AI models can now exploit cyber risk by allowing attackers to scale operations fast across interconnected systems.

For fintech providers that rely on third-party cloud platforms, shared software providers and payment networks, this could mean a single vulnerability spreads across multiple services.

AI tools target fintech infrastructure

Fintech companies face growing exposure to AI-powered cyber threats that target the digital infrastructure they depend on.

Payment platforms, lending apps and digital banking services often share technology stacks with other financial institutions.

According to the IMF, this concentration of technology providers increases the risk of a weakness spreading across the wider financial system.

A cyber incident affecting shared infrastructure could disrupt payment processing, restrict access to liquidity and create instability across markets.

The organisation picked up Anthropic's model, Claude Mythos Preview, as an example of how fast these capabilities are evolving.

Tools of this nature could bring down the time and cost required to identify weaknesses in operating systems and browsers.

This power shift could make even less experienced attackers more dangerous, with the IMF warning that offensive capabilities may soon outpace existing cyber defences.

Neobanks and payment firms face systemic risk

Andrew Bailey, Governor of the Bank of England, warned that AI systems could "crack the whole cyber risk world open".

For neobanks and digital-first financial services, the threat is not just operational but systemic.

According to the IMF, cyber threats are no longer isolated operational issues but financial risks. A successful attack affecting shared infrastructure could disrupt payments and trigger funding pressures if multiple institutions are hit at once.

“AI in cybersecurity offers huge potential to improve detection, speed up response times, and strengthen defences,” says Andy Ward, SVP International at Absolute Security. 

“However, with emerging AI tools such as Claude Mythos, cyber threats are also becoming smarter and faster. 

“In the wrong hands, it is inevitable that businesses will face increasingly sophisticated attacks. Without robust cyber resilience strategies and real-time visibility, the finance sector risks sleepwalking into deeper vulnerabilities.”

Fintech firms urged to prioritise resilience

The IMF said AI could also strengthen cyber defence if deployed responsibly.

Financial institutions are already using AI tools to detect fraud, identify vulnerabilities and improve incident response times.

However, the organisation said prevention alone would not be enough.

According to the IMF, cyber breaches are ultimately inevitable.

“Defences will inevitably be breached, so resilience must also be a priority, specifically to limit how far incidents spread and ensure rapid recovery,” IMF notes. 

“Controls to stop the spread of attacks can prevent local breaches from escalating into system‑wide disruptions. These measures are often costly and complex, but they are among the most effective tools for containing AI‑enabled attacks.”

Emerging markets and data management gaps

The IMF warned that emerging markets could be disproportionately vulnerable due to weaker cyber resilience and limited resources.

As AI capabilities become more widely available, inconsistent regulation and oversight between countries could create weak points within the global financial system.

For fintech providers expanding into emerging markets, this could mean heightened exposure to cyber incidents.

Stuart Harvey, CEO of Datactics, warns that poor data management could make cyber incidents more damaging.

“If your data is a mess, then security teams don’t stand a chance in the event of a cyber attack or data breaches,” he says.

“Messy data increases exposure and makes breaches harder to contain. Good security starts with good data discipline and if you don’t know your data, you can’t protect it.”

Regulatory pressure on fintech sector

The IMF calls for greater international cooperation, stronger information sharing and improved cyber resilience standards to reduce the risk of large-scale disruption.

The organisation urged regulators to treat cybersecurity as a core financial stability issue rather than simply a technical challenge.

According to the IMF, the pace of AI development means authorities must move quickly to strengthen defences before risks escalate further.

For fintech companies, this could mean increased regulatory scrutiny and mandatory cyber resilience standards.

Digital payment platforms and neobanks that operate across borders may face pressure to meet different regulatory requirements in different jurisdictions.

The IMF said inconsistent standards could create vulnerabilities that bad actors exploit.