Artificial Intelligence andCybersecurity in the Financial Tobias Adrian, Tamas Gaidosch, Marina Moretti, Mahvash Qureshi,and Rangachary Ravikumar NOTE/2026/005 ©2026 International Monetary Fund Artificial Intelligence and Cybersecurity in the Financial Sector* NOTE/2026/005 Tobias Adrian, Tamas Gaidosch, Marina Moretti, Mahvash Qureshi, and Rangachary Ravikumar DISCLAIMER: The IMF Notes Series aims to quickly disseminate succinct IMF analysis on critical economicissues to member countries and the broader policy community. The views expressed in IMF Notes are those ofthe author(s), although they do not necessarily represent the views of the IMF, or its Executive Board, or its ABSTRACT:Artificial intelligence (AI) is reshaping cyber risk in the financial sector by accelerating the speed,frequency, and breadth of vulnerability discovery and potential exploitation.AsAIbecomes more deeplyembedded infinancial institutions and market infrastructures,it canstrengthen cyber defense but also heightensystemic risk—particularly through shared digital infrastructure, common service providers, and machine-speedattack–defense dynamics that outpace human response. ThisNote argues that the main financial stabilityconcern lieslessin new types of cyberattacksthanin the scale effects AI can unleash across commontechnologies, amplifying how quickly and widely risks spread.Strong governance, technical controls that limit RECOMMENDED CITATION: Adrian, Tobias, Tamas Gaidosch, Marina Moretti, Mahvash Qureshi, andRangachary Ravikumar. 2026. “Artificial Intelligence and Cybersecurity in the Financial Sector.”IMF Note2026/005, International Monetary Fund, Washington, DC. Publication orders may be placed online, by fax, or through the mail: International Monetary Fund, Publications ServicesP.O. Box 92780, Washington, DC 20090, USATel.: (202) 623-7430 Fax: (202) 623-7201Email:publications@imf.orgbookstore.IMF.orgelibrary.IMF.org *We would like tothank Eugenio Cerruti, EraDabla-Norris, Majid Malaika, Anh Nguyen, Marcos Poplawski-Ribeiro, EmmaRockall, Frankosiligi Solomon,and HerveTourpefortheirhelpful comments. The views expressed in thisNote are those ofthe authors and do not necessarilyrepresentthe views of the IMF, its Executive Board, or IMFmanagement. Contents Introduction..........................................................................................................................................................5The AI Cybersecurity Threat Landscape.............................................................................................................6Evolution of AI-Enabled Cyber Threats............................................................................................................6Dual-Use Dynamics and the Offense–Defense Balance.................................................................................7Frontier AI and Autonomous Offensive Capabilities........................................................................................8Financial Stability Implications.............................................................................................................................8Shared Infrastructure Risk...............................................................................................................................8Third-Party Concentration Risk........................................................................................................................9AI-Enabled Fraud, Social Engineering, and Market Integrity...........................................................................9Operational Resilience.....................................................................................................................................9AI as a Force Multiplier for Cyber Defense....................................................................................................10Emerging International Policy and Regulatory Frameworks.............................................................................11IMF Surveillance Work...................................................................................................................................11Financial Stability Board.................................................................................................................................11IOSCO and Securities Markets Regulators...................................................................................................12BIS, Central Banks, and Prudential Supervisors...........................................................................................12The European Union’s Regulatory Framework..............................................................................................12The United Kingdom’s Approach...................................................................................................................12The United States’ Framework...................................................