• BaFin warns AI is accelerating cyber risk across banking sector
• New AI models can rapidly identify and exploit IT vulnerabilities
• Regulator launching targeted IT inspections at financial firms
• Banks testing new AI tools face exposure from legacy systems
• Shift toward faster, more focused supervisory approaches
• Cybersecurity investment described as urgent and essential
• Global regulators increasingly focused on AI driven threats

Germany’s financial regulator has issued a stark warning that advances in artificial intelligence are rapidly increasing cyber risk across the banking sector, prompting a shift in supervisory strategy as firms struggle to keep pace with emerging threats.

BaFin said cyber risks are now “growing” and “substantial,” driven in part by new AI models capable of identifying and exploiting vulnerabilities at unprecedented speed.

The warning comes as banks globally compete to access and test new technologies, including Mythos AI model developed by Anthropic.

Speaking on the developments, Mark Branson said the capabilities of these systems represent a fundamental shift in the cyber threat landscape.

“These new AI models can identify many vulnerabilities in both new and existing IT systems with remarkable speed,” he said, adding that they will be able to exploit those weaknesses “ever more rapidly.”

The rapid adoption of such technologies has triggered concern among regulators, who are now racing to assess whether financial institutions are adequately prepared.

While some banks have already begun testing the latest AI models, including Mythos, supervisors fear that legacy infrastructure and fragmented risk controls could leave firms exposed.

In response, BaFin has announced the creation of a new supervisory division dedicated to targeted inspections of financial firms.

These reviews will focus specifically on IT resilience and cybersecurity preparedness, reflecting a move toward more agile regulatory oversight.

Branson said the approach would allow the regulator to respond more quickly to emerging threats.

“Such IT spotlight inspections take far less time than fully fledged reviews,” he said. “We can therefore complete more of them and thus respond more effectively to current developments and incidents.”

The move highlights a broader shift in how regulators are approaching technology risk.

Rather than relying solely on periodic, comprehensive reviews, authorities are increasingly adopting targeted and continuous supervision models designed to keep pace with rapid technological change.

Industry experts warn that the stakes are high. AI systems capable of scanning for weaknesses across vast digital environments could significantly increase the scale and speed of cyber attacks, particularly against banks with complex legacy systems.

This has raised concerns that institutions may be underestimating the operational and financial impact of such threats.

Branson emphasized that strengthening cybersecurity must now be a priority across the financial sector.

“The financial industry can afford to strengthen cybersecurity,” he said, describing it as “an urgent and essential investment.”

The warning comes amid a series of similar alerts from regulators and policymakers globally, as AI-driven risks increasingly intersect with financial stability concerns.

The challenge for banks will be to harness the benefits of advanced technologies while ensuring that governance, controls, and resilience frameworks evolve at the same pace.

As financial institutions continue to experiment with new AI tools, the balance between innovation and risk management is becoming more critical.

Regulators are signaling that failure to address emerging vulnerabilities could have significant consequences, both for individual firms and the wider financial system.