The Bank of England, the Financial Conduct Authority (FCA) and HM Treasury have issued a joint statement warning that frontier AI models pose a growing and material threat to the cyber resilience of regulated financial firms and financial market infrastructures (FMIs).
The three authorities have set out that firms must take active steps across governance, vulnerability management, third-party risk, protection, and response and recovery to address the escalating risks posed by frontier AI. The statement makes clear that underinvestment in core cyber security fundamentals will leave firms progressively more exposed as more advanced models become available.
Central to the authorities’ concerns is the speed and scale at which frontier AI can be weaponised. The cyber capabilities of current frontier AI models already exceed what a skilled human practitioner could achieve, operating faster, at greater scale, and at lower cost. Used maliciously, these capabilities could amplify threats to firms’ safety and soundness, their customers, market integrity, and the broader stability of the financial system.
On governance, firms are expected to ensure their boards and senior management have…
