UK financial regulators highlight operational risks linked to frontier AI

Bank of England, Financial Conduct Authority and HM Treasury have issued a joint statement warning regulated firms about escalating cybersecurity risks associated with frontier AI models.

The authorities said current frontier AI systems already possess cyber capabilities that may exceed those of skilled practitioners in some areas while operating at greater speed and scale. According to the statement, malicious use of these capabilities could increase risks to financial stability, market integrity, customers, and firms’ operational resilience.

UK regulators warned that firms underinvesting in cybersecurity protections may face increased exposure as more advanced AI systems emerge. The statement said regulated firms and financial market infrastructures should strengthen resilience against AI-driven cyber threats.

The guidance highlighted several priority areas, including governance, vulnerability management, third-party and supply-chain risks, data protection, network security, and recovery planning. The authorities urged boards and senior management teams to improve their understanding of frontier AI cyber risks.

Bank of England, Financial Conduct Authority and HM Treasury also warned that frontier AI models could rapidly identify and exploit vulnerabilities across complex technology estates, forcing firms to accelerate patching, remediation, and threat-detection processes. Firms were encouraged to deploy automation and AI-enabled defensive tools capable of responding at a comparable speed to emerging AI-driven attacks.

The statement additionally emphasised growing risks linked to third-party providers, open-source software dependencies, and supply-chain exposure. Regulators said firms should strengthen capabilities to identify, monitor, and manage vulnerabilities linked to third-party providers and software dependencies.

The authorities confirmed they will continue monitoring AI developments and coordinating with industry through the Cross Market Operational Resilience Group.

Why does it matter?

The financial sector increasingly depends on interconnected digital infrastructure, cloud services, AI systems, and third-party software supply chains. Frontier AI could dramatically accelerate both offensive cyber capabilities and defensive security operations, creating a rapidly evolving threat environment where traditional cybersecurity practices may no longer be sufficient.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!