U.K. Financial Regulators Flag Frontier AI Cyber Risks For Firms

The U.K.’s financial regulators and the Treasury have asked regulated firms to strengthen cyber resilience as frontier artificial intelligence (AI) models become more capable and accessible. In a joint statement, the Financial Conduct Authority (FCA), Bank of England, and the U.K. Treasury said advanced AI systems can now carry out cyber tasks faster, on a larger scale, and at a lower cost than skilled practitioners.

The authorities warned that these capabilities could increase risks to financial stability, customer protection, and market operations if used for malicious purposes. They said firms with weak cybersecurity systems or outdated technology may face greater exposure as AI models continue to evolve.

The regulators said firms and financial market infrastructures should improve governance, risk management, and cyber response frameworks in line with operational resilience requirements. Boards and senior management were asked to understand frontier AI risks and ensure investment decisions address emerging cyber threats.

The statement also called for quicker vulnerability management, stronger oversight of third-party software and supply chains, and wider use of automated cyber defences. Authorities said firms should also strengthen response and recovery systems to handle AI-driven attacks and disruptions.