RS2: Could AI cybersecurity tools redefine control over banking infrastructure?

RS2: Could AI cybersecurity tools redefine control over banking infrastructure?

5 juni 2026

Risicomanagement Artificial Intelligence Technologie

By Radi El Haj, CEO of RS2

The competition between OpenAI and Anthropic over cybersecurity models such as GPT-5.5 Cyber and Claude Mythos shows how AI is moving into active defence roles inside banking systems.

These tools are now being used to scan millions of lines of legacy code, including infrastructure that in some UK banks still dates back several decades. The result is faster detection of vulnerabilities that previously required long manual audits, sometimes taking weeks to surface issues that AI can now flag in minutes.

This is also exposing a new dependency problem. Access to these systems is tightly controlled, with Anthropic limiting previews to a small group of firms while OpenAI is expanding access across regions including the UK, Japan and Canada.

That creates uneven capability across the financial sector, particularly at a time when cyber risk is rising. IBM’s Cost of a Data Breach report has consistently shown financial services as one of the most expensive sectors for breaches, averaging over $5 million per incident globally in recent years.

Regulators are right to focus on control and oversight. The Bank of England’s concern about restricted access is not about innovation speed. It is about whether critical testing capability sits inside a transparent framework or within privately governed distribution rules set by US technology firms.

This mirrors what is happening in payments. UKPI and the shift toward account-to-account rails show banks trying to rebuild control over infrastructure layers that have been dominated by global card networks for decades. The same pattern is now emerging in AI security tooling, where capability, access and governance are converging into one strategic question.

AI will improve vulnerability discovery at scale, but it will also generate high volumes of low-confidence findings. That makes structured human validation and clear regulatory integration essential, not optional.

Gerelateerde berichten