Bank executives are losing sleep over the 'patch gap' — the AI-driven cyber threat keeping the financial world on edge

That gap has always existed, but artificial intelligence is now speeding up both sides: helping security teams uncover vulnerabilities in record time, while also giving attackers the tools to analyze those same flaws and act on them before fixes are fully in place across a bank's systems.

For financial institutions, that raises the risk of breaches, service disruptions and cascading issues across shared technology providers. For customers, it may mean increased exposure to fraud, unauthorized activity, or temporary account restrictions or outages while systems are secured.

What is the patch gap?

Tools like Anthropic's Claude Mythos Preview are dramatically changing the scale of the problem.

Advanced AI systems can rapidly identify previously unknown vulnerabilities (1). That sounds like a win for security. But there's a catch: AI isn't just making it easier to find weaknesses — it's also making them easier to exploit.

Once a vulnerability is found, a patch is created to fix the problem. But that fix doesn't get applied everywhere immediately. Banks can take days or weeks to test and install updates across all their systems (2).

That delay creates an opportunity. When a patch is released, it can reveal clues about what was broken. Hackers can study it, figure out the flaw and target systems that haven't been updated yet.

In other words, the fix itself becomes a roadmap for attackers. And with AI uncovering far more vulnerabilities than before, that window is opening more often.

The scale of the threat is already growing. According to CrowdStrike (3), there was an 89% increase in AI-enabled cyber attacks in 2025 compared to the previous year, with the average time between an attacker first accessing a system and acting maliciously falling to just 29 minutes.

Politicians and cyber experts sound the alarm

Concerns about next-generation cyber threats are no longer limited to security teams — they're being raised at the highest levels.

Speaking about Anthropic's AI model Mythos, which has yet to be released to the public because of its ability to identify and exploit software flaws (4), Christine Lagarde, the president of the European Central Bank, warned: "If it falls in the wrong hands, it could be really bad," in an interview with Bloomberg (5).

Meanwhile, when asked for his thoughts, the U.K.'s minister for AI and online safety, Kanishka Narayan, told The Financial Times (6), "We should be worried."

Cybersecurity experts are echoing those concerns. Rafe Pilling, director of threat intelligence at Sophos, compared the rise of AI-driven cyber capabilities to "the discovery of fire," warning that if mishandled, it could "cause real harm across the digital world." Kristalina Georgieva, head of the International Monetary Fund, has also been speaking about the dangers, claiming that global institutions are not fully prepared: "We don't have the ability … to protect the international monetary system against massive cyber risks," she said in an interview with CBS News (7).

Why banks are especially at risk

Financial institutions are prime targets because they combine complex, often dated systems with immediate access to money (8).