Become a TechRadar Insider
As attention remains focused on generative AI and productivity tools, a more urgent question is emerging across financial services and the wider technology sector which is can cybersecurity realistically keep pace with machine-speed threats?
Recent discussion around Anthropic’s “Mythos” system has intensified these concerns, with cybersecurity specialists warning about how quickly advanced AI capabilities could move beyond controlled development environments into real-world use.
The system, reportedly capable of autonomously identifying software vulnerabilities, highlights how AI is accelerating cyber risk.
Senior Managing Director at Integrated Solutions.
For cybersecurity teams, the challenge is no longer just the sophistication of attacks, but the shrinking gap between vulnerability discovery and exploitation.
At the same time, regulators and financial institutions are beginning to respond. FINRA, the U.S. self-regulatory organization overseeing brokerage firms and securities professionals to enforce market integrity and investor protection standards, has launched its Financial Intelligence Fusion Center (FIFC) to improve real-time sharing of cyber threat and fraud intelligence.
Together, these developments point to a wider shift in cybersecurity strategy. For firms operating across U.S. and international markets, this is already visible in day-to-day operations, particularly where legacy systems meet rapidly evolving threats.
Organizations are moving away from trying to prevent everything and focusing more on resilience which involves spotting issues early, containing them, and recovering quickly. The question is whether that’s enough when attacks can now run on their own and happen almost instantly.
AI is accelerating vulnerability discovery
Cybersecurity has always been a race between attackers and defenders, but AI is speeding it up. Tasks like vulnerability scanning, system mapping, and exploit development that once took days or weeks can now be done in hours, as AI processes huge volumes of code and infrastructure data far faster than humans.
This is a particular challenge for financial services firms, where legacy systems sit alongside modern platforms and third-party tools. The risks aren’t isolated but system-wide exposures that often go unnoticed until they’re exploited.
The BBC has reported growing concern among financial leaders that vulnerabilities in complex banking systems may now be identified faster than they can be fixed. This aligns with warnings from the UK’s National Cyber Security Centre (NCSC) , which states that AI-enabled tools are likely to increase both the volume and speed of cyberattacks against systems that have not been updated with security fixes.
The NCSC cautions that by 2027, the time between vulnerability discovery and exploitation could shrink to days, creating material risks for critical infrastructure and financial supply chains. In highly interconnected financial environments, even minor weaknesses can quickly become systemic risks.
The limits of intelligence sharing
Initiatives like FINRA’s FIFC show regulators recognize the scale and speed of cyber risk. The platform aims to improve visibility across financial institutions by identifying emerging attack patterns earlier and speeding up threat intelligence sharing. However, more intelligence does not always mean faster action.
Many organizations are still held back by ageing systems, fragmented technology, and slow governance processes. AI-driven attacks do not wait for long patch cycles or infrastructure upgrades. Even when threats are identified quickly, many firms cannot respond at the same pace.
Why prevention is no longer enough
Cybersecurity has traditionally focused on prevention, blocking attacks, finding vulnerabilities, and patching systems before exploitation. That model is now under pressure.
AI is compressing the attack lifecycle, leaving less time to fix vulnerabilities before they are exploited. The World Economic Forum has noted that AI is pushing response times beyond what traditional patch cycles can handle.
Cybersecurity is therefore shifting toward resilience. This assumes that some attacks will succeed, even in well-defended systems. The focus moves to limiting impact, containing disruption, and maintaining critical services during incidents.
In simple terms, prevention aims to stop failure. Resilience assumes it will happen and focuses on recovery. This thinking is increasingly reflected in regulatory expectations around operational resilience, especially in financial services, where firms must demonstrate that can keep operating under stress.
Legacy systems remain the structural challenge
Legacy infrastructure remains a major challenge in financial services cybersecurity. Many institutions still rely on decades-old systems, creating tightly connected environments with complex dependencies across internal platforms and external vendors. These systems are slow to update and difficult to secure fully.
Firms are therefore focusing on stronger segmentation, risk-based patching, and building recovery into core operations rather than treating it as a backup.
Modernization also needs to reduce reliance on legacy systems without disrupting critical services. The key question is shifting from whether systems can be fully secured to whether they can keep running under attack.
Conclusion
The emergence of AI systems such as Mythos reflects a wider shift in cyber risk. The challenge is no longer just the sophistication of attacks, but their speed. Regulators are responding through initiatives like FINRA’s FIFC, but intelligence sharing alone will not close the gap.
Cybersecurity is increasingly being redefined as resilience: the ability to absorb disruption, limit impact, and keep critical services running under pressure.
We've featured the best encryption software.
This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.
The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit