AI Is Cracking Open Banking Before Quantum Gets the Chance 

Even elite security researchers typically can require weeks or months to uncover subtle flaws in complex systems or discover zero-day vulnerabilities.

Frontier artificial intelligence models have now dismantled that ceiling. Anthropic’s Claude Mythos Preview, for example, has reportedly demonstrated the ability to autonomously discover and exploit vulnerabilities across major operating systems and web browsers, including decades-old bugs in widely trusted systems.

The implications are two-sided. On one hand, defenders such as banks, payment processors and infrastructure providers can use these tools to identify and patch weaknesses. On the other, the same capabilities could be leveraged by hackers, dramatically accelerating the discovery and exploitation of systemic flaws across the financial ecosystem.

In response to the apparent threat to critical financial services infrastructure, the White House summoned representatives from banks including JPMorgan Chase, Goldman Sachs, Citigroup, Bank of America and Morgan Stanley and pushed them to identify the systems-level vulnerabilities surfaced by the frontier AI model, according to a report Friday (April 10).

The rapid advances in AI-probed enterprise vulnerabilities have, inadvertently, potentially leapfrogged another existential threat facing the digital layer of the financial services sector: quantum computing. While Google is now pushing a 2029 timeline for quantum-safe readiness, Frontier AI is, by contrast, not a distant threat; it is a present capability that is evolving rapidly.

See also: Big Tech Races to Quantum Safety as Cyber Threat Clock Ticks Down 

Rethinking Systemic Risk in Finance

Few sectors are as dependent on layered, legacy-rich digital infrastructure as payments and banking. Over decades, institutions have built complex stacks that combine modern cloud-native systems with older, mission-critical platforms. These systems are interconnected through APIs, third-party vendors, and global networks, creating a vast and intricate attack surface.

AI-driven vulnerability discovery thrives in precisely this kind of environment. The more complex and interconnected a system is, the more opportunities there are for subtle misconfigurations, overlooked dependencies, or edge-case failures. What makes frontier AI particularly potent is its ability to explore these edge cases exhaustively, testing permutations that human analysts might never consider.

In a payments context, even a single critical vulnerability can have cascading effects. A flaw in a transaction processing system, an authentication layer, or a settlement network could disrupt not just one institution, but entire chains of financial activity. The speed at which AI can identify and potentially exploit such flaws raises the specter of simultaneous, multipoint failures across the system.

Perhaps the most unsettling aspect of this development is the potential democratization of offensive cyber capabilities. Historically, the ability to discover and exploit zero-day vulnerabilities has been concentrated among nations and a small number of elite hackers. Frontier AI could lower that barrier significantly.

This shift mirrors broader trends in AI, where capabilities once restricted to specialists are becoming accessible through user-friendly tools. In cybersecurity, however, the stakes are considerably higher. A world in which vulnerability discovery is automated and scalable is one in which the volume and velocity of threats could increase by orders of magnitude.

The asymmetry inherent in cybersecurity means that attackers need to find only one exploitable weakness, while defenders must secure every potential entry point. If AI amplifies both sides, the balance may still tilt toward those willing to act more aggressively and with fewer constraints.

See also: How the Math Powering Payments Adds Up in the Quantum Era

Navigating a Present-Day Inflection Point

The emergence of AI-driven vulnerability discovery may challenge some of the core assumptions underlying financial stability. Traditionally, systemic risk has been associated with economic factors such as liquidity crises, market shocks, or institutional failures. Cyber risk has been recognized but was often treated as a secondary concern.

That hierarchy may need to change. If AI enables the rapid identification and exploitation of vulnerabilities across multiple institutions simultaneously, cyber incidents could become systemic events. A coordinated or cascading failure in payments infrastructure could have immediate, real-world economic consequences, from disrupted commerce to loss of confidence in financial systems.

For the financial sector, the challenge is twofold. First, institutions must understand and quantify the risks posed by AI-driven vulnerability discovery. Second, they must adapt their security architectures, processes and governance models to operate in an environment where the pace of threat evolution is dramatically accelerated.

The involvement of the White House and leading banks signals that this shift is being taken seriously at the highest levels. But awareness is only the first step. The real test will be whether the industry can move quickly enough to harness AI’s defensive potential while mitigating its risks.

In the race between attackers and defenders, speed has always mattered. With the advent of frontier AI, speed may become the defining factor.

For all PYMNTS AI coverage, subscribe to the daily AI Newsletter.