Sam Woods, the outgoing head of the Bank of England's Prudential Regulation Authority, warned that AI-driven cybersecurity vulnerabilities rank as the foremost threat facing British banks. Speaking to the Financial Times, Woods called the risks "top of the list" for potential significant problems, citing concerns about powerful AI models finding hidden IT weaknesses that could be exploited by malicious actors.

Anthropic's Claude Mythos Preview represents the core concern. The AI lab launched the model in April with access for roughly 50 US companies, highlighting its ability to uncover previously unknown IT vulnerabilities. This week, Anthropic announced wider distribution to 150 organizations across 15 countries, with some UK banks expected to participate. The technology's hacking potential has intensified Woods' worries about banks' readiness.

Regulatory oversight faces significant challenges as AI capabilities advance rapidly. Woods deemed it "not plausible" for the PRA to effectively regulate AI while the technology moves at current speeds. Banks currently deploy AI for customer service automation and financial crime detection, but Woods warned regulators would grow concerned if lenders began using AI for critical decisions on capital allocation and risk-taking.

Cost-cutting pressures compound the risks. Standard Chartered plans to eliminate 8,000 positions, claiming AI will replace "lower-value human capital." The PRA itself is shedding 150 staff members through voluntary redundancies to fund technology investments. Meanwhile, regulatory rollbacks from post-2008 reforms raise stability concerns, though Woods emphasized that removing substantial capital buffers would constitute "a historic error."