Original article in Japanese by Makoto Shibata was published for FinTech Journal on May. 26, 2026）　https://www.sbbit.jp/article/fj/185412

The emergence of frontier artificial intelligence (AI) systems capable of identifying and exploiting software vulnerabilities has triggered significant concern within the global financial sector. In particular, the pre-release AI model “Claude Mythos” demonstrated an unprecedented ability to discover vulnerabilities in major operating systems and web browsers, leading regulators and financial institutions in both the United States and Japan to reassess their cybersecurity strategies.

The fundamental impact of frontier AI is not simply that it accelerates vulnerability discovery. More importantly, it can automatically generate exploit code and conduct attacks at machine speed. This dramatically shortens the cyberattack cycle and increases the likelihood of large-scale zero-day attacks. As a result, traditional security approaches based on preventing intrusions and applying periodic patches are becoming insufficient.

The report argues that financial institutions must shift their focus from strengthening defenses to strengthening their ability to detect, respond to, and rapidly repair vulnerabilities. This represents a significant change in operational philosophy. Instead of assuming systems can be fully protected, organizations must assume vulnerabilities will inevitably be discovered and exploited.

Another important implication is the growing limitation of the long-standing objective of uninterrupted system operation. Financial institutions have traditionally pursued 24/7 availability, real-time processing, and non-stop services. However, in an AI-driven threat environment, the ability to safely suspend operations, isolate affected systems, and recover quickly may become more important than maintaining continuous availability at all costs.

The report also highlights risks associated with legacy systems and closed networks. Many Japanese financial institutions continue to rely on aging mainframe-based infrastructures built with legacy programming languages such as COBOL. While these systems have historically provided stability and reliability, frontier AI may be particularly effective at analyzing complex architectures, uncovering hidden vulnerabilities, and identifying attack paths. Consequently, system complexity and age may become liabilities rather than strengths.

Japan’s highly centralized financial infrastructure presents additional challenges. Critical platforms such as payment networks and shared banking systems create efficiency but also introduce concentration risk. A successful AI-enabled attack against these common infrastructures could disrupt large portions of the financial system simultaneously and generate systemic consequences extending beyond individual institutions.

The report further warns that regional banks and smaller financial institutions may face greater difficulties because of limited cybersecurity expertise, aging systems, dependence on vendors, and shared service platforms. Japan’s multi-layered outsourcing structure within financial IT may also delay vulnerability management and obscure accountability.

To address these challenges, several priorities are identified. Financial institutions should adopt integrated DevSecOps practices, strengthen identity and access management, conduct realistic cyber exercises, improve IT governance, and establish robust AI governance frameworks. Investment in human resources is equally important, particularly professionals who possess expertise across finance, AI, and cybersecurity.

Finally, the report emphasizes the importance of public-private cooperation, international information sharing, and supply-chain security. Since AI-driven cyber threats transcend organizational and national boundaries, effective responses will require collaboration among governments, financial institutions, technology providers, and AI developers.

In conclusion, the rise of frontier AI represents more than a cybersecurity challenge. It requires a fundamental transformation of financial system operations—from a culture focused on uninterrupted service to one centered on resilience, rapid recovery, and adaptive risk management in the AI era.