Banks: AI as weapon and shield

Banks are no longer treating artificial intelligence as a side project; they are using it to defend themselves while attackers use it to break in. (ft.com) The Financial Times reported on April 18 that banks are shifting from reactive defenses to predictive tools as AI speeds up the hunt for vulnerabilities. JPMorgan Chase, Lloyds and Santander were cited as banks tightening systems against that change. (ft.com, pymnts.com) Patrick Opet, JPMorgan’s chief information security officer, told the FT that “the time to find and exploit vulnerabilities is drastically decreasing.” PYMNTS, citing the FT on April 20, said research commissioned by Kroll found 76% of companies had a security incident involving AI applications or models in the last two years. (pymnts.com) In plain terms, banks are trying to spot trouble before it lands: predictive detection means flagging suspicious behavior early, observability means seeing what is happening across systems in real time, and resilience means keeping payments and services running during an attack. Federal banking agencies spent 2025 emphasizing those same priorities in their cybersecurity and financial resilience reports. (federalreserve.gov, occ.gov, fdic.gov) Banks sit at the center of payments, deposits and lending, so they remain attractive targets for ransomware crews and data thieves. IBM said finance and insurance accounted for 27% of incidents in its 2025 X-Force Threat Intelligence Index, the second-largest share among sectors cited by the FT and PYMNTS. (newsroom.ibm.com, pymnts.com) The same banks pushing AI into products and operations are also widening their own exposure. Santander said in December 2025 that it wants to become an “AI-native” bank through a broader data-and-AI strategy backed by OpenAI. (santander.com) That tension is showing up in budgets and deployment plans. KPMG said in April 2025 that 89% of U.S. banking executives were prioritizing security and fraud prevention over the next year, while 78% said they were already using generative AI or AI pilots for security and fraud prevention. (kpmg.com) Regulators have been moving in parallel. The Federal Reserve’s July 2025 report to Congress listed cyber-criminal activity, third-party provider risk and other emerging technology threats as current issues for financial-system resilience, while the Office of the Comptroller of the Currency said operational resilience and cybersecurity were top supervisory issues. (federalreserve.gov, occ.gov) The result is a race inside banking: the same technology that can automate fraud checks, monitor networks and sharpen response plans can also help criminals scan, probe and impersonate at scale. For banks, AI is becoming both a weapon to manage and a shield they have to keep upgrading. (ft.com, pymnts.com)