As finance ministers and central bank governors gathered at IMF and World Bank headquarters for the annual Spring Meetings, the conversation kept returning to a single, disquieting question: Is the global financial system equipped to withstand the cyber threats that artificial intelligence is now enabling, and is anyone actually in charge of the answer?

IMF Managing Director Kristalina Georgieva set the tone before the meetings had even formally opened, warning that the global monetary system is not prepared for AI’s rapidly escalating risks.

She was direct about the scale of the problem. “We can’t protect the international monetary system against massive cyber risks. We are very keen to see more attention to the guardrails that are necessary to protect financial stability in a world of AI.”

These are not abstract policy concerns. They map directly onto questions of operational resilience, regulatory exposure and increasingly, investment strategy.

The immediate catalyst for Georgieva’s intervention was the limited release of Anthropic’s Mythos model, which prompted US officials to convene an emergency meeting with senior bank executives over fears the technology could be exploited in serious cyberattacks. Banks have since begun testing the model’s implications, focused on strengthening defences ahead of any wider rollout.

The frontier problem

The IMF’s Financial Counsellor, Tobias Adrian, was equally pointed when he addressed the Spring Meetings press briefing. Governments and regulators must “stay at the frontier” of rising threats from artificial intelligence, he said, describing AI as “a very powerful tool that can be used for good and for bad.”

Adrian noted that the IMF has supported member country agencies on cybersecurity questions for more than eight years, helping regulators and central banks build out appropriate frameworks. But his remarks this week had a sharper edge: the advice was to be “extremely proactive in terms of the policy frameworks relative to cybersecurity, but also relative to the operational readiness to act when necessary.”

The phrase “operational readiness” will resonate with anyone running critical digital infrastructure. Frameworks and policy papers are one thing; the ability to respond in real time to a cascading, AI-enabled attack on payment systems or financial networks is quite another.

The IMF’s own analysis has flagged that a coordinated or cascading failure in payments infrastructure could have immediate, real-world economic consequences, ranging from disrupted commerce to a fundamental loss of confidence in financial systems. That is not a theoretical scenario. It is a design constraint that data centre operators, cloud providers and financial infrastructure teams need to be building against now.

What also emerged clearly from Washington was that the IMF views AI not as a cybersecurity bolt-on, but as a systemic risk in its own right, one that deserves a place at the table alongside traditional financial risks such as credit and liquidity.

Data and the infrastructure gap

Beyond the threat landscape, the meetings surfaced a second, structural problem: the fragmentation of the very data that AI needs to do its defensive work effectively.

The IMF’s current position places particular emphasis on data sharing as infrastructure, rather than as a discretionary policy choice. The Spring Meeting discussions highlighted that technologies such as APIs, standardised data formats and interoperability frameworks are essential to enabling meaningful data exchange across institutions. Without them, AI-powered fraud detection and threat identification operate in silos  and sophisticated, cross-border attacks remain invisible until it is too late.

The IMF report was explicit that new technologies are not inherently effective; their impact depends on institutional readiness, data governance and implementation strategy. It explicitly warned against “solution-in-search-of-a-problem” adoption driven by hype rather than measurable value.

The IMF and World Bank’s collective conclusion is stark: unless data sharing and cooperation evolve quickly, the financial system risks falling permanently behind the threat actors using AI against it.

The energy infrastructure is itself becoming a target. Cyberattacks on energy utilities have tripled in the past four years, growing more sophisticated precisely because of AI, a critical vulnerability that now extends beyond individual companies to the stability of entire energy and digital networks.

On the energy side, Adrian acknowledged that data centres are already having a measurable impact on energy prices in certain regions, depending on how elastic local supply happens to be, a dynamic that the ongoing oil price shock, driven by the conflict in the Middle East, is complicating further.

A separate IMF note released alongside the Spring Meetings argued that AI should be treated as a macro-critical transition rather than a standard technology shock

Georgieva’s call for stronger international guardrails, greater cooperation between regulators and private firms, and new attention to financial stability in an AI-enabled threat landscape is essentially an invitation for the technology industry to come to the table.

Whether it translates into the kind of coordinated, cross-border testing and disclosure protocols that the IMF is pushing for will go a long way to determining how prepared the world actually is when the next major AI-enabled attack lands.

Related stories

Google DeepMind to build first automated research lab in UK

Ex-Google CEO warns Europe risks AI dependence on US and China