The World Economic Forum said cybersecurity threats have become a systemic risk to the global economy.
The post WEF Says Cybersecurity Has Become Economic Priority appeared first on PYMNTS.com.
\n", "content_text": "The World Economic Forum said cybersecurity threats have become a systemic risk to the global economy.\r\n\t\r\n\t\t\r\n\t\r\n\r\n\r\n\t\n\u201cThe ability to understand the strategic and economic impact of cyber incidents has validated it as a major systemic economic threat,\u201d the WEF said in a report issued Friday (May 15) in conjunction with its Annual Meeting on Cybersecurity.\nThe WEF cited the example of a major cyberattack last year which led to a prolonged shutdown of car production in the U.K., which weakened the country\u2019s economic growth and had an impact of around 1.9 billion pounds (about $2.5 billion) and affected thousands of organizations.\nCyber incidents are increasing insurance and compliance costs and recovery expenditures, while interrupting operations, hurting customer trust and, in some cases, threatening the solvency of businesses, particularly smaller businesses, the report added.\n\u201cAt the national level, weak cyber resilience can deter foreign investment, undermine innovation ecosystems and erode competitiveness in critical industries,\u201d said the WEF. \u201cAs economies become more digital and interconnected, cybersecurity is emerging as a foundational pillar of economic security.\u201d\nDuring the meeting, the report said, leaders stressed that cyber risk only becomes a sustained priority after its financial impact is clearly recognized. This is fueling demand for more robust risk quantification models and consolidated economic evidence to better guide decision-making and mobilize investment, the WEF said.\n\u201cIn response, organizations are shifting away from compliance-driven approaches towards measurable resilience,\u201d the report added. \u201cThe focus is moving to how quickly systems can recover, how much loss can be avoided, and how effectively operations can continue under stress.\u201d\nAccording to the WEF, this shift is reconfiguring investment priorities. Instead of expanding toolsets, leaders are focusing on high-impact capabilities, boosting visibility of critical assets and dependencies, bolstering incident response readiness and promoting rapid recovery.\nThe report followed one earlier this month from the International Monetary Fund (IMF), which argued that policymakers need to start treating cybersecurity as a core financial stability issue given rising AI-related cyber risks.\nWith attacks becoming faster, automated and more sophisticated, the existing cybersecurity measures must be expanded and sharpened, the IMF wrote on its blog.\n\u201cPolicymakers should prioritize robust resilience standards, supervision focused on systemic transmission channels, and close public-private collaboration on threat intelligence and incident response,\u201d the IMF said.\nThe rapidly growing threat posed by AI is spotlighted by Anthropic\u2019s Mythos, which allows even non-experts to uncover and exploit vulnerabilities in operating systems and web browsers faster than defenders can patch and remediate them.\n\r\n\r\nThe post WEF Says Cybersecurity Has Become Economic Priority appeared first on PYMNTS.com.", "date_published": "2026-05-18T14:50:22-04:00", "date_modified": "2026-05-18T14:50:22-04:00", "authors": [ { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/679fcf5c2ed5358e99e8e23b22e3b5d761e37bdb76fa7b0e13d8ecd9ff01bf88?s=512&d=blank&r=g" } ], "author": { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/679fcf5c2ed5358e99e8e23b22e3b5d761e37bdb76fa7b0e13d8ecd9ff01bf88?s=512&d=blank&r=g" }, "image": "https://www.pymnts.com/wp-content/uploads/2023/01/World-Economic-Forum.jpg", "tags": [ "cyberattacks", "Cybersecurity", "News", "PYMNTS News", "wef", "What's Hot", "World Economic Forum" ] }, { "id": "https://www.pymnts.com/?p=3740920", "url": "https://www.pymnts.com/cybersecurity/2026/anthropic-will-update-regulators-mythos-cyber-vulnerability-findings/", "title": "Anthropic Will Update Regulators on Mythos\u2019 Cyber Vulnerability Findings", "content_html": "Anthropic will reportedly meet with financial regulators about cyber defense weaknesses uncovered by its artificial intelligence model.
The post Anthropic Will Update Regulators on Mythos\u2019 Cyber Vulnerability Findings appeared first on PYMNTS.com.
\n", "content_text": "Anthropic will reportedly meet with financial regulators about cyber defense weaknesses uncovered by its artificial intelligence model.\r\n\t\r\n\t\t\r\n\t\r\n\r\n\r\n\t\nThe AI startup agreed to meet with members of the Financial Stability Board (FSB) to discuss Anthropic\u2019s Mythos model, the Financial Times reported Monday (May 18).\nThe meeting was requested by Bank of England Governor Andrew Bailey, who is also a member of the FSB, a watchdog group of finance ministry officials, central bankers and securities regulators from G20 countries, the report said.\nMany FSB members have grown concerned that Mythos and AI models from other tech companies in the United States could expose weaknesses in banks\u2019 cyber defenses, according to the report.\nAnthropic said last month that Mythos had \u201cfound thousands of high-severity vulnerabilities, including some in every major operating system and web browser,\u201d adding that the fallout \u201cfor economies, public safety and national security\u2014could be severe,\u201d per the report.\nOnly a handful of companies, most in the U.S., have gotten access to Mythos due to security concerns. This has left many organizations and regulators concerned about uneven protection levels, the report said.\nAmong the companies that have been granted access are Amazon, Microsoft and JPMorgan Chase, according to the report. Anthropic has agreed to keep distribution limited per a request from the White House.\nThe FSB is putting together a report on \u201csound practices\u201d for adopting AI in the financial system, which it aims to release for consultation in June, the report said.\nOther regulators are also expressing concerns. The International Monetary Fund warned this month that AI-driven cyber risk should be considered a financial stability issue because attacks can impact payment systems, confidence and liquidity at the same time.\nAI is \u201ccompressing the cost and skill required to turn hacking into a scale business,\u201d PYMNTS reported last week.\nGoogle researchers described May 11 what they believe to be the first observed case of an AI-developed zero-day exploit tied to a planned mass exploitation campaign. It\u2019s an event that security analysts inside and outside Google see as a sign of a larger transition toward an industrial-scale cyber threat landscape.\nFor all PYMNTS AI coverage, subscribe to the daily AI Newsletter.\n\r\n\r\nThe post Anthropic Will Update Regulators on Mythos\u2019 Cyber Vulnerability Findings appeared first on PYMNTS.com.", "date_published": "2026-05-18T10:18:08-04:00", "date_modified": "2026-05-18T10:18:08-04:00", "authors": [ { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/679fcf5c2ed5358e99e8e23b22e3b5d761e37bdb76fa7b0e13d8ecd9ff01bf88?s=512&d=blank&r=g" } ], "author": { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/679fcf5c2ed5358e99e8e23b22e3b5d761e37bdb76fa7b0e13d8ecd9ff01bf88?s=512&d=blank&r=g" }, "image": "https://www.pymnts.com/wp-content/uploads/2026/05/Anthropic.jpeg", "tags": [ "Anthropic", "artificial intelligence", "Banks", "Cybersecurity", "fraud", "News", "PYMNTS News", "regulations", "Security", "What's Hot" ] }, { "id": "https://www.pymnts.com/?p=3738005", "url": "https://www.pymnts.com/cybersecurity/2026/ai-cyber-threats-shake-crypto-industry/", "title": "AI Cyber Threats Shake Crypto Industry", "content_html": "The April hacks of crypto companies\u00a0Drift\u00a0and\u00a0Kelp DAO have shaken the crypto sector because those attacks may have been aided by artificial intelligence (AI), Bloomberg reported\u00a0Friday (May 15).
The post AI Cyber Threats Shake Crypto Industry appeared first on PYMNTS.com.
\n", "content_text": "The April hacks of crypto companies\u00a0Drift\u00a0and\u00a0Kelp DAO have shaken the crypto sector because those attacks may have been aided by artificial intelligence (AI), Bloomberg reported\u00a0Friday (May 15).\r\n\t\r\n\t\t\r\n\t\r\n\r\n\r\n\t\nFollowing the hacks, which netted the attackers a total of almost $600 million, Drift shut down and plans to relaunch after receiving stablecoins from\u00a0Tether; a decentralized finance (DeFi) project called Carrot that had exposure to Drift shut down permanently; and lending protocol\u00a0Aave, which was used to launder proceeds from one of the hacks, needed a rescue after investors pulled\u00a0$9 billion, according to the report.\nWhat has alarmed the industry most about these hacks is that they were\u00a0likely supported\u00a0by AI, the report said. While that cannot be proven, cybersecurity experts said in the report that the attacks had become so much more sophisticated, so quickly, that the hackers behind them were\u00a0probably helped\u00a0by AI.\nBeyond that, there is the looming presence of\u00a0Anthropic\u2019s Mythos AI model, which the company has kept in limited release due to the cybersecurity risks it poses, as well as the likelihood that hackers will obtain other powerful AI models.\nCybersecurity experts said in the report that AI can help hackers find weaknesses in a blockchain protocol in days or hours, rather than months, and can give anyone the skills of an elite hacker.\nCrypto firms\u2019 responses to the threat of AI include adding software that scans devices connected to a network to detect potential threats; installing circuit breakers that pause or limit transactions above a certain threshold; and, for DeFi lenders, expanding the risk framework for collateral to include cybersecurity factors, per the report.\nIn an update Drift provided in April while the\u00a0attack\u00a0on its crypto exchange was underway, the company said: \u201cThis was a highly sophisticated operation that appears to have involved multi-week preparation and staged execution, including the use of double nonce accounts to pre-sign transactions that delayed execution.\u201d\nIn the Kelp DAO\u00a0hack, it was reported in April that this action highlighted the risks of interconnected systems in DeFi because the failure of one piece can threaten the entire structure.\n\r\n\r\nThe post AI Cyber Threats Shake Crypto Industry appeared first on PYMNTS.com.", "date_published": "2026-05-15T14:36:51-04:00", "date_modified": "2026-05-15T14:36:51-04:00", "authors": [ { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/679fcf5c2ed5358e99e8e23b22e3b5d761e37bdb76fa7b0e13d8ecd9ff01bf88?s=512&d=blank&r=g" } ], "author": { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/679fcf5c2ed5358e99e8e23b22e3b5d761e37bdb76fa7b0e13d8ecd9ff01bf88?s=512&d=blank&r=g" }, "image": "https://www.pymnts.com/wp-content/uploads/2026/05/cryptocurrency-AI-cybersecurity.jpeg", "tags": [ "AI", "crypto", "Financial Crime", "fraud", "News", "PYMNTS News", "What's Hot", "Cybersecurity" ] }, { "id": "https://www.pymnts.com/?p=3734467", "url": "https://www.pymnts.com/cybersecurity/2026/mythos-based-techniques-uncover-vulnerabilities-in-apples-ios/", "title": "Mythos-Based Techniques Uncover Vulnerabilities in Apple\u2019s iOS", "content_html": "Security researchers have reportedly bypassed\u00a0Apple\u2019s operating system using techniques based on\u00a0Anthropic\u2019s Mythos.
The post Mythos-Based Techniques Uncover Vulnerabilities in Apple\u2019s iOS appeared first on PYMNTS.com.
\n", "content_text": "Security researchers have reportedly bypassed\u00a0Apple\u2019s operating system using techniques based on\u00a0Anthropic\u2019s Mythos.\r\n\t\r\n\t\t\r\n\t\r\n\r\n\r\n\t\nAccording to a Thursday (May 14) Wall Street Journal (WSJ)\u00a0report, this discovery from the security firm\u00a0Califunderscores a changing cybersecurity landscape, where artificial intelligence (AI) is increasingly being used to break through even the sturdiest defenses.\nThe researchers say their software joins together two bugs and some techniques that could corrupt the Mac\u2019s memory and access parts of the device that should not have been able to be accessed, the report said.\nThis is called a \u201cprivilege escalation exploit,\u201d the WSJ added. If combined with other attacks, hackers could use it to take over a computer.\nMicha\u0142 Zalewski, a security researcher who worked at Google and who reviewed Calif\u2019s findings, said the technique is notable because Apple has put so much work into safeguarding MacOS.\nApple, which is using frontier AI models to test and patch vulnerabilities, said it is reviewing the Calif report to validate its findings.\n\u201cSecurity is our top priority, and we take reports of potential vulnerabilities very seriously,\u201d a company spokeswoman told the WSJ.\nThe past few months, the report added, have seen the\u00a0bug-finding capabilities\u00a0of AI models from companies such as Anthropic and OpenAI improve to the point that many cybersecurity experts are now warning of a \u201cBugmageddon.\u201d\nThat\u2019s a jokey name for an unfunny problem: AI models uncovering security vulnerabilities at unprecedented levels. That could mean a lot more work for tech teams who need to plug these holes in their defenses, to say nothing of the massive cybersecurity risk.\nAs PYMNTS wrote earlier this week, the issue has\u00a0provided a wakeup call\u00a0to the enterprise software world, which had \u201clong held on to the traditional assumption that while bugs are common, the expertise to exploit them, particularly at scale, is rare.\u201d\nOne of the things disproving this assumption is a new report from Google showing that entire attack chains are \u201cincreasingly becoming software-defined and executed faster and cheaper than ever before,\u201d PYMNTS added, saying that the result is \u201cnot simply more hacking\u201d but \u201cthe industrialization of hacking.\u201d\nGoogle Cloud researchers detailed what they say is the first observed case of an AI-developed\u00a0zero-day exploit\u00a0tied to a planned mass exploitation campaign.\nIt\u2019s \u201can event that security analysts inside and outside the tech giant increasingly view less as an isolated milestone than as an early signal of a broader structural transition toward an industrial-scale cyber threat landscape,\u201d PYMNTS added.\n\r\n\r\nThe post Mythos-Based Techniques Uncover Vulnerabilities in Apple\u2019s iOS appeared first on PYMNTS.com.", "date_published": "2026-05-14T14:59:08-04:00", "date_modified": "2026-05-14T14:59:08-04:00", "authors": [ { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/679fcf5c2ed5358e99e8e23b22e3b5d761e37bdb76fa7b0e13d8ecd9ff01bf88?s=512&d=blank&r=g" } ], "author": { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/679fcf5c2ed5358e99e8e23b22e3b5d761e37bdb76fa7b0e13d8ecd9ff01bf88?s=512&d=blank&r=g" }, "image": "https://www.pymnts.com/wp-content/uploads/2026/05/Mythos-Apple-iOS.jpeg", "tags": [ "AI", "Anthropic", "Apple", "Cybersecurity", "News", "PYMNTS News", "Security", "What's Hot" ] }, { "id": "https://www.pymnts.com/?p=3733795", "url": "https://www.pymnts.com/cybersecurity/2026/microsoft-beats-anthropic-and-openai-on-key-cybersecurity-test/", "title": "Microsoft Beats Anthropic and OpenAI on Key Cybersecurity Test", "content_html": "A new Microsoft artificial intelligence (AI) system has reportedly outperformed Anthropic in a cybersecurity test.
The post Microsoft Beats Anthropic and OpenAI on Key Cybersecurity Test appeared first on PYMNTS.com.
\n", "content_text": "A new Microsoft artificial intelligence (AI) system has reportedly outperformed Anthropic in a cybersecurity test.\r\n\t\r\n\t\t\r\n\t\r\n\r\n\r\n\t\nThe system, dubbed \u201cMDASH,\u201d was introduced this week along with the revelation of 16 new vulnerabilities it uncovered in various versions of Windows, tech news website GeekWire reported Wednesday (May 13).\nAccording to the report, MDASH was able to surpass Anthropic\u2019s high-profile Mythos model on a \u201cleading cybersecurity benchmark,\u201d employing 100-plus specialized artificial intelligence (AI) agents working in tandem across multiple models to uncover real-world software vulnerabilities.\nThat metric is called the CyberGym benchmark, created by UC Berkeley researchers to determine how well AI systems can replicate real-world vulnerabilities across 1,507 tasks pulled from 188 open-source software projects. MDASH scored 88.45% on the test, with Mythos at 83.1% and OpenAI\u2019s GPT-5.5 at 81.8%, the report said.\nMDASH (\u201cmulti-model agentic scanning harness\u201d) works by assigning different agents to do different jobs, the report added. Some scan code for potential vulnerabilities, while another group debates whether each discovery is real and exploitable. A final group puts together proof-of-concept attacks to confirm the bugs are real.\nMythos, on the other hand, is a single AI model operating inside an agent framework, GeekWire said. The startup has limited its release to a small group of companies\u2014Microsoft included\u2014known as \u201cProject Glasswing.\u201d\nIn the wake of Mythos\u2019 release, OpenAI has introduced Daybreak, its own agentic security offering that works with the company\u2019s Codex coding tool.\n\u201cAI is already good and about to get super good at cybersecurity; we\u2019d like to start working with as many companies as possible now to help them continuously secure themselves,\u201d OpenAI CEO Sam Altman wrote on social media platform X earlier this week.\nThis week also saw reports that French AI startup Mistral was working with banks in Europe\u2014which lack access to Mythos\u2014on its own cybersecurity offering.\nIn related news, PYMNTS wrote earlier this week about \u201cthe industrialization of hacking\u201d after researchers at Google reported they had uncovered what they believe is the first observed case of an AI-created zero-day exploit tied to a planned mass exploitation campaign.\nThe chief takeaway for businesses is that the \u201ctool kit of hacking tasks\u201d for cyberscammers, including reconnaissance, exploit adaptation, vulnerability discovery and social engineering, no longer need the same level of human expertise.\n\u201cOn top of that, they are all becoming increasingly automatable,\u201d PYMNTS added. \u201cThis first-principles shift matters because cybersecurity is ultimately an economic system. And economic systems change rapidly when the cost of production collapses.\u201d\n\r\n\r\nThe post Microsoft Beats Anthropic and OpenAI on Key Cybersecurity Test appeared first on PYMNTS.com.", "date_published": "2026-05-14T12:21:29-04:00", "date_modified": "2026-05-14T12:21:29-04:00", "authors": [ { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/679fcf5c2ed5358e99e8e23b22e3b5d761e37bdb76fa7b0e13d8ecd9ff01bf88?s=512&d=blank&r=g" } ], "author": { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/679fcf5c2ed5358e99e8e23b22e3b5d761e37bdb76fa7b0e13d8ecd9ff01bf88?s=512&d=blank&r=g" }, "image": "https://www.pymnts.com/wp-content/uploads/2025/10/Microsoft-.jpg", "tags": [ "AI", "Anthropic", "MDASH", "Microsoft", "Mythos", "News", "PYMNTS News", "What's Hot", "Cybersecurity" ] }, { "id": "https://www.pymnts.com/?p=3730204", "url": "https://www.pymnts.com/cybersecurity/2026/data-mobility-across-the-api-economy-is-rewriting-bank-security-playbooks/", "title": "APIs Are Making Bank Data Harder to Protect", "content_html": "In the age of application programming interfaces (APIs) and artificial intelligence (AI), data governance is becoming harder for banks than perimeter defense.
The post APIs Are Making Bank Data Harder to Protect appeared first on PYMNTS.com.
\n", "content_text": "In the age of application programming interfaces (APIs) and artificial intelligence (AI), data governance is becoming harder for banks than perimeter defense.\r\n\t\r\n\t\t\r\n\t\r\n\r\n\r\n\t\nAfter all, the infrastructure powering vital advances like instant payments and personalized financial services is also creating sprawling new security risks as banks connect to AI tools, FinTech solutions and third-party APIs for the thousands of financial software integrations on offer in today\u2019s landscape. Information that once lived inside monolithic core banking systems now flows continuously across interconnected software layers designed for speed, personalization and real-time decision making.\nA recent disclosure filed with the U.S. Securities and Exchange Commission (SEC) this month by U.S. commercial bank Community Bank illustrates the growing challenge of data sprawl for banks, particularly smaller and mid-size lenders looking to stand up digital innovation in order to compete with larger peers. The bank, a wholly owned subsidiary of CB Financial Services, voluntarily disclosed that an amount of sensitive customer information determined to be \u201cmaterial\u201d had been exposed through an unauthorized AI application used within its environment.\nThe filing underscored an uncomfortable reality facing the industry: the modern banking perimeter is no longer clearly defined. The issue is not simply that banks are adopting more technology. It is that the architecture of modern banking increasingly depends on constant data mobility.\nRead more: The End of the Artisanal Hack: How AI Industrialized Cybercrime\u00a0\nWhy Banks Are Losing Sight of Their Data\nFor decades, banks operated on a relatively simple security premise: protect the perimeter, secure the core and tightly control access to customer data. Sensitive information largely stayed within institution-owned systems, moving slowly through carefully managed channels and governed by rigid internal protocols. That model no longer exists.\nOpen banking frameworks, embedded finance partnerships and real-time payments have accelerated API adoption across the industry. Financial institutions now routinely integrate with FinTech providers for everything from fraud prevention and lending to customer onboarding and treasury management. At the same time, generative AI tools are rapidly becoming embedded inside employee workflows, customer service operations and internal analytics platforms.\nEach integration creates value. Each integration also creates another potential exposure point. The challenge of defending, and even just governing, these exposure points is particularly acute for mid-sized and regional banks operating with leaner compliance and cybersecurity resources than the largest national institutions.\nFor example, across the credit union (CU) landscape,\u00a0PYMNTS Intelligence\u00a0research found that\u00a0fraud\u00a0now occurs across the full\u00a0CU member life cycle, from account opening and onboarding to authentication and transaction activity. CUs must now defend every interaction point rather than a single stage, and 77% of CUs have experienced unauthorized network access in the past year.\nThe same technologies driving operational efficiency and customer personalization also increase organizational exposure. AI systems require data access to generate value. APIs require connectivity to function effectively. Modern banking infrastructure is inherently designed for openness and interoperability.\nSee also:\u00a0The Enterprise Security Stack Is Moving to the Edge\nThe End of the Closed-Core Era\nThe real question is whether banks can establish governance models sophisticated enough to match the complexity of the ecosystems they now depend on. What has changed is the scale, speed and opacity of modern data movement. As customer data becomes increasingly distributed across external systems, governance itself is emerging as a competitive differentiator.\nRather than attempting to seal off every endpoint, many smaller institutions are shifting toward continuous monitoring models built around identity management, behavioral analytics and real-time visibility into data movement. Increasingly, the focus is less about defending a fixed perimeter and more about understanding how information flows across interconnected systems.\nData in the report \u201cEmbedding Security: Designing Fraud Risk Out of Business Transactions,\u201d a March\u00a0PYMNTS Intelligence\u00a0Business Payments Tracker Series report in collaboration with\u00a0WEX, reveals that nearly a quarter of banking CEOs (24%) are prioritizing AI investments for cybersecurity.\nThe broader banking landscape is also hoping that a rising security and data governance tide can lift all boats. PYMNTS covered Tuesday (May 12) how JPMorganChase is making nearly $14 million in philanthropic investments to support seven organizations that are combating fraud and scams through consumer awareness and real-time prevention.\nUltimately, the institutions succeeding in this transition are generally not those attempting to halt technological change. They are the ones redesigning governance around the assumption that data mobility is now permanent. Because in the API economy, the most important security question is no longer whether data leaves the bank. It is whether the bank still knows where the data went.\n\r\n\r\nThe post APIs Are Making Bank Data Harder to Protect appeared first on PYMNTS.com.", "date_published": "2026-05-13T11:59:52-04:00", "date_modified": "2026-05-14T22:04:53-04:00", "authors": [ { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/679fcf5c2ed5358e99e8e23b22e3b5d761e37bdb76fa7b0e13d8ecd9ff01bf88?s=512&d=blank&r=g" } ], "author": { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/679fcf5c2ed5358e99e8e23b22e3b5d761e37bdb76fa7b0e13d8ecd9ff01bf88?s=512&d=blank&r=g" }, "image": "https://www.pymnts.com/wp-content/uploads/2026/05/SB6-Bank-data-1.jpg", "tags": [ "API", "B2B", "B2B Payments", "banking", "Connected Economy", "Digital Banking", "News", "PYMNTS News", "Cybersecurity" ] }, { "id": "https://www.pymnts.com/?p=3714142", "url": "https://www.pymnts.com/cybersecurity/2026/24percent-bank-ceos-put-ai-cybersecurity-first/", "title": "24% of Bank CEOs Put AI Cybersecurity First", "content_html": "Embedded payments are forcing businesses to rethink fraud prevention as a design challenge, not just a cleanup job after something goes wrong.
The post 24% of Bank CEOs Put AI Cybersecurity First appeared first on PYMNTS.com.
\n", "content_text": "Embedded payments are forcing businesses to rethink fraud prevention as a design challenge, not just a cleanup job after something goes wrong.\r\n\t\r\n\t\t\r\n\t\r\n\r\n\r\n\t\nThat was the central theme of \u201cEmbedding Security: Designing Fraud Risk Out of Business Transactions,\u201d a March PYMNTS Intelligence Business Payments Tracker Series report in collaboration with WEX.\nThe report found that embedded payments are becoming core infrastructure for modern business platforms, helping companies move money inside the software they already use to run operations. That can make payments faster, easier and more visible. It also changes where fraud risk lives, spreading it across platforms, APIs, third-party partners and workflows.\nThe optimistic takeaway is that the same embedded structure creating new risks can also give companies more places to stop fraud earlier.\nEmbedded finance has moved beyond the experimental stage. WEX identifies it as one of the top business payment trends shaping 2026, with transaction value projected to exceed $7 trillion, nearly three times the $2.6 trillion recorded in 2021.\nFor businesses, the appeal is practical. Payments can become part of everyday work instead of a separate process. Companies can gain more control over spending, improve cash-flow visibility and reduce manual steps.\nThe risk is that older fraud tools were built for a slower and more centralized banking model. They often look for suspicious activity once a transaction is already in motion. In embedded payments, that may be too late.\nTransactions can move through APIs and instant rails in seconds. Responsibility may be shared among banks, FinTechs, software providers and end platforms. Fraud can appear in the seams between those players, where visibility is harder to maintain.\nThe report pointed to several data points that show the promise and the pressure:\n\nFraud attempts targeting embedded finance products are estimated to be growing two to three times faster than those across traditional banking channels. That suggests fraud is following the same growth path as embedded payments themselves.\nFraud concerns have caused 35% of organizations to delay embedded finance and banking-as-a-service initiatives. The demand is there, but the risk is still slowing execution.\nEmbedded finance is credited with reducing fraud risk by 74% of users. That finding suggests embedded payments can become safer when controls are built directly into workflows.\n\nThe shift is from detecting fraud later to limiting opportunity earlier. Virtual cards show how that can work. A company can set spend limits, merchant restrictions and authorization rules before a payment is made. Role-based permissions can determine who is allowed to initiate or approve transactions.\nMultifactor authentication can add protection at access points. Real-time monitoring can flag unusual behavior as it happens rather than after money has moved.\nArtificial intelligence is also becoming part of the fraud toolkit, although the report framed it as one layer in a broader system. KPMG data cited in the tracker found that 70% of banking CEOs plan to allocate 10% to 20% of their budgets to AI in the coming year. Enhanced cybersecurity is the top-reported benefit of AI adoption, cited by 24% of banking CEOs.\nThe broader message is that embedded payments do not have to trade speed for safety. Done well, they can make fraud prevention more precise because controls sit closer to the transaction. Identity, permissions, payment limits, monitoring and enforcement can all work together inside the flow of business. That gives companies a path to scale embedded payments with more confidence.\nAt PYMNTS Intelligence, we work with businesses to uncover insights that fuel intelligent, data-driven discussions on changing customer expectations, a more connected economy and the strategic shifts necessary to achieve outcomes. With rigorous research methodologies and unwavering commitment to objective quality, we offer trusted data to grow your business. As our partner, you\u2019ll have access to our diverse team of PhDs, researchers, data analysts, number crunchers, subject matter veterans and editorial experts.\n\r\n\r\nThe post 24% of Bank CEOs Put AI Cybersecurity First appeared first on PYMNTS.com.", "date_published": "2026-05-13T04:00:01-04:00", "date_modified": "2026-05-07T09:45:12-04:00", "authors": [ { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/679fcf5c2ed5358e99e8e23b22e3b5d761e37bdb76fa7b0e13d8ecd9ff01bf88?s=512&d=blank&r=g" } ], "author": { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/679fcf5c2ed5358e99e8e23b22e3b5d761e37bdb76fa7b0e13d8ecd9ff01bf88?s=512&d=blank&r=g" }, "image": "https://www.pymnts.com/wp-content/uploads/2026/05/cybersecurity-fraud-AI-banks.jpeg", "tags": [ "artificial intelligence", "Banks", "Cybersecurity", "embedded finance", "Featured News", "fraud", "News", "PYMNTS News", "PYMNTS Study", "Security" ] }, { "id": "https://www.pymnts.com/?p=3727973", "url": "https://www.pymnts.com/cybersecurity/2026/banks-slash-patch-times-as-anthropics-mythos-exposes-security-gaps/", "title": "Banks Slash Patch Times as Anthropic\u2019s Mythos Exposes Security Gaps", "content_html": "The few large banks that have access to Anthropic\u2019s Mythos are uncovering vulnerabilities in their IT systems and are sharing information with smaller banks that don\u2019t have access to the artificial intelligence model, Reuters reported Tuesday (May 12), citing unnamed sources.
The post Banks Slash Patch Times as Anthropic\u2019s Mythos Exposes Security Gaps appeared first on PYMNTS.com.
\n", "content_text": "The few large banks that have access to Anthropic\u2019s Mythos are uncovering vulnerabilities in their IT systems and are sharing information with smaller banks that don\u2019t have access to the artificial intelligence model, Reuters reported Tuesday (May 12), citing unnamed sources.\r\n\t\r\n\t\t\r\n\t\r\n\r\n\r\n\t\nOne thing the banks have learned is that Mythos can create a high-risk vulnerability by bringing together several lower risk weaknesses, according to the report.\nThe number of low- to moderate-ranked vulnerabilities found in banks\u2019 tech by Mythos numbers between several hundred and thousands.\nIn response, banks are patching vulnerabilities in days rather than the weeks they used to take and are upgrading technology that is at the end of its software support, per the report.\nSome banks may take their systems offline more often to handle the new workload but will do so in the least disruptive ways.\nThe testing banks are now doing with Mythos is likely to be repeated with other new AI products on a continuous basis.\nFor banks that don\u2019t have access to Mythos, Anthropic has released recommendations for improving their defenses and is offering another program called Claude Security that scans for vulnerabilities and is available to a greater number of organizations, per the report.\nAnthropic CEO Dario Amodei said May 5 that financial services companies and other organizations have six to 12 months to fix vulnerabilities in their software before Chinese AI models develop capabilities equal to those of Mythos.\nAmodei said that Mythos had uncovered tens of thousands of vulnerabilities and that if code is rewritten with models like Mythos, \u201cwe could be in a better position than we started in because we fixed all these bugs.\u201d\nOn May 3, Treasury Secretary Scott Bessent said that American banks are working to safeguard against AI-related cyberthreats and that he told them that they should take the Mythos model seriously and use it to find holes in their defenses.\n\u201cWhat we\u2019ve had in the past month was a step change in the power of one large language model, but we\u2019re going to see it from the other AI companies, and it\u2019s important that the U.S. stays ahead here,\u201d Bessent said.\n\r\n\r\nThe post Banks Slash Patch Times as Anthropic\u2019s Mythos Exposes Security Gaps appeared first on PYMNTS.com.", "date_published": "2026-05-12T19:52:50-04:00", "date_modified": "2026-05-12T19:52:50-04:00", "authors": [ { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/679fcf5c2ed5358e99e8e23b22e3b5d761e37bdb76fa7b0e13d8ecd9ff01bf88?s=512&d=blank&r=g" } ], "author": { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/679fcf5c2ed5358e99e8e23b22e3b5d761e37bdb76fa7b0e13d8ecd9ff01bf88?s=512&d=blank&r=g" }, "image": "https://www.pymnts.com/wp-content/uploads/2026/05/Mythos-bank-security-1.jpg", "tags": [ "AI", "Anthropic", "banking", "Mythos", "News", "PYMNTS News", "What's Hot", "Cybersecurity" ] }, { "id": "https://www.pymnts.com/?p=3727690", "url": "https://www.pymnts.com/cybersecurity/2026/end-artisanal-hack-how-ai-industrialized-cybercrime/", "title": "The End of the Artisanal Hack: How AI Industrialized Cybercrime", "content_html": "The enterprise software industry has long held on to the traditional assumption that while bugs are common, the expertise to exploit them, particularly at scale, is rare.
The post The End of the Artisanal Hack: How AI Industrialized Cybercrime appeared first on PYMNTS.com.
\n", "content_text": "The enterprise software industry has long held on to the traditional assumption that while bugs are common, the expertise to exploit them, particularly at scale, is rare.\r\n\t\r\n\t\t\r\n\t\r\n\r\n\r\n\t\nThat scarcity has helped keep digital risk manageable, if never fully contained.\nBut a new report from Google published Monday (May 11) is turning that legacy assumption on its head by showing where artificial intelligence is compressing the cost and skill required to turn hacking into a scale business. The report revealed that entire attack chains are increasingly becoming software-defined and executed faster and cheaper than ever before.\nThe result is not simply more hacking. It is the industrialization of hacking.\nGoogle Cloud researchers described what they believe to be the first observed case of an AI-developed zero-day exploit tied to a planned mass exploitation campaign, an event that security analysts inside and outside the tech giant increasingly view less as an isolated milestone than as an early signal of a broader structural transition toward an industrial-scale cyber threat landscape.\nThe key takeaway for enterprise leaders and chief financial officers assessing their firms\u2019 new risk profiles is that nearly the whole tool kit of hacking tasks for fraudsters, including reconnaissance, exploit adaptation, vulnerability discovery, social engineering and more, no longer requires the same degree of specialized human expertise. On top of that, they are all becoming increasingly automatable. This first-principles shift matters because cybersecurity is ultimately an economic system.\nAnd economic systems change rapidly when the cost of production collapses.\nSee also: The Enterprise Security Stack Is Moving to the Edge\nCyber Attacks Shift From Craft Production to Mass Manufacturing\nIn practical terms, the ability for adversarial cyber threat groups to benefit from software-like scale efficiencies means enterprises are confronting a future in which sophisticated attacks are no longer exceptional events. They are becoming operationally routine.\nWhen the marginal cost of generating attacks falls, the volume of attacks rises. The software industry has seen this dynamic repeatedly. Cloud computing reduced infrastructure costs and enabled startup proliferation, while social media collapsed publishing barriers and flooded the information ecosystem with content. Generative AI is now applying the same logic to cyber operations.\nWhile traditional cyberattacks resembled artisanal production, AI has changed the production function for cybercrime. Whereas the compute skill and cost economics once limited high-end offensive capability to a relatively small set of fraudsters, the emerging danger is that AI enables ordinary attackers to operate with previously unattainable efficiency.\nA phishing email no longer needs to be brilliant if millions can be generated and adapted instantly for different industries, executives and geographies. Malware no longer needs to be elegantly engineered if AI-assisted iteration allows attackers to rapidly test variations against defenses.\nThis can ultimately lead to attack surface saturation, where enterprises face a continuous stream of low-cost, semi-customized intrusion attempts generated at machine speed. In this environment, the sheer volume of threats becomes strategically significant even if individual attacks remain imperfect.\nRead also: Cybersecurity\u2019s Hottest New Job Is Negotiating With Hackers\nHow Firms Are Navigating Today\u2019s Industrial-Scale Threat Landscape\nExperienced attackers can still outperform automated systems in complex intrusions, but the threshold for good-enough offensive capability is rapidly dropping as the economics begin to favor persistence at scale.\nFor example, across the credit union (CU) landscape, PYMNTS Intelligence research found that fraud now occurs across the full CU member life cycle, from account opening and onboarding to authentication and transaction activity. CUs must now defend every interaction point rather than a single stage, and 77% of CUs have experienced unauthorized network access in the past year.\nThat does not mean defenders are powerless. AI also offers defensive advantages in detection, anomaly analysis, incident response and threat intelligence. Research from the PYMNTS Intelligence report \u201cThe AI MonitorEdge Report: COOs Leverage GenAI to Reduce Data Security Losses\u201d showed that 55% of companies are employing AI-powered cybersecurity measures.\nStill, in today\u2019s threat environment, cybersecurity strategies increasingly resemble industrial risk management rather than perimeter defense. Few sectors may feel this shift more acutely than cyber insurance, where the existing market was built on actuarial assumptions pricing risk around relatively observable controls, including endpoint security, employee training, patch management, multifactor authentication and incident response maturity.\nThese assumptions look increasingly unstable in an AI-driven threat environment. Firms previously considered moderate risks could suddenly face elevated exposure simply because attackers can now economically target a much broader universe of companies.\nAs AI lowers barriers for attackers, the standard for what constitutes reasonable defense may evolve upward as well. Companies with mature security architectures, strong identity controls, segmented infrastructure and rapid patching capabilities may increasingly resemble low-risk operators in a high-risk economy.\nThe central executive question is no longer whether a company can prevent every intrusion. It is becoming whether the organization can remain operationally resilient in a world where sophisticated attacks become a continuous background condition of doing business.\nFor all PYMNTS AI coverage, subscribe to the daily AI Newsletter.\n\r\n\r\nThe post The End of the Artisanal Hack: How AI Industrialized Cybercrime appeared first on PYMNTS.com.", "date_published": "2026-05-12T17:54:14-04:00", "date_modified": "2026-05-12T17:54:14-04:00", "authors": [ { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/679fcf5c2ed5358e99e8e23b22e3b5d761e37bdb76fa7b0e13d8ecd9ff01bf88?s=512&d=blank&r=g" } ], "author": { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/679fcf5c2ed5358e99e8e23b22e3b5d761e37bdb76fa7b0e13d8ecd9ff01bf88?s=512&d=blank&r=g" }, "image": "https://www.pymnts.com/wp-content/uploads/2026/05/cybersecurity-fraud-AI-software.jpeg", "tags": [ "artificial intelligence", "Cybersecurity", "fraud", "Google", "News", "PYMNTS News", "Security", "software" ] }, { "id": "https://www.pymnts.com/?p=3722267", "url": "https://www.pymnts.com/cybersecurity/2026/google-thwarts-first-ai-generated-zero-day-exploit/", "title": "Google Thwarts First AI-Generated Zero-Day Exploit", "content_html": "Google Threat Intelligence Group (GTIG) said Monday (May 11) that it identified and may have prevented the use of the first zero-day exploit developed with artificial intelligence.
The post Google Thwarts First AI-Generated Zero-Day Exploit appeared first on PYMNTS.com.
\n", "content_text": "Google Threat Intelligence Group (GTIG) said Monday (May 11) that it identified and may have prevented the use of the first zero-day exploit developed with artificial intelligence.\r\n\t\r\n\t\t\r\n\t\r\n\r\n\r\n\t\nWriting in the latest GTIG AI Threat Tracker, which was released Monday (May 11), GTIG said a criminal threat actor planned to use the zero-day exploit in a mass exploitation event, but GTIG may have prevented it with proactive counter discovery.\nAfter identifying the zero-day vulnerability in a Python script that enables the user to bypass two-factor authentication on an open-source, web-based system administration tool, GTIG worked with the impacted vendor to responsibly disclose the vulnerability and disrupt the threat activity, according to the report.\nGTIG said it has \u201chigh confidence\u201d that the threat actor used an AI model to discover and weaponize the vulnerability.\n\u201cAs the coding capabilities of AI models advance, we continue to observe adversaries increasingly leverage these tools as expert-level force multipliers for vulnerability research and exploit development, including for zero-day vulnerabilities,\u201d GTIG said in the report. \u201cWhile these tools empower defensive research, they also lower the barrier for adversaries to reverse-engineer applications and develop sophisticated, AI-generated exploits.\u201d\nOther AI-related threat activity highlighted by GTIC in the report includes AI-augmented development for defense evasion, autonomous malware operations in which models dynamically generate commands, and AI-augmented research and information operations campaigns that generate synthetic media and deepfake content at scale.\nThe report also spotlighted obfuscated LLM access, in which threat actors pursue anonymized access to models to illicitly bypass usage limits, and supply chain attacks in which adversaries target AI environments and software dependencies as an initial access vector.\n\u201cAttackers rarely shy away from experimentation and innovation, but neither do we,\u201d GTIG said in the report. \u201cIn addition to sharing our findings and mitigations with the larger security and AI community, Google employs proactive measures to stay ahead of these constantly changing threats.\u201d\nIn earlier editions of the GTIG AI Threat Tracker, the organization noted a new form of intellectual property theft called \u201cmodel extraction attacks\u201d or \u201cdistillation attacks\u201d and threat actors\u2019 use of AI for not only productivity gains but also \u201cnovel AI-enabled operations.\u201d\nThe International Monetary Fund (IMF) said in a Thursday (May 7) blog post that at a time of rapidly accelerating cyber risk driven by AI, cybersecurity is a core financial stability issue and should be treated as such by policymakers.\n\r\n\r\nThe post Google Thwarts First AI-Generated Zero-Day Exploit appeared first on PYMNTS.com.", "date_published": "2026-05-11T13:55:19-04:00", "date_modified": "2026-05-11T13:55:19-04:00", "authors": [ { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/679fcf5c2ed5358e99e8e23b22e3b5d761e37bdb76fa7b0e13d8ecd9ff01bf88?s=512&d=blank&r=g" } ], "author": { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/679fcf5c2ed5358e99e8e23b22e3b5d761e37bdb76fa7b0e13d8ecd9ff01bf88?s=512&d=blank&r=g" }, "image": "https://www.pymnts.com/wp-content/uploads/2022/01/Google-Cloud.jpg", "tags": [ "AI", "AI risk", "Cybersecurity", "Google", "Google Threat Intelligence Group", "News", "PYMNTS News", "What's Hot" ] } ] }