Canada's financial regulators and major banks gathered Friday for a high-level briefing on emerging cybersecurity threats posed by cutting-edge artificial intelligence models, signalling growing alarm within the financial sector over the security implications of rapidly advancing AI technology.
The Bank of Canada convened members of the Canadian Financial Sector Resiliency Group—a body that includes representatives from the nation's six largest banks, the Toronto Stock Exchange parent company, federal finance officials, and key regulatory agencies including the Office of the Superintendent of Financial Institutions (OSFI)—to discuss potential vulnerabilities and mitigation strategies.
The meeting mirrors urgent action taken by U.S. policymakers earlier in the week, when Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell summoned Wall Street executives for similar discussions about the cybersecurity implications of advanced AI systems like Anthropic's Mythos model.
What's the Concern?
Anthropic's Mythos represents a significant leap in AI capability—the model can identify and exploit vulnerabilities across major operating systems and web browsers with unprecedented sophistication. The technology is so powerful that Anthropic has restricted its release, instead channelling access through Project Glasswing, a controlled testing initiative involving major technology companies and financial institutions like JPMorgan Chase.
"We are in active conversations with institutions to raise awareness, as well as assess this situation and its potential impact on the resilience of the financial system," an OSFI spokesperson stated. "The regulator is engaged with banks on recent developments regarding advanced artificial intelligence models and their potential cybersecurity implications."
Canada's Response
According to sources familiar with the discussions, Friday's meeting was an executive-level information-sharing session rather than a response to any active or imminent cyber threats. However, the gathering underscores deepening concerns among global financial regulators that increasingly powerful AI models could enable a new generation of sophisticated cyberattacks targeting the banking sector.
Canadian banks are walking a delicate line—many are actively deploying AI to identify cost savings and business opportunities, but must simultaneously fortify their defences against emerging threats. Since 2023, OSFI has been evaluating whether Canadian banks and insurers maintain adequate cybersecurity policies, and has issued comprehensive guidelines on technology and cyber risk management.
"OSFI does not plan to issue short-term changes to its existing guidelines in response to this emerging threat," the agency's spokesperson confirmed, adding that the regulator will continue sharing "threat and mitigation information in coordination with the Canadian Centre for Cyber Security and monitor risks accordingly."
The Bank of Canada echoed the measured tone. "The Bank of Canada is aware of this issue. We take cybersecurity very seriously," said Paul Badertscher, a central bank spokesperson.
The Bigger Picture
The coordinated meetings in both Canada and the United States reflect a broader shift in how financial regulators are approaching AI risk. Rather than waiting for incidents to occur, authorities are taking proactive steps to understand vulnerabilities before bad actors can exploit them. Major U.S. banks including Goldman Sachs, Citigroup, and Bank of America are already testing advanced AI models internally—following the same controlled approach as their Canadian counterparts.
For Canadian financial institutions and consumers relying on the security of domestic banking systems, these regulatory efforts signal that the financial sector is taking the challenge seriously, even as the full scope of AI's cybersecurity implications remains uncertain.
This article is based on reporting by Bloomberg and Canadian Mortgage Trends.