The German financial regulator BaFin has warned that advances in AI are significantly increasing cyber risks for the financial sector, and said it plans to step up its technology inspections at banks and other financial organisations as a result.

BaFin president Mark Branson said that companies must prepare for an increase in the number of potential points of attack.

BaFin described cyber risks as both “growing” and “substantial”, warning that financial institutions must accelerate patching cycles and strengthen resilience across legacy infrastructure.

“The new AI models can identify and even exploit many vulnerabilities in IT systems with remarkable speed,” Branson added. Companies “must patch these vulnerabilities far more quickly.”

In response to the threat, the regulator said it is creating a new division focused on conducting targeted “IT spotlight” inspections at financial firms.

According to Branson, the streamlined reviews will allow BaFin to carry out a higher volume of cyber inspections and respond more quickly to emerging threats and incidents than through traditional full-scale supervisory reviews.

“Such ‘IT spotlight’ inspections take far less time than fully-fledged reviews,” he said. “We can therefore complete more of them and thus respond more effectively to current developments and incidents.”

Branson added that the banking sector could afford to increase spending on cyber resilience, describing it as an “urgent and essential investment.”

The warning from BaFin follows similar concerns from the Australian Securities and Investments Commission (ASIC). Last month, the regulator issued an open letter to financial licensees and directors calling for an “urgent” increase in cybersecurity measures to address the threat posed by AI tools.

Alongside the cyber warning, BaFin also highlighted broader financial stability concerns, including growing risks in the private debt market and higher-risk residential mortgage lending in Germany.

The regulator warned that increasing interconnectedness between private debt funds, banks and insurers could create systemic vulnerabilities, particularly as insurers continue to expand their exposure to alternative investments, echoing concerns by the Financial Stability Board earlier in the month.

The watchdog also highlighted increased enforcement activity against unauthorised financial services and cybercrime, revealing it published more than 800 warnings in 2025 relating to fraudulent financial offers and scam platforms.

---