Law360 (May 8, 2026, 10:49 PM EDT) -- Artificial intelligence is "significantly transforming" the cybersecurity threat landscape for banks while also presenting opportunities to help defend against those heightened risks, according to a new report from the Office of the Comptroller of the Currency.

The OCC said in its Semiannual Risk Perspective report, released Thursday, that AI can be used to facilitate fraud rapidly, and the technology is lowering the barrier to entry for threat actors while increasing the speed, scale and sophistication of cyberattacks against financial institutions.

But the regulator said banks can also use AI to defend against threats and support risk management and monitoring processes, pointing to "increasingly advanced AI tools coming into the market to assist with cybersecurity functions."

"A sound understanding of the potential benefits and possible risks associated with these advanced tools can be important for cyber risk management," the report reads. "Banks continue to face challenges from both the elevated levels and rising sophistication of fraud and scams."

The OCC said it supports banks implementing AI to make the financial system more modern and ensure competition among banks of all sizes, noting generative and agentic AI in particular can help banks automate and improve core operational and customer service work.

Banks are taking a "measured approach" in adopting those kinds of AI, generally maintaining guardrails and ensuring humans are involved in workflows to manage risk, the report notes. The OCC has found use cases primarily in the areas of productivity and customer experience enhancement, but the regulator said banks "may consider expanding their use of genAI and agentic AI for material financial decisions."

Those more advanced forms of AI pose challenges, including "lack of explainability, data privacy and data poisoning issues, cybersecurity threats, and validation challenges where industry approaches are evolving," per the report, which also said appropriate governance and risk management are essential for risk mitigation.

"The OCC supports banks' efforts to integrate AI into core functions, while managing the risk in a safe and sound manner and in compliance with applicable laws and regulations," the report reads.

The OCC, Federal Deposit Insurance Corp. and Board of Governors of the Federal Reserve System plan to issue "in the near future" a request for information on model risk management with regard to banks' use of AI, the OCC said.

"The OCC is also actively reviewing supervisory expectations, guidance, and regulations to ensure that innovative opportunities are available to all OCC-supervised banks, rather than only a few, that wish to take advantage of AI," the report reads.

Federal Reserve Vice Chair for Supervision Michelle Bowman recently called for an assessment of whether the regulator's AI-related supervisory guidance is "fit for the future." She told an audience at the Financial Stability Oversight Council roundtable event on May 1 that the Fed's recently amended model risk management guidance applies narrowly to traditional models and basic AI applications, but not generative or agentic AI.

"Going forward, we expect other risk-management and governance practices to support adoption of generative and agentic AI in ways that will encourage ongoing innovation," Bowman said.

--Editing by Emily Kokoll.

For a reprint of this article, please contact reprints@law360.com.