Introduction
In its December 2025 Financial Stability Report, the Bank of Mexico (Banxico) explicitly incorporates artificial intelligence (AI) into its cybersecurity risk assessment for financial stability. The report highlights that cyberattacks are a primary challenge due to their frequency, impact, and sophistication, with two rising trends increasing the risk: ransomware-as-a-service and AI techniques used by criminal groups.
Cybercriminal Groups’ Escalating Capabilities
Banxico explains that, in 2025, cybercriminal groups have enhanced their capabilities by forming alliances and combining tools to maximize the impact of their attacks. The report mentions targeted phishing campaigns against financial institutions and their clients, as well as the use of AI to develop or optimize malicious code and breach commonly used computer platforms.
Interconnectedness and Transactions
The bank’s diagnosis focuses on the transactional infrastructure. According to the document, cybercriminal groups’ activities have allowed them to compromise computer systems within Mexico’s financial sector, including electronic transfer and cash withdrawal services at ATMs.
This puts operational continuity at risk and opens the door to episodes of mistrust if an incident affects a systemic player or spreads through technology provider networks.
Banxico also frames the risk in the economy of interconnectedness. A successful attack against a systemically important institution could disrupt essential services, affect public confidence, and have economic and reputational implications. The high degree of connection between intermediaries and third-party service providers means the shock could spread widely. Therefore, the report warns that institutions and authorities “continuously adapt” security measures in an evolving environment.
Attacks on Technology Supply Chains
The Banxico report identifies another growing concern: the increase in attacks on technology supply chains. The bank observes a rise in cyberattacks targeting technology companies offering products and services to the financial sector, aiming to steal customer login credentials for fraudulent activities.
As of the report’s date, Mexican financial institutions have deployed response mechanisms that have prevented direct impacts on institutions or clients.
The geopolitical context is also considered. Banxico states that, along with other financial authorities, it monitors cyberattacks originating from conflicts that could trigger events on critical infrastructure.
Yellow Alert Level
The report maintains the alert level for Mexico’s financial sector at “yellow,” primarily because no changes are observed in patterns attributable to these conflicts. However, Banxico asserts it continues monitoring threats and promoting protection and response schemes.
Operationally, the report records that, by late June and August 2025, financial institutions reported three cyber incidents addressed by the Group of Response to Sensitive Information Security Incidents (GRI) according to protocols without reported economic impacts on clients.
During the same period, authorities, through the GRI, issued four cyberintelligence bulletins with technical information for institutions to strengthen protection strategies and prevent observed attacks in other entities.
Banxico emphasizes preparedness exercises. The document indicates that, in September 2025, Banxico coordinated a cyberresilience exercise with GRI authorities, the Federal Public Prosecutor’s Office, and three institutions from the same financial group to assess detection, analysis, containment, eradication, and remediation capabilities of a cyberattack, including potential escalation to financial stability responsibilities.
Payments Infrastructure
Banxico reports on the status of its critical payments infrastructure. The bank explains that, in the second half of 2025, improvements were made to strengthen SPEI and SPID security, and continuity exercises with participants continued. Banxico also assured that, in the third quarter of 2025, it had no incidents in its technological infrastructure operating payment systems, which did not interrupt services due to incidents.
Banxico’s message is dual. On the one hand, there are measurable improvements in cybersecurity and coordination; on the other, the risk becomes more dynamic as attackers industrialize capabilities, including AI, to accelerate campaigns, fine-tune malware, and exploit shared platforms.
Key Questions and Answers
- What is the main concern raised by Banxico in its report? Banxico’s primary concern is the escalating capabilities of cybercriminal groups, including their use of artificial intelligence (AI), which poses a significant threat to financial stability.
- How do cybercriminal groups enhance their capabilities? They form alliances, combine tools, and use AI to develop or optimize malicious code and breach computer systems within the financial sector.
- What is the impact of these attacks on the financial sector? These attacks put operational continuity at risk, open the door to mistrust episodes, and could disrupt essential services if a systemically important institution is targeted.
- What other concern does Banxico highlight in its report? Banxico also warns about the increasing attacks on technology supply chains, aiming to steal customer login credentials for fraudulent activities.
- What is the current alert level for Mexico’s financial sector? The alert level remains “yellow,” indicating continuous monitoring of threats and promotion of protection and response schemes.
- What measures has Banxico taken to address these threats? Banxico has coordinated cyberresilience exercises, issued cyberintelligence bulletins, and reported on improvements in its critical payments infrastructure.
