Amid sky-high levels of fraud and financial crime, and the as-yet unknown real-world impacts of Anthropic’s Claude Mythos, the inaugural UK Financial Services Security Hackathon has brought together representatives of UK banks, fintechs, software and technology companies, and regulators for a security competition testing incident readiness, decision-making under fire, and skill at defending financial infrastructure against cyber attack.
A total of 33 two-strong teams representing 16 organisations took part in the competition, hosted by Lloyds Banking Group, Google Cloud Security, and penetration testing and vulnerability discovery experts Hack The Box.
“This event demonstrated how simulated real-life exercises help organisations strengthen defensive capabilities, improve readiness under pressure, and build stronger collaboration across the wider financial services ecosystem,” said Lloyds Banking Group chief security officer Matt Rowe.
“In a highly connected sector, resilience depends not only on individual organisations, but on how effectively we prepare and respond together.”
Hack The Box chief operating officer Nikos Fountas added: “Cyber security is not just about what teams know, it is about what they can do when it matters most. Exercises like this move organisations from static training to proving real-world readiness. They prepare security professionals, test judgment under pressure, and benchmark performance against peers across the industry.”
The contest itself saw participants tackle challenges in areas such as web vulnerability exploitation, digital forensics, OSINT investigations, cryptography and payment systems security, and vulnerability discovery.
The organisers said the hackathon also highlighted how important measurable cyber readiness is in the financial sector, where highly interconnected systems, ever-evolving threats, and rapid incident escalation mean that how cyber pros perform in the earliest stages of a cyber incident can be critical.
And reflecting the advent of Anthropic’s Claude Mythos frontier AI model, which may yet be a game changer in terms of vulnerability discovery and exploitation, and its potential impact on the financial services sector, the challenges also reflected the role of AI in both offensive and defensive capacities, with teams combining their own technical cyber expertise with emerging capabilities.
The AI question, and more specifically the value of human expertise in security, was underscored by the eventual winners of the contest, Nine Lives With Zero Days – comprising a machine learning expert and a senior pen tester.
Although AI can clearly speed-up repetitive, or well-defined and scoped tasks, real-world cyber defence work cannot be bound by such simplistic definitions, said the organisers. It relies instead on factors such as context, judgment, adaptability, and the ability to navigate many possible pathways. Moreover, hands-on security experience is vital to build the instincts and decision-making abilities that AI will never truly have.
Fountas said: “As AI becomes more capable, the human element is still critical. It is much like chess. Although machines can outperform humans, people continue to study and play because the value lies in the thinking process – the pattern recognition, creativity, and decision-making. In cyber security, it is these instincts and the ability to make the right decisions under pressure that ultimately strengthen resilience.”
The winning team said they were both “shocked and thrilled” to win at the end of a challenging two days.