AI vs AI: Bangladesh’s Banking Sector Enters a New War.

Dhaka, Bangladesh — In the sleek high-rises of Motijheel and Gulshan, Bangladesh’s banking sector is racing ahead with digital transformation. Mobile financial services, online payments, and fintech have brought millions into the formal economy. Yet beneath this boom lies a quieter, more dangerous battle: an AI-powered cyber arms race where attackers are evolving faster than many defenders.

A 2025 study published in the Journal of Computer and Communications, titled “AI-Driven Cybersecurity Challenges in Bangladesh’s Banking Industry,” paints a sobering picture. Led by researchers including Bikash Kumar Saha Roy and colleagues from World University of Bangladesh, along with Aslam Khan from Grand Canyon University, the paper is based on surveys and interviews with professionals from seven major banks (33 survey respondents and broader purposive sampling of 40). It reveals a sector aware of the rising threats but critically underprepared to counter them.

Awareness Without Readiness

More than 60% of banking professionals recognize the growing danger of AI-driven threats, such as adaptive malware, deepfake voice and video scams, sophisticated phishing, and AI-enhanced fraudulent transactions. Yet only 9.1% feel equipped to mitigate them effectively. Just 52% demonstrated strong knowledge of these AI-enabled risks, and only about 40% of banks have adopted AI-powered detection tools.

The talent gap is particularly acute. Only 6.1% of respondents are AI specialists, while 56.3% identified the shortage of skilled personnel as the biggest barrier to implementing stronger AI-driven cybersecurity. Nearly 70% of banks operate with fewer than 50 dedicated cybersecurity staff, leaving teams overworked and smaller institutions especially vulnerable.

“Bangladesh’s banks are not ignoring the problem—they are being outpaced by its complexity,” the study effectively underscores. Larger institutions are pulling ahead with more advanced defenses, but in an interconnected financial system, a breach at one weaker player can cascade into systemic risk.

Shifting Threat Landscape

The 2016 Bangladesh Bank heist—where hackers, later linked to the North Korean Lazarus Group, attempted to steal nearly $1 billion via the SWIFT system and successfully moved $81 million (much of which remains unrecovered)—still casts a long shadow. That attack exploited traditional vulnerabilities and human errors. Today’s threats are subtler and more adaptive.

Cybercriminals now leverage AI for:

Self-evolving malware that bypasses conventional firewalls
Highly convincing deepfake social engineering (impersonating executives or officials)
Precision-targeted phishing and fraudulent transaction schemes
Exploitation of third-party vendor and outsourced IT risks (cited by 40.6% of respondents as a major concern)

The threat model has shifted from simply breaking into systems to manipulating trust, identity, and human behavior at scale. Banks report facing hundreds of cyberattacks daily, with experts warning that only a small portion of the IT budget—sometimes as low as 5%—goes toward cybersecurity.

Where Efforts Are Focused—and Falling Short

The study highlights some positive priorities among respondents:

74.2% emphasize strengthening data protection
48.4% focus on improving threat detection and response
41.9% prioritize workforce training

AI is currently used mainly for fraud detection (around 41%), with growing but limited application in risk management and customer service. However, broader adoption remains constrained by skills shortages, unclear regulations (15.6% of barriers), financial constraints, and rapidly evolving threats. Only 25% of respondents viewed AI as highly effective in addressing operational challenges.

Outsourcing IT infrastructure adds another layer of risk, including data confidentiality and limited control.

Recent Regulatory Steps Offer Hope
Bangladesh Bank has responded to the escalating risks. In March 2026, the central bank issued a comprehensive Cyber Security Framework Version 1.0 (2026), requiring all scheduled banks, mobile financial service providers, and payment operators to implement it by the end of 2026. This aims to address inconsistencies in security measures amid rapid digitization.

Efforts are also underway on the AI governance front, including plans for AI oversight frameworks in banking to manage algorithmic risks, cybersecurity, and transparency. A new Cyber Security Ordinance was gazetted in 2025, and discussions continue around a National AI Policy. The cybersecurity market itself is projected to grow significantly in the coming years.

A National Imperative
Cybersecurity in banking is no longer just an operational issue—it is a matter of economic resilience. The sector underpins trade, remittances, SME financing, and digital inclusion. A major AI-driven breach could erode public trust, disrupt liquidity, and trigger contagion across institutions.

The study and experts recommend a multi-pronged approach:

Build Human Capital: Aggressively invest in talent pipelines, university collaborations, and scenario-based training to close the skills gap. Workforce training is repeatedly highlighted as essential.
Strengthen Regulation: Provide clearer guidelines on AI usage, vendor risk management, and incident response. Align with international frameworks like NIST where appropriate, while strengthening Bangladesh Bank guidelines.
Foster Collective Defense: Develop shared threat intelligence platforms and industry-wide coordination rather than isolated efforts.
Deploy AI vs. AI: Move beyond traditional rule-based defenses to sophisticated, adaptive AI-powered security systems, with continuous auditing and model integrity checks.
Phased, Inclusive Adoption: Especially support smaller banks through partnerships and funding to avoid creating weak links in the system.

The Clock Is Ticking
Bangladesh’s digital banking success story is impressive and transformative. Millions have gained access to financial services that were once out of reach. But this progress sits on increasingly fragile digital foundations if security does not keep pace.

The next major attack is unlikely to mirror the 2016 heist with obvious malware on SWIFT terminals. It may arrive as an algorithm that learns in real time, deceives convincingly, and strikes where defenses are thinnest.

As the 2025 study concludes, Bangladesh’s banking sector must treat AI-driven cybersecurity not as a cost center but as a strategic and national priority. The question is no longer whether AI-armed hackers will test the system—it is whether banks, regulators, and the broader ecosystem can evolve quickly enough to stay ahead in this silent arms race.

The glass towers of Dhaka’s financial district stand tall for now. Ensuring they remain secure will require more than technology: it will demand talent, collaboration, foresight, and urgency.