7-minute read | 1,650 words
What to know this week
Bank regulators scale up financial AI oversight.
US banking regulators are increasing their oversight of how lenders are deploying artificial intelligence (AI).
Britain has banned social media for all minors under sixteen.
Prime Minister Keir Starmer has announced plans to ban social media access for all minors under the age of sixteen.
This week's full stories
US regulators are increasing scrutiny over financial AI use.
THE NEWS
On Friday, US regulators announced plans to increase their oversight of how lenders are utilizing AI. Currently, regulators are looking to only increase their observation of the market, with the aim of deepening their understanding of how banks are currently using the technology. One of their key concerns revolves around ensuring that models do not exceed their intended use or access.
Regulators are looking to understand how client data is being handled, if “kill switches" have been deployed, and what vendor relationships look like. Additionally, regulators are also very interested in how banks are utilizing frameworks. More specifically, they are interested in assessing guardrails, human oversight, third-party risk, vendor oversight, subcontractor exposure, and contingency plans.
Alongside increasing their scrutiny of AI, the US Treasury and regulators are also looking to more broadly examine the various cybersecurity risks created by new AI models and how prepared financial firms are to handle these technologies.
At the moment, agencies are not looking to issue new rules to handle AI, but rather are looking to leverage frameworks that include model risk management, consumer protection laws, and third-party risk management.
THE KNOWLEDGE
As financial institutions increasingly adopt AI tools, regulators around the world have begun examining how these systems could introduce new risks into the financial sector. Unlike traditional software, modern AI systems can produce unpredictable outputs, operate with limited transparency, and make decisions based on vast quantities of data. These characteristics create concerns related to bias, privacy, hallucinations, model drift, and the potential misuse of sensitive financial information.
However, these concerns extend beyond how financial institutions deploy AI internally. Regulators are also increasingly focused on how threat actors may leverage the technology to target the financial sector itself.
Earlier this year, the International Monetary Fund (IMF) published their findings on AI’s impacts. IMF analysis found that while advanced AI models could “dramatically reduce the time and cost needed to identify and exploit vulnerabilities,” attackers can also utilize these same tools. The IMF warned that AI could provide attackers with a significant advantage by enabling them to discover and exploit vulnerabilities faster than organizations can patch them.
To address these concerns, the IMF proposed the need to create a “policy response.” One that treats cybersecurity as a core financial stability issue. While current requirements are still critical, the IMF stressed the need to expand to better counter increasingly sophisticated attacks. The IMF called on governments to prioritize robust standards that focus on transmission channels, greater international cooperation, and improve public-private collaboration.
Many of these recommendations align with the current approach being taken by US regulators. Rather than introducing entirely new AI regulations, agencies are focusing on strengthening existing cybersecurity, risk management, vendor oversight, and resilience frameworks while they continue to assess the technology’s evolving impacts.
THE IMPACT
As AI becomes increasingly entrenched in critical infrastructure sectors, issues related to misuse, misconfigurations, and model drift create significant concerns. In the financial sector, these risks extend beyond isolated cybersecurity incidents. Flawed or poorly governed AI systems could result in major incidents, expose private data, or introduce bias into operations. As organizations continue to expand their use of AI, it will be critical to ensure that these systems are transparent, secure, and aligned with their intended purpose will become increasingly important.
While US regulators are not currently pursuing AI-specific rules, their increased scrutiny could be indicative of a stronger wave of AI governance. These efforts could result in stronger oversight, vendor management, cybersecurity controls, and human review processes.
Ultimately, the Treasury’s approach suggests that the next phase of AI oversight may not center on laws, but focus on applying existing cybersecurity and consumer protection methods to handle emerging technologies.
Britain bans social media for kids.
THE NEWS
On Monday, British Prime Minister Keir Starmer announced new plans to ban access to social media for all minors under the age of sixteen. This decision comes after weeks of internal debates about the policy.
With this decision, the Prime Minister plans to begin drafting new regulations to introduce to Parliament before the end of the year. Currently, the government aims to have the ban take effect in early 2027.
At a news conference, Prime Minister Starmer stated:
“I am not prepared to compromise on the safety and happiness of our children, and that is why this ban must happen.”
Prime Minister Starmer also noted that while a ban is not a perfect solution and will not be cost-free, he believed that the ban was “the right choice.”
Alongside restricting access to social media platforms, the government is also considering implementing restrictions on other online spaces such as livestreaming applications and gaming platforms.
THE KNOWLEDGE
This effort follows months of mounting pressure on the British government to rein in social media companies. After conducting several polls, the British government found that 90% of parents who responded backed a minimum age of sixteen ban and that 85% said the risks of social media outweighed the benefits.
Outside of this proposed ban within the United Kingdom (UK), a similar ban was also instituted in Australia. For context, Australia instituted a social media ban for minors under sixteen years old. This ban included Facebook, Instagram, Snapchat, Threads, TikTok, X, YouTube, Reddit, Kick, and Twitch. When assessing these platforms, the Australian government assessed sites on three main criteria:
- Whether the platform’s sole or “significant purpose is to enable online interaction between two or more users.
- Whether it allows users to interact with some or all other users.
- Whether it allows users to post material.
To enforce these bans, Australia is placing ownership on the platforms themselves, requiring them to take “reasonable steps” to keep kids off their platforms and to use multiple age assurance technologies, such as face or voice recognition technologies. If platforms are found to be in violation of these laws, social media companies could face fines of up to 49.5 million Australian dollars for serious or repeated breaches.
THE IMPACT
The UK’s social media ban represents another major step in the global movement to regulate how minors interact with online platforms. While social media companies have relied on parental controls, moderation tools, and safety features, governments are increasingly concluding that these measures are insufficient to address the concerns around mental health, online exploitation, and exposure to harmful content.
Once implemented, the UK's approach would shift responsibility for protecting monitors from parents and users to the platforms themselves. Similar to Australia’s framework, companies would now be required to implement strong age-assurance mechanisms and demonstrate that they are actively working to prevent underage users from accessing these restricted services.
However, age assurance technologies do pose some concerns as many require the collection of additional personal information, creating privacy and security concerns. Critics have also argued that these requirements could create barriers for legitimate users, raising concerns about online anonymity, accessibility, and freedom of expression.
More broadly, the UK’s decision highlights the increasingly difficult balance governments face to better protect children while still preserving access, privacy, and freedom of expression. As more countries consider similar restrictions, the effectiveness of the UK and Australian approaches will likely influence future debates over age verification, platform accountability, and the role governments should play in regulating online spaces.
This Week's Caveat Podcast: A world without Section 702.
Dave Bittner and Ben Yelin sit down to discuss the future of Section 702 and how a German court has ruled against Google. Ben and Dave discuss how, despite its value for law enforcement agencies, lawmakers have elected not to extend the provision, causing a lapse in the legal powers it grants. Additionally, the two look into how a Munich court ruled that Google can now be held liable for false statements generated by its AI Overviews.
OTHER NOTEWORTHY STORIES
Google to challenge German ruling.
What: Google plans to appeal a recent ruling that found the company legally liable for its AI Overviews.
Why: On Friday, Google announced that it would appeal a recent ruling issued by a Munich court. In the original ruling, the judge found that Google was legally liable for false claims appearing in its AI Overviews.
A Google spokesperson commented on the ruling in an email, writing:
“This case focuses on specific and narrow errors, not the foundational way AI Overviews display web content. We disagree with the ruling and plan to appeal.”
JUNE 12, 2026 | Source: Reuters
Chinese-linked hackers targeted research facilities.
What: Google found evidence that Chinese hacking groups have been stealing key research data for over a year.
Why: On Monday, Google’s Threat Intelligence Group announced that it found evidence that Chinese-linked hackers have been stealing critical data from US and Canadian academic, medical, and military research institutions. According to Google, hackers have been seeking information between September 2023 and November 2025. These hackers reportedly targeted data related to defense, military strategies, AI, unmanned vehicles, medical research, and cyber warfare programs.
For compromised organizations, Google announced that it had notified impacted targets.
JUNE 15, 2026 | Source: Reuters
The US takes action against Anthropic
What: Commerce Secretary Howard Lutnick took action against Mythos and Fable AI after concerns that it could be abused by malicious foreign actors.
Why: On Monday, US Commerce Secretary Lutnik sent a letter to Anthropic CEO Dario Amodei ordering the company to suspend exportations of models to worldwide locations. These demands follow concerns that foreign actors, such as Russia or China, could use the model and create unacceptable risks.
More specifically, the government told the company that it was concerned about a potential “jailbreaking” method that could be exploited by nation-state actors.
JUNE 15, 2026 | Source: Reuters
