iscover 
In an address following the US government’s decision to order frontier AI company Anthropic to suspend foreign access to its advanced models, APRA executive board member Therese McCarthy Hockey said that the rapid pace of AI development was outstripping the governance, risk management, and operational practices needed to manage it.
However, McCarthy Hockey also said AI itself would be critical to defending Australia’s financial system against the very risks it is creating while calling for greater collaboration across the financial sector.
A growing risk
In her address, McCarthy Hockey said APRA’s concerns had intensified following recent developments in frontier AI, including Anthropic’s announcement that its latest model had surpassed “all but the most skilled humans at finding and exploiting software vulnerabilities”, as well as a joint warning from the Five Eyes cyber security agencies that “the timeline is not years, it is months”.
APRA was now “confident that frontier AI presents a paradigm shift”, McCarthy Hockey said.
“The threat horizon posed by these advanced AI models has moved sharply nearer and will likely bring forward the timeline for correlated threats such as encryption-breaking quantum computers,” McCarthy Hockey said.
The regulator also noted a significant shift in how financial institutions were deploying AI.
According to McCarthy Hockey, organisations had rapidly progressed from experimenting with AI to embedding it into decision-critical and customer-facing functions, including software engineering, claims triage, loan application processing, fraud and scam disruption, and customer interaction.
Many banks are doubling down on their AI investments. Most recently, Commonwealth Bank of Australia added new executive roles to oversee parts of its technology strategy.
Nonetheless, McCarthy Hockey said the industry’s governance frameworks were failing to keep pace.
“The pace of change in the scale, speed, and complexity of AI adoption has been relentless, and what we found is that governance, risk management, assurance and operational practices are not keeping up,” McCarthy Hockey said.
Equally, although businesses were making investments in cyber security, so too were cyber criminals. And due to technological developments, the technological bar for carrying out such attacks was becoming ever-lower.
“AI isn’t simply turbo-charging the ability of cyber adversaries to find vulnerabilities they can exploit; it’s dramatically reducing the level of skill and resources needed to undertake potent cyber attacks,” McCarthy Hockey said.
“The risk is that security teams become overwhelmed trying to patch vulnerabilities and fend off attacks coming faster than ever before.”
Indeed, the warning comes just months after Broker Daily broke the news that fintech platform youX had suffered a major cyber attack, compromising the personal and financial information of almost 500,000 borrowers and bringing cyber-security risks sharply into focus.
While the hackers behind the breach ultimately claimed they would not release the stolen data, the incident prompted renewed concern about the sector’s cyber resilience.
Following the breach, the Mortgage and Finance Association of Australia (MFAA) urged brokers to keep cyber security front of mind, encouraging businesses to strengthen measures such as multi-factor authentication, robust cyber security practices, and cyber insurance.
McCarthy Hockey also said that increasing dependence on a small number of AI providers was creating a new set of risks for financial institutions.
“Frontier AI is not just a cyber risk issue. It’s third-party risk, a concentration risk and a sovereign access risk. A critical business process, control or cyber-defence capability that depends on a single offshore frontier AI model may be disrupted not only by an outage or cyber incident but by a regulatory decision made overseas,” McCarthy Hockey said.
Fighting fire with fire
Despite the concerns, McCarthy Hockey said AI would also become one of the financial sector’s most powerful defensive tools.
She urged organisations not to wait for access to frontier AI models before strengthening their cyber-security posture, instead encouraging them to use AI to identify vulnerabilities and improve resilience before attackers could exploit weaknesses.
Similarly, Australian Securities and Investments Commission (ASIC) commissioner Simone Constant also urged companies not to “wait for perfect clarity to address the threat posed by new AI models”, in an open letter last month.
McCarthy Hockey said: “If AI is the problem, it can also be the solution. As we race to identify and patch vulnerabilities before they can be exploited by bad actors, nothing will achieve this faster than AI – whether frontier models or the advanced models already in circulation.
“By harnessing AI to build the fire breaks we need to keep the flames from spreading, we can fight fire with fire.”
APRA’s warning comes as AI adoption continues to accelerate across financial services, with lenders and technology providers increasingly deploying AI to strengthen their fraud and scam detection abilities.
Collaboration essential
McCarthy Hockey said no organisation would be able to tackle the emerging threat alone, calling for a “Team Australia” approach across the financial system.
She said APRA expected organisations granted early access to frontier AI models to share their knowledge with peers and suppliers in order to bolster the defences of the broader financial system.
“We expect to see organisations granted early access to frontier AI models sharing information and insights with peers and suppliers. Where one institution learns something material about AI-enabled vulnerabilities, model limitations, jailbreak techniques or defensive use cases, the system as a whole benefits when that knowledge is shared quickly and safely,” she said.
She said APRA had already begun holding roundtables alongside ASIC and the Australian Signals Directorate to facilitate the exchange of information between regulators, financial institutions, and major service providers.
“The challenge before us is to act with speed, ambition, and with confidence that, by working together, we can shape these technologies in the interests of a safer and more resilient financial system,” she said.
“The fire is already burning. Our task now is to meet it with the right tools, the right safeguards and the collective resolve to stay ahead of it.”
[Related: Is AI coming for brokers? Industry weighs impact]
Want to see more stories from trusted news sources?Make Broker Daily a preferred news source on Google.