The Australian Prudential Regulation Authority (APRA) has called on banks, insurers, and superannuation trustees to significantly improve how they manage risks linked to artificial intelligence, warning that current safeguards are not keeping pace with rapid adoption. In a newly published industry letter, APRA highlighted growing concerns that governance, risk management, and operational resilience frameworks are lagging behind the scale and complexity of AI deployment. The regulator’s findings are based on a targeted supervisory review conducted across regulated sectors, which examined how organizations are implementing and overseeing AI technologies.
APRA noted that AI usage is expanding quickly, with many institutions moving beyond experimentation into customer-facing and operational applications. However, governance structures have not evolved at the same rate, creating potential vulnerabilities across financial systems.
The regulator also pointed to emerging risks from advanced AI models such as Claude Mythos, which could accelerate cyberattacks by enabling faster vulnerability discovery and exploit development. This, APRA warned, increases both the speed and scale of potential threats.
Several key gaps were identified. Many boards show strong interest in AI’s benefits but lack the technical expertise required for effective oversight. In addition, some organizations are heavily reliant on a single AI provider, raising concentration risks and exposing weaknesses in contingency planning.
APRA further highlighted limited transparency in AI systems embedded within broader software tools, making it difficult for institutions to fully understand how models are trained or updated. The regulator stressed that AI risks span multiple domains, including cybersecurity, operational resilience, privacy, and procurement, yet many organizations still manage these areas in silos.
Therese McCarthy Hockey, an APRA Member, emphasized that while AI offers significant efficiency and service improvements, organizations must not underestimate its risks. She noted that institutions need to accelerate their ability to detect and address vulnerabilities in line with AI-driven threat speeds. Although APRA is not introducing new regulatory requirements at this stage, it expects firms to close the gap between their use of advanced technologies and their ability to control them. The authority will continue working with government agencies and global regulators to ensure the financial system remains secure and resilient as AI adoption grows.
Recommended Cyber Technology News:
- CommBank Uses AI to Detect Emerging Fraud Patterns
- Bitwarden CLI Supply Chain Attack via GitHub Actions
- Freshfields Expands AI Adoption with Anthropic Collaboration
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
🔒 Login or Register to continue reading
