Australian Regulator Warns Financial Firms: Move Faster on AI Cyber Threats
Australia's corporate regulator has told the financial sector to accelerate cybersecurity defences as frontier AI systems like Mythos expose new vulnerabilities across banks, insurers, and brokers.
The Australian Securities and Investments Commission published a letter to financial services firms on Friday, warning that cyber practices need stronger safeguards as AI capabilities advance. ASIC Commissioner Simone Constant said preparedness varies widely across Australian financial organisations, and firms must keep pace with rapid AI changes rather than relying on slower 12-month risk review cycles.
Constant told Reuters that ASIC has long expected firms to examine their end-to-end risk profile, including aggregate risks and vulnerabilities. Risks that once fit a 12-month planning horizon might emerge far faster now.
The Mythos Problem
Mythos, an AI system launched by Anthropic under Project Glasswing, has identified many vulnerabilities that existed for years across systems. The system's advanced coding capabilities give it unusual strength in finding cybersecurity weaknesses-raising both defensive and offensive risks.
Macquarie chief executive Shemara Wikramanayake said the bank is running substantial technology programmes to test potential exposure to frontier AI models. She said firms do not simply press a button and locate every weakness. The global risk is that other actors replicate Mythos's capabilities before protections are deployed.
Anthropic is working with major technology companies including Amazon, Microsoft, Nvidia, and Apple through Project Glasswing. Large businesses outside this restricted-access programme must test their own systems and patch exposed areas themselves.
What This Means for Insurers
Frontier AI changes both the frequency and severity assumptions behind cyber risk underwriting. Faster vulnerability discovery, automated exploitation, and weaker control maturity all feed into underwriting, aggregation, claims, and reinsurance decisions.
The warning also raises questions about whether regulators have enough capability to monitor AI-driven risks. Research from the Cambridge Centre for Alternative Finance found that financial institutions are adopting AI at more than twice the rate of their supervisors. Only two in 10 watchdogs reported advanced AI adoption.
This matters for AI for Insurance professionals tasked with assessing how frontier AI changes the risk models they rely on.
What Firms Need to Do Now
Constant said the clock is close to midnight. Financial firms that have not already built cyber resilience need to act now and prepare.
The immediate steps are clear:
- Assess exposed systems for vulnerabilities
- Test defences against frontier AI models
- Patch old vulnerabilities before attackers find them
- Tighten governance before boards and regulators catch up
Constant said ASIC worries about a scenario where an individual, not a state-backed actor, gathers available tools quickly and weaponises them. That threat is not theoretical.
For insurers, understanding how AI for Cybersecurity Analysts changes threat detection and vulnerability discovery is now essential to pricing and underwriting cyber risk accurately.
Your membership also unlocks:
