By Scott Murdoch
SYDNEY, April 30 (Reuters) – Australia’s financial system regulator said on Thursday the country’s banks were not keeping pace with AI industry developments, warning frontier AI systems such as Anthropic’s Mythos had the potential to lead to larger and faster cyber attacks.
In a letter to banks, the Australian Prudential Regulation Authority (APRA) said most of the industry’s information security practices were struggling to match the rate of change in AI.
The regulator said the speed of AI development could pose a growing threat to Australia’s financial services.
“It also warns frontier AI models such as Anthropic’s Claude Mythos, which could enhance the discovery of vulnerabilities by bad actors, are expected to further increase the probability, speed and scale of cyber attacks,” APRA said in a statement referencing a review that it had conducted.
Anthropic did not immediately respond to a Reuters request for comment.
Potential risks posed by Mythos, which has high-level coding capabilities, have given it a potentially unprecedented ability to identify cybersecurity vulnerabilities, experts have warned.
Anthropic has launched Claude Mythos Preview under Project Glasswing, a tightly restricted access programme that includes major technology firms such as Amazon, Microsoft, Nvidia and Apple.
“APRA has heard clear recognition from regulated entities of the need for a step change in cyber practices and a continuing uplift in capabilities to protect IT assets in an evolving threat environment,” it said.
BILLIONS INVESTED EACH YEAR
Australia is working with software providers including Anthropic over potential cybersecurity vulnerabilities, a spokesperson for Home Affairs Minister Tony Burke said last week.
APRA said its industry consultation had found banks were relying too heavily on AI model presentations and summaries from vendors without considering the risks that could emerge.
“APRA observed many boards are still developing the technical literacy required to provide effective challenge on AI-related risks and oversight,” the letter said.
The regulator said while banks already had strict security procedures in place, some were not engineered to keep pace with the development of AI.
The Australian Banking Association Chief Executive Simon Birmingham said banks were constantly assessing their cyber risk settings and were well positioned to respond to emerging AI technologies.
“Australian banks maintain strong cyber security defences, investing billions each year to ensure their systems remain secure and can shield against potential threats,” he said.
Separately, ratings agency S&P Global said on Thursday AI would affect the credit standing of Asia Pacific financial institutions over the next one to five years.
It said most banks in the region had large technology budgets that would help mitigate any negative impacts and AI could help reduce costs.
But the impact across the region’s broader financial services sector might be uneven.
(Reporting by Kumar Tanishk in Bengaluru; Editing by Tasim Zahid and Muralikumar Anantharaman and Kate Mayberry)
Comments