Australia’s regulator concerned with financial stability has warned that the country’s financial institutions need to do more to keep their security practices up to date with emerging threats such as hackers’ use of advanced AI models, echoing concerns in other countries.
In a letter to banks and other financial firms, the Australian Prudential Regulation Authority (APRA) highlighted findings from a supervisory review last year and said IT security practices are not keeping pace with advances in technology.
Automated hacking
These include Anthropic’s Claude Mythos model, which has shown an aptitude for rooting out flaws in widely used software and chaining them together to make advanced attacks, APRA said.
Such technologies could be used by bad actors to increase the “probability, speed and scale of cyber attacks”, the letter said.
It said it is finalising a forward plan around supervising AI risks, and would continue to monitor such risks to decide whether further policy action may be needed.
AI risk
The regulator earlier met with large Australian banks to discuss risk concerns spurred by Anthropic’s disclosures around the Mythos model, which remains accessible to only a few organisations.
At the meetings APRA discussed issues such as banks’ ability to shut down customer-facing systems during trading hours should it need to rapidly fix security flaws, the Australian Financial Review reported, citing unnamed people who attended the meetings.
