Regulators say that move has suddenly created serious cyber risk for the country’s largest banks, which rely on cutting-edge AI tools in their defences.
APRA now wants the biggest lenders to open up their most sophisticated cybersecurity capabilities to smaller rivals to avoid weak links across the financial system. The push is framed as a system-wide shield, not a competitive advantage.
Regulatory concern is escalating quickly, with APRA delivering its second major speech on AI-driven cyber threats in two weeks. The authority’s executive board says Australia is clearly moving into a dangerous stage of the AI revolution, where frontier models change the risk equation.
APRA, drawing on advice from domestic and international security agencies, argues that advanced AI now represents a genuine paradigm shift in cyber capability. That assessment underpins its call for coordinated defences rather than fragmented efforts.
Industry unease has been building for weeks as banks assess the impact of next-generation AI tools on their security setups. Lenders have been particularly worried about Anthropic’s latest model, Mythos, and its potential to help criminals probe and bypass digital safeguards at scale.
Institutions are already working on mitigation plans, including rethinking how they test systems, monitor anomalies and control access to sensitive infrastructure. The regulator’s intervention adds pressure to move faster and to treat AI as a core cyber risk, not a side issue.
