Financial Regulators Racing to Deploy AI Tools Against Mounting Cyber Threats

Switzerland's top financial regulator is warning that the banking sector faces a critical race against time as artificial intelligence amplifies cyber vulnerabilities across the global financial system. Marlene Amstad, president of the Swiss Financial Market Supervisory Authority (FINMA) and chair of an international supervisory technology forum, emphasises that financial institutions and their regulators must accelerate adoption of sophisticated technology platforms to identify and neutralise emerging digital threats before malicious actors can exploit them at scale.

The urgency of this challenge has crystallised around a troubling reality: as cybercriminals harness AI capabilities to launch faster, more sophisticated attacks, traditional reactive approaches to security have become inadequate. Banks cannot afford to wait weeks or months to patch known vulnerabilities in their systems when adversaries armed with machine learning algorithms can probe defences and execute breaches in days or hours. Amstad articulated this fundamental shift plainly, noting that financial institutions must dramatically accelerate their vulnerability patching processes to maintain any meaningful security posture in an AI-accelerated threat environment.

Recognising this existential challenge, FINMA has taken the lead in establishing an international coordination mechanism designed to rapidly disseminate AI-powered security tools across the global regulatory apparatus. Working through the International Organization of Securities Commissions, which sets standards for the 95 percent of global financial markets that fall under its members' jurisdiction, FINMA championed the creation of a dedicated forum focused specifically on supervisory technology adoption. This institutional approach signals that financial regulators understand they cannot address AI-driven cyber risks in isolation; the interconnected nature of global financial markets means that vulnerabilities in one jurisdiction create cascading risks everywhere.

To translate this regulatory vision into concrete progress, FINMA convened approximately 100 policy specialists and technology experts for a hands-on hackathon designed to collaboratively develop practical supervisory tools. Rather than debating principles or commissioning lengthy studies, the regulator opted for rapid prototyping and iterative development, reflecting the accelerated pace at which cyber threats evolve. The initial focus centred on building detection and oversight mechanisms specifically tailored to cryptocurrency markets, which have historically suffered from regulatory gaps and remain attractive targets for sophisticated cybercriminals seeking to exploit compliance weaknesses.

Amstad revealed that regulators are exploring innovative approaches that would fundamentally reshape how digital asset systems operate, potentially embedding security safeguards directly into the underlying infrastructure rather than bolting them on as afterthoughts. This architectural rethinking represents a significant departure from traditional regulatory practice, which typically focuses on monitoring and corrective action after problems emerge. By contrast, preventive security integration could substantially reduce the window of vulnerability that exists between the discovery of a threat and institutional response.

The international financial sector's vulnerability to AI-enhanced cyberattacks has been starkly illuminated by recent experiences with frontier AI models. Testing and deployment of systems such as Anthropic's Mythos AI have exposed operational risks and security gaps within financial institutions that were previously hidden or underestimated. These vulnerabilities, once identified, have triggered immediate national security concerns among governments acutely aware of how critical financial infrastructure damage could ripple through their economies and undermine national sovereignty.

This concern has already manifested in concrete policy action. The United States government moved this month to restrict exports of Anthropic's most advanced Mythos and Fable AI models, citing national security implications of allowing potentially hostile nations to access cutting-edge AI capabilities that could be weaponised against financial systems or other critical infrastructure. This export control decision underscores how thoroughly security considerations have become intertwined with questions of technological competition and geopolitical advantage in the AI era.

The American restrictions have simultaneously created space for alternative solutions to flourish in other markets. Chinese cybersecurity firm 360 Security Technology announced that it has successfully developed a domestically produced alternative to Mythos, potentially offering Chinese financial institutions and other nations within Beijing's orbit access to comparable AI capabilities without reliance on American technology providers. This development illustrates how national security restrictions on AI exports generate incentives for technological self-sufficiency and fragmentation of the global AI ecosystem.

For Switzerland and other smaller financial centres, this geopolitical fragmentation of AI technology presents a distinct dilemma. Amstad has explicitly argued that Switzerland must retain unimpeded access to the world's most sophisticated AI models if Swiss financial institutions and regulators hope to maintain competitive parity in cybersecurity. A scenario in which different regions possess different generations of AI technology would inevitably create disparities in security sophistication, potentially making some markets more vulnerable than others. Switzerland's position as a global financial centre depends on maintaining its reputation for stability and security, making access to frontier AI tools a matter of strategic importance.

Beyond the geopolitical considerations, Amstad articulated a forward-looking vision in which AI will play a fundamental role in hardening financial systems before they are released into production environments. Rather than viewing AI solely as a threat, regulators increasingly recognise that properly deployed AI can serve as a force multiplier for security, enabling rapid identification of vulnerabilities during development and testing phases. This proactive stance marks a conceptual shift from reactive regulation toward anticipatory risk management, aligned with how leading technology companies themselves approach security challenges.

The initiatives unfolding through FINMA and the international regulatory community represent an acknowledgment that traditional regulatory tools and human expertise, while still essential, are insufficient for the pace and complexity of modern financial cyber threats. By coordinating on AI adoption, regulators hope to compress the timeline between threat emergence and institutional response, ultimately shifting the strategic advantage back toward defenders. Success will require sustained investment, international coordination despite mounting geopolitical tensions, and willingness to embrace new operational paradigms for financial oversight. For Southeast Asian regulators and financial institutions watching these developments, the implications are clear: the race to secure financial infrastructure through advanced technology is already underway, and the window for catching up is rapidly closing.