Global financial regulators race to harness AI for cybersecurity as threats accelerate

Financial regulators across the globe are entering a critical race against time to deploy advanced artificial intelligence systems before hackers weaponize the same technology against the banking sector. Marlene Amstad, the president of Switzerland's Financial Market Supervisory Authority (FINMA) and chair of a nascent international supervisory technology forum, warned that delays in technological adaptation could expose the entire financial system to unprecedented vulnerability. Speaking to media following an inaugural hackathon designed to build regulatory AI tools, Amstad emphasized that institutional caution must give way to urgency as malicious actors accelerate their own digital capabilities at an exponential pace.

The convergence of two powerful forces—artificial intelligence capabilities expanding rapidly and cybersecurity threats intensifying simultaneously—has created what financial leaders describe as a critical juncture for institutional resilience. Recent deployments of AI-powered vulnerability detection systems have revealed troubling patterns: cyberattacks are occurring with greater frequency and sophistication, while the underlying risks to national security grow increasingly apparent. Banks and financial institutions face mounting pressure to identify and patch software weaknesses before adversaries can exploit them. The traditional timeline for security updates, measured in weeks or months, no longer suffices in an environment where artificial intelligence can accelerate the discovery and exploitation of system flaws.

FINMA has positioned itself as a catalyst for coordinated international action by helping to establish a specialized forum within the International Organization of Securities Commissions, the primary body responsible for setting standards that guide market regulators covering approximately 95 percent of global financial markets. This multilateral approach recognizes that cybersecurity in finance cannot be solved through isolated national efforts; rather, threats and solutions cross borders seamlessly in digital networks. The forum's creation reflects a strategic acknowledgment that regulatory technology adoption requires coordinated movement across jurisdictions to prevent competitive disadvantages and ensure consistent protection standards throughout interconnected financial systems.

The practical expression of this collaborative commitment materialized during the week's inaugural hackathon, which convened roughly 100 specialists combining policy expertise with technical knowledge. These participants worked in parallel to design and prototype tools specifically intended for supervising cryptocurrency markets, an area increasingly central to financial system stability given the rapid growth of digital asset trading. Beyond immediate cryptocurrency supervision, regulators are exploring more ambitious safeguarding strategies, including the possibility of embedding protective mechanisms directly into the architecture of digital asset systems themselves. This approach would represent a fundamental shift from traditional post-deployment monitoring toward built-in resilience.

Amstad highlighted real-world incidents that have underscored both the urgency and complexity of the regulatory challenge. Experience with advanced AI models, including systems such as Anthropic's Mythos platform, has revealed operational vulnerabilities and risks that earlier generations of technology assessment failed to anticipate. These discoveries have raised pressing questions about safety protocols and accountability frameworks for artificial intelligence systems deployed within financial institutions. The gaps exposed by these incidents demonstrate that even sophisticated institutions may lack adequate safeguards when integrating cutting-edge technology into mission-critical operations.

The geopolitical dimensions of AI regulation have sharpened considerably following actions by the United States government. This month, U.S. authorities ordered Anthropic to halt exports of its latest generation AI models, including both Mythos and Fable systems, citing national security concerns. The decision reflects growing anxiety within security establishments about the weaponization of advanced AI capabilities and the concentration of technological power among a limited number of firms. Simultaneously, Chinese cybersecurity firm 360 Security Technology announced successful development of a domestically produced alternative to Mythos, signaling that technological competition around AI development is intensifying even as regulatory frameworks remain underdeveloped.

Swiss regulators face a particularly delicate balance between protecting national financial institutions and maintaining access to the world's most advanced technological capabilities. Amstad stressed that Switzerland must retain the ability to incorporate leading-edge AI models into its regulatory toolkit, arguing that exclusion from frontier technology would handicap financial supervision precisely when advanced tools are most essential. This tension between security restrictions and innovation access reflects a broader challenge confronting all advanced economies attempting to balance geopolitical security interests against the practical necessity of technological leadership.

The role of artificial intelligence in hardening financial systems before deployment emerges as a critical strategic insight from regulatory discussions. Rather than waiting for breaches to reveal vulnerabilities, financial institutions increasingly recognize that AI systems can stress-test and strengthen defenses proactively. This shift toward offensive security—using AI to discover and eliminate weaknesses before adversaries find them—represents an evolution in how the industry conceptualizes risk management. The approach acknowledges that traditional defensive postures, which typically respond to threats after they materialize, have become inadequate in an environment where threat actors operate at machine speed.

The implications for Southeast Asia and Malaysia are substantial. As regional financial centers increasingly integrate with global markets and digital assets gain adoption across the region, local regulators will face mounting pressure to develop equivalent AI-powered supervision capabilities. The international forum's work provides a template, but each jurisdiction must adapt these approaches to local market structures and regulatory frameworks. Malaysian financial authorities monitoring this international development should recognize that early adoption of supervisory AI tools could position the country as a regional hub for secure digital asset trading and innovation.

The broader context reveals that financial regulation is fundamentally transforming in response to technological acceleration. The hackathon format itself—bringing together diverse expertise to rapidly prototype solutions—signals that regulators recognize the limitations of traditional rule-making timelines. When hackers can exploit newly discovered vulnerabilities within hours, regulatory processes that took years to complete become obsolete. This compression of decision-making timelines represents one of the most disruptive changes in institutional governance, forcing organizations accustomed to deliberation to embrace rapid experimentation.