Financial regulators race to harness AI for cybersecurity as threats accelerate

Regulators across the globe are facing mounting pressure to rapidly embrace artificial intelligence as a defensive weapon against accelerating cyber threats targeting the financial system. Marlene Amstad, president of Switzerland's FINMA and chair of an international supervisory technology forum, has warned that banks and their watchdogs must move decisively to implement new technologies or risk leaving critical vulnerabilities exposed. The stark reality confronting the financial sector is that traditional security measures are becoming obsolete as attackers exploit increasingly sophisticated tactics, making the deployment of AI-driven detection systems not merely advantageous but essential.

Amstad's comments follow an initial hackathon where supervisors collaborated to prototype new regulatory tools, signalling a fundamental shift in how financial authorities approach cybersecurity. The challenge facing regulators is multifaceted: malicious actors are accelerating their attack cycles, forcing institutions to patch software flaws at unprecedented speeds just to maintain defensive parity. Without AI augmenting their capabilities, traditional regulatory oversight cannot keep pace with the velocity and complexity of modern threats. This technological arms race has created an uncomfortable reality where regulators themselves must become sophisticated users of artificial intelligence to effectively monitor the institutions they oversee.

The scope of this regulatory initiative extends beyond individual jurisdictions. FINMA has been instrumental in establishing a dedicated forum within the International Organization of Securities Commissions, the body that sets standards for market regulation globally. This collaborative structure gives the effort considerable reach, with participating regulators collectively overseeing approximately 95 per cent of worldwide financial markets. The international dimension reflects recognition that cybersecurity threats respect no borders, and fragmented regulatory approaches would leave gaps that sophisticated attackers could exploit. By coordinating through established multilateral structures, authorities are attempting to create coherent standards that prevent regulatory arbitrage and competitive disadvantages among jurisdictions.

The practical work of building these tools came into focus during the week-long hackathon, where roughly 100 policy specialists and technology experts convened to jointly develop AI-powered supervisory instruments. Notably, cryptocurrency market supervision emerged as an initial focus area, highlighting concern that digital asset markets—often characterised by lighter-touch regulation and rapid innovation—may harbour particular vulnerabilities. The hackathon model itself represents an evolution in regulatory practice, borrowing agile methodology from the technology sector to accelerate development and testing of solutions rather than relying on traditional rulemaking timelines.

Among the emerging possibilities Amstad highlighted is the direct embedding of safety mechanisms into digital asset systems themselves. Rather than attempting to monitor problems after they emerge, this approach would build protective features into the underlying infrastructure. Such architectural safeguards could prove particularly valuable in decentralised finance and blockchain environments where traditional supervision encounters structural limitations. This represents a sophisticated understanding that regulation increasingly cannot remain external to systems but must become integrated into their design from inception.

The urgency intensified following revelations about vulnerabilities exposed through advanced AI models. Amstad specifically referenced experience with Anthropic's systems, which have uncovered operational risks and security gaps previously difficult to detect. These discoveries have underscored that artificial intelligence itself, despite its protective potential, introduces novel safety and accountability challenges within financial institutions. The dual-use nature of AI—simultaneously a defensive tool and a potential attack vector—complicates the regulatory calculus considerably.

Geopolitical tensions surrounding AI development have further complicated regulatory response strategies. The United States government recently ordered Anthropic to halt exports of its latest AI models, citing national security concerns that reflect broader anxieties about artificial intelligence capabilities concentrating among rival powers. Simultaneously, Chinese cybersecurity firm 360 Security Technology announced development of a domestically produced alternative to these systems. These restrictions create complications for Switzerland and other jurisdictions seeking to maintain access to cutting-edge technology necessary for effective supervision, particularly as regulatory capabilities increasingly depend on utilising the most advanced available tools.

Amstad emphasised that Switzerland must preserve access to the most sophisticated AI models available to financial regulators, framing this access as critical infrastructure for maintaining robust supervision. This positioning reflects a sophisticated argument that technological isolation would paradoxically weaken security by depriving authorities of tools necessary to identify threats. The tension between legitimate security concerns about AI exports and the regulatory requirement for advanced capabilities creates policy dilemmas that will intensify as geopolitical competition around artificial intelligence deepens.

For Southeast Asian financial regulators and institutions, these developments carry significant implications. The region's rapid digital adoption and growing importance in global finance mean cybersecurity defences must evolve accordingly. As major financial hubs like Singapore and Malaysia deepen their fintech ecosystems, exposure to sophisticated attacks increases proportionally. Adopting AI-powered supervisory tools, whether through regional coordination or bilateral partnerships, will likely become necessary to maintain confidence in financial systems and attract international capital flows. The international IOSCO framework provides an avenue through which regional regulators can participate in sharing tools and best practices developed through initiatives like FINMA's, potentially accelerating capability development across Asia-Pacific jurisdictions.