Ready, set, resilience: Reassessing cyber resilience in the AI era

Written by a human

Artificial intelligence (AI) development has gone pedal to the metal, reshaping how financial organizations operate. What started as simply using AI tools for administrative task automation has evolved into the use of advanced generative models across workflows, from data analysis to communications monitoring.

With the developers of frontier AI models like Claude Mythos announcing that their systems can identify and exploit security gaps in any major operating systems, how can firms fortify and modernize their resilience safeguards to stay ahead in a fast-evolving threat landscape?

Authorities worldwide call for stronger cyber defenses

Across the industry, regulators and authorities are issuing statements about the unprecedented capabilities that AI models such as Anthropic’s Claude Mythos or GPT 5.5 introduce. The Australian Securities and Investments Commission (ASIC) issued an open letter to the industry, which emphasized how advanced models are magnifying the global risk environment and “marking a significant shift in the cyber threat landscape.”

The U.K. Government’s Department for Science, Innovation & Technology is also imploring businesses to boost their cyber resilience by signing up for a cyber resilience pledge. This pledge outlines three actions that teams can take to build their defenses, such as making cybersecurity a boardroom priority, signing up for an Early Warning Service from the Cyber Security Centre, and mandating a Cyber Essentials certification across supply chains.

These authorities have highlighted how frontier AI systems offer accelerated capabilities and increased accessibility, which “lowers the barrier” for cybercriminals to breach systems. Whereas certain forms of exploitation might have been harder to carry out in the past, smarter models can identify vulnerabilities and execute attacks at a new speed and scale.

Within ASIC’s letter, Commissioner Simone Constant encouraged firms to act with urgency and reexamine their resilience foundations before threats get out of hand:

“Do not wait for perfect clarity to address the threat posed by new AI models. Instead, act now, and act with discipline, to strengthen the cyber resilience fundamentals that underpin your business.”

The U.K. Government echoed this sentiment in its press release, underscoring that long-standing cyber protections will not hold up against sophisticated attacks. Instead, organizations need to implement proactive controls:

“Traditional cyber protections alone are no longer enough. As AI accelerates the pace and scale of cyber-attacks, organizations must now invest in smarter, more resilient systems that can limit the impact of breaches and keep ahead of attackers – rather than constantly reacting after the damage is done.”

AI models are advancing faster than regulators, and firms can establish fixed compliance frameworks, making governance a constantly moving target. At the same time, many firms have already begun integrating advanced AI tools into their workflows, making it critical to balance adaptable oversight with a forward-looking business strategy.

If firms wait either for comprehensive regulatory guidance before adopting AI, or to modernize the systems they need to manage AI-related risk, they could well create more issues than they avoid.

Need for speed, but stay on the compliance track

Regulators globally seem to be competing to lead in the AI space and are encouraging the adoption of innovative technologies to benefit business operations. U.S. regulators like the Securities and Exchange Commission (SEC) and Federal Deposit Insurance Corporation (FDIC) have referenced AI’s ability to advance the market as well as help fight against financial crime.

The Federal Reserve’s (Fed) Vice Chair for Supervision, Michelle W. Bowman, weighed in on the evolving cyber risks posed by advancing models, stating that their ability to detect cyber vulnerabilities can be both an advantage and a disadvantage. Though Bowman also reminded firms that innovation is a core aspect of the industry, and that firms should not be discouraged from utilizing evolving tools:

“Innovation is a necessary component of financial services, and supervisory guidance should not be a barrier for banks to engage with new and evolving tools and technologies. Supervisors must take a balanced approach to new and emerging risks and the expected benefits while preserving the safety of the financial system.”

AI adoption is increasing more each year. As found in our Data Insights: Communications Capture Trends in 2025/26 report, ChatGPT retention increased by nearly 3,000% compared to the previous year, making clear how many more firms are integrating generative AI tools into their business.

The U.K. Government also reported that the number of firms offering cyber products for AI increased 68% compared to the previous year, implying increased interest in both AI utilization and cybersecurity.

Race against the AI clock: Is your firm resilience ready?

So, how can firms strengthen their cyber resilience in preparation for potential escalating threats? ASIC, the IMF, and the Fed offered suggestions for best practices to reinforce operational resilience in a financial industry that is increasingly enabled by AI tools:

• AI is the challenge – and the solution

As the saying goes, “If you can’t beat them, join them.” Advancing AI tools may be the source of these emerging cyber threats, though the only way to effectively fight risk is to adapt using the same technology. By using AI-enabled tools, firms can internally detect system vulnerabilities more effectively to secure software and prevent breaches.

AI-enabled tools can also help teams promptly respond to incidents. Attacks are happening faster than ever, requiring firms to adopt solutions that can flag risk just as quickly.

• Collaboration is critical for regulators and firms across regions

As regulators reform their supervisory approaches to managing AI adoption, firms should collaborate to build a better understanding of whether frameworks are effective. This includes considering whether supervisory expectations are reasonable, if firms feel comfortable discussing emerging risks with supervisory boards, and whether regulators have truly implemented a pro-innovation mindset.

Regulators should consider how to consolidate oversight to maintain an interconnected global system as AI abilities spread across borders. Information sharing, internal coordination, and expanding capacity development will give regulators a better chance at maintaining financial stability.

• Reassess cyber defense plans and build a resilience-first framework

Cybersecurity and resilience should be firms’ main priorities to maintain stability as the cyber landscape becomes more precarious. Firms need to assess their cyber defense plans and reevaluate existing measures to build a more preventative strategy, especially as attacks become faster, automated, and increasingly sophisticated.

There’s a high likelihood that systems can be breached, and those with robust resilience standards will be in the best position to bounce back. Strong controls can also contain local attacks before they become a system-wide problem. 

The firms that treat resilience as a future priority rather than a present one are already behind — and in this threat environment, catching up gets harder every day.

As the industry becomes increasingly AI-enabled, partnering with a future-forward technology partner will help maintain strong cyber defenses while keeping your critical data protected.