APRA Member Therese McCarthy Hockey's remarks to the 2026 AFIA Risk Summit

Good morning and thank you for inviting me to address you today.

As those of us in the risk management business know, sometimes a threat appears as a clear and present danger. Take the Iran War. From the moment the first missiles began to fly, prompting Tehran to close the Strait of Hormuz and attack its Gulf Arab neighbours, there was no mistaking the threat to economic growth and financial system stability.

But sometimes danger is less obvious and harder to recognise.

In the case of frontier AI, it began with a blog posted by Anthropic in early April claiming its new Mythos model had surpassed "all but the most skilled humans at finding and exploiting software vulnerabilities; and that "the fallout - for economies, public safety, and national security - could be severe."

Unlike a war where lives are being lost and infrastructure destroyed or disrupted - like a key global shipping route - public awareness of the potential threat from this groundbreaking development in the AI revolution has been slower to build - and even met with scepticism. Was it a hoax, was it just great PR and if it was real, how serious could it be?

The cyber security community, in contrast, took immediate notice. Just this week, the "Five Eyes" cyber security agencies issued a rare joint statement calling for swift action in response to frontier AI risks, demonstrating how deep the concern is that we are entering a dangerous period in the AI revolution.

"Frontier AI models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities", the statement says. "The timeline is not years, it is months."

APRA, on the good authority of our security agency peers, is confident that frontier AI presents a paradigm shift. The threat horizon posed by these advanced AI models has moved sharply nearer and will likely bring forward the timeline for correlated threats such as encryption-breaking quantum computers.

But if AI is the problem, it can also be the solution. As we race to identify and patch vulnerabilities before they can be exploited by bad actors, nothing will achieve this faster than AI - whether frontier models or the advanced models already in circulation. By harnessing AI to build the fire breaks we need to keep the flames from spreading, we can fight fire with fire.

Just as battling a major bushfire requires the community to come together, we also need to act collectively. In an ever more interconnected financial system, instability in one part of the system can quickly destabilise other areas. The scale of this challenge, the speed with which it's evolving and the borderless nature of the threat, require those of us on the right side of this battle to work together - at an industry level, a national level and even at an international level.

Assessing the terrain

APRA's longstanding interest in AI goes well beyond the cyber threats it poses. Advancements in AI present major opportunities to deliver improved efficiency, new capabilities and enhanced customer services. As prudential regulator for Australia's financial system, we encourage all entities we regulate to explore how AI can improve the way they run their businesses. Indeed, it could be an existential risk not to, given the way AI promises to transform financial services. But in exploring AI, boards and senior managers need to make sure the risks associated with such powerful technology are being appropriately managed.

This is not an easy task. As the CEO of one of our largest banks told me recently, it's as though the industry has rushed to catch the big AI wave and now everyone is trying to hold onto their surfboards!

In line with the commitment from our last Corporate Plan to assess emerging AI risks, last year we undertook a targeted review of 11 representative entities in banking, super and insurance. Our goal was to assess how they were using AI in their businesses, how it was being governed and how risks were being managed. We outlined the findings of the review in a letter to industry last month.

We observed there had been a significant escalation in how entities were adopting advanced AI. Where a year or two earlier, they were mostly at the experimentation stage, we now observe AI being deployed in ways that are decision-critical, customer-facing and operationally embedded. Many entities are trialling or introducing AI capabilities in areas such as software engineering, claims triage, loan application processing, fraud and scam disruption and customer interaction.

The pace of change in the scale, speed, and complexity of AI adoption has been relentless, and what we found is that governance, risk management, assurance and operational practices are not keeping up. Another concern we identified was heightened concentration risk across the financial system with some entities heavily dependent on a single provider for multiple AI use cases. That creates operational resilience issues across the system if those providers fail or severe disruption occurs.

A burning platform

Since our thematic review, the Mythos developments arose. The letter leans into these developments in frontier AI, which we say require a "step-change" in cyber practices and makes the message about upgrades in risk and governance even more urgent.

Early indications are that the new wave of AI models can identify vulnerabilities that have escaped detection, in some instances, for decades. Furthermore, testing by the UK's AI Security Institute confirmed that Mythos can autonomously link a series of minor vulnerabilities to create a major breach. For businesses, this means vulnerabilities that once would have fallen further down the patching priority list assume a new significance. As new systems and programs come online, companies will need to urgently identify and patch vulnerabilities in those before bad actors can do so.

The events of the past fortnight have made this challenge more concrete. After initially limiting access to its most advanced model to about 50 large US companies, Anthropic this month expanded access to selected organisations outside the US, including in Australia. Within days, the US Government ordered Anthropic to suspend foreign access to its advanced models, citing national security concerns.

APRA doesn't need to take a view on the merits of that decision to draw clear lessons from it. For Australian financial institutions, frontier AI is not just a cyber risk issue. It's third-party risk, a concentration risk and a sovereign access risk. A critical business process, control or cyber-defence capability that depends on a single offshore frontier AI model may be disrupted not only by an outage or cyber incident but by a regulatory decision made overseas.

As with all third-party providers, boards and senior managers therefore need to think about AI adoption through the same lens they think about any other critical dependencies: what are we using it for, how important is it, who controls access, where is it hosted, what data does it touch, what happens if it's withdrawn and what's our fallback.

There are a few other points to make here. The first is that no company should be waiting for access to frontier AI models before embarking on a step-change in its cyber security posture. This was a point ASIC Commissioner Simone Constant made last month in an open letter when she urged companies not to "wait for perfect clarity to address the threat posed by new AI models".

APRA's guidance is equally straightforward: assess the implications of frontier AI models for your operational resilience and business continuity and take action to secure AI-specific threats and attack paths.

For all the dazzling technology we are confronted with, much of what companies need to do is get the fundamentals right, including basic cyber hygiene. For APRA-regulated entities, this means ensuring existing information security capabilities and controls remain effective as threats change, consistent with prudential standards CPS 234 and CPS 230.

The second point is that future information security practices around patching and configuration management need to operate at machine speed, commensurate with the AI-augmented threat. AI isn't simply turbo-charging the ability of cyber adversaries to find vulnerabilities they can exploit; it's dramatically reducing the level of skill and resources needed to undertake potent cyber-attacks. The risk is that security teams become overwhelmed trying to patch vulnerabilities and fend off attacks coming faster than ever before.

If machine speed is required, it goes without saying that will require machines. A recent World Economic Forum white paper on the defensive use of AI in cyber security reported 77 per cent of organisations were using AI in cyber-security, with almost nine out of 10 reporting efficiency benefits. These organisations are not only using AI to detect external threats and software vulnerabilities that could be exploited, but also writing code for patching, and assisting with breach response and recovery.

Interestingly, but not surprisingly, the report found AI deployment in cyber security is closely tied to organisational size and resources. It found smaller entities tend to lag larger peers due to financial constraints, skills availability and data maturity.

Team Australia

In an ever more interconnected global financial system, no company is completely isolated. Every organisation has a complex web of relationships with other financial institutions and third-party suppliers - each of which has its own web of connections. The largest companies might typically have the strongest cyber security posture but they also tend to have the greatest web of interconnections.

This inter-connectivity further heightens cyber-risks; not only is a successful attack on one entity more likely to create problems beyond the target itself, the successful penetration of an entity can also allow sophisticated actors to use these digital connections as a backdoor into other targets.

In an environment where an attack on one of us could be an attack on any of us, our financial system is only as resilient to cyber-attacks as the weakest link in the chain. By working together, we can capitalise on our increased connectivity and protect ourselves by protecting each other.

As AI companies begin expanding access to their most advanced models, our expectation is that the largest Australian organisations, including APRA-regulated entities, will likely get early access. Naturally those organisations will use these models to scan their systems for undetected vulnerabilities to identify and patch them. But what about everyone else?

APRA firmly believes a "Team Australian" mentality is needed here. In the same way that financial institutions commonly share information on scams, we expect to see organisations granted early access to frontier AI models sharing information and insights with peers and suppliers. Where one institution learns something material about AI-enabled vulnerabilities, model limitations, jailbreak techniques or defensive use cases, the system as a whole benefits when that knowledge is shared quickly and safely.

One of the ways APRA is working to facilitate this knowledge transfer is with a series of roundtables alongside ASIC and the Australian Signals Directorate (ASD). These roundtables, which began a few weeks ago, provide a forum for entities, regulators and intelligence agencies to share what they're seeing in relation to AI-related cyber threats and how they are responding. Given their importance to the financial system, we have also looped in major service providers and some of the main payments system companies. Our goal is not only to share ideas among participants to everyone's benefit, but also to create a sense of community and shared purpose.

Something that has heartened us from the outset has been the willingness of some of the country's biggest financial institutions to volunteer to share their technical expertise with smaller companies. This open approach to community-building correctly recognises that making the system more resilient is an investment in making themselves more resilient.

There is also a "Team World" aspect to this. Cyber threats respect no borders, and a financial crisis in one country can very quickly affect countries anywhere.

I note that last month the American Treasury Secretary Scott Bessent announced the US and China will discuss guardrails on AI, including establishing a protocol for keeping frontier models out the hands of criminals and other non-state actors. As a regulator and not a politician, I can't weigh in on what governments are doing on AI but the argument that no country can effectively combat this threat alone is a sound one. The International Monetary Fund makes the salient point that developing countries, with fewer resources, may be disproportionately exposed to attackers targeting regions with weaker defences. International coordination, and support for emerging economies, is therefore critical to preserving global financial stability.

Regulators also have a role to play here. Over the past few months, APRA has spoken directly to several international regulators to gain on their perspectives and any guidance around changes they are planning based upon recent frontier AI developments.

Quantum of concern

Cyber security isn't the only risk which is being accelerated by developments in AI.

Two years ago, in a speech I delivered to this very event, I observed that while it took humankind four thousand years after the invention of a basic cart to invent the automobile, the gap between the Wright brothers' first flight and Neil Armstrong stepping on the moon was only 63 years.

In short, technological advancement makes other technological advancements possible. We are now at the point where AI is advancing exponentially, with capabilities doubling in a matter of months rather than years.

One such advancement this will likely bring forward is quantum computing, which proposes to use the rules of quantum physics to exponentially increase computing power. What this means for businesses is faster insights, stronger optimisation and performance uplift in areas like pricing, portfolio construction, logistics and fraud detection.

But, like advanced AI, this power can be used to cause harm in the wrong hands. Quantum computing promises to destroy the current encryption standards used to protect our digital information such as emails, bank accounts and other sensitive personal information. While a standard computer today would need about 149 million years of compute power to "brute force" an eight-digit combination password, it's estimated it would take a quantum computer about 18 minutes. As the science and math evolve further, the time to break even the most secure current passwords is predicted to fall to minutes or even seconds.

Such a development wouldn't only have damaging consequences for the security of bank deposits, super balances and sensitive financial and personal information held today. It would mean every email or data file hacked or stolen going back years, which criminals were unable to unlock at the time, would become vulnerable.

For the moment, quantum computing doesn't yet exist in any practical sense. But the clock is ticking. Until recently, the hypothetical day when quantum computers become powerful enough to break the cryptographic security that currently protects global digital infrastructure or "Q-Day", as some have dubbed it, was thought to be more than 10 years away. But advancements in computing technology, including AI, have led to speculation that cryptographically relevant quantum computing could become a reality much sooner - years earlier in fact. All of us - businesses, regulators, governments and agencies - are in another race against time to prepare for this threat before Q-Day arrives.

This is a threat that has garnered attention around the world. Only yesterday, US President Donald Trump signed two executive orders designed to speed up American preparedness to harness quantum computing power while also protecting against it. The Bank for International Settlements (BIS), often referred to as the central bank of central banks, views quantum computing as both a transformative opportunity for the global financial system and a critical cybersecurity threat. To this end, the BIS through its Innovation Hub, has partnered with central banks globally to execute "Project Leap," which is actively testing post-quantum cryptography in operational payment systems.

It is seen as an urgent challenge because putting in place the right quantum resilience will take time and considerable investment - it's not an overnight exercise - and all this in the face of the accelerating arrival of Q-day.

Locally, the ASD recommends organisations should have a plan to transition to post-quantum cryptography by the end of this year and have commenced that transition by the end of 2028. In line with this, APRA wants to see our regulated entities at least starting to map where cryptography is relied upon across their systems, data, and third-party providers, including long-lived data and critical infrastructure. Over the coming year, we intend to step up our supervisory engagement on this issue too - commensurate with the threat. We will want to see evidence that boards understand the risk, recognise their obligation to act and are advancing plans to meet the ASD's recommended timeline.

Lighting a fire

When faced with a critical and time-sensitive issue requiring urgent action, we often hear leaders talk about "a burning platform".

The risks surrounding emerging AI technologies don't only represent a burning platform. They are also a moving platform where new risks keep popping up like spot fires ahead of a fire front.

Just as our rural fire services conduct backburning to mitigate the summer threat, we too must fight fire with fire. Organisations can use AI models to find and patch vulnerabilities faster than adversaries can exploit them. Don't wait for the latest and greatest technology or mistake access to frontier AI models for resilience. Real resilience comes from the governance, controls, data discipline, testing and contingency planning that sit around the technology. Get moving, act urgently and start by getting the basics right.

When it comes to quantum computing, this if a fire we know is coming. With the process of migrating computer and network capabilities to post-quantum cryptography is likely to take years, waiting to smell smoke before acting will guarantee you get burnt. You need to be moving on this issue now.

These are not threats any company or country can fight alone. There are bad actors and there are the rest of us. We need to collaborate, sharing experience and intelligence to minimise weak spots in the financial system that these bad actors can exploit.

The challenge before us is to act with speed, ambition, and with confidence that, by working together, we can shape these technologies in the interests of a safer and more resilient financial system. The fire is already burning. Our task now is to meet it with the right tools, the right safeguards and the collective resolve to stay ahead of it.