Financial regulators race to harness AI for cybersecurity as threats accelerate

Financial system gatekeepers worldwide face mounting pressure to rapidly integrate artificial intelligence into their operations as digital threats evolve faster than traditional defences can manage. Speaking at a global hackathon convened by market supervisors, Marlene Amstad, president of Swiss market regulator FINMA, warned that the financial sector must prioritise technology adoption to identify and repair security gaps before malicious actors can exploit them. The urgency stems from a troubling reality: as hackers employ increasingly sophisticated methods powered by AI themselves, banks operating under conventional supervision models risk falling dangerously behind in an escalating technological arms race.

The challenge facing financial regulators has become multifaceted and deeply interconnected with broader geopolitical considerations. Recently released AI models have exposed previously hidden vulnerabilities in banking systems, simultaneously demonstrating both the defensive potential of artificial intelligence and the operational risks it introduces to financial institutions. This paradox—where the same technology that protects can also threaten—has forced regulators to reckon with complex questions about safety, accountability, and the appropriate governance frameworks for deploying powerful computational tools within the sector. Amstad's leadership in addressing these issues reflects Switzerland's broader positioning as a hub for financial regulation and innovation.

To coordinate the global response, FINMA spearheaded creation of a dedicated forum embedded within the International Organization of Securities Commissions, the standard-setting body whose member regulators oversee approximately 95 percent of the world's financial markets. This architecture means that any breakthrough or best practice emerging from the collaborative effort could eventually influence how financial supervision operates across virtually every major economy. The forum represents a deliberate attempt to prevent fragmented, competing approaches that might leave some jurisdictions vulnerable while others forge ahead with implementation. By establishing this multilateral mechanism early, regulators hope to align standards and share technological capabilities before regulatory gaps become systemic vulnerabilities.

This week's inaugural hackathon brought together approximately 100 specialists spanning both policy development and technology implementation. Rather than holding abstract discussions about AI's potential, participants worked to build practical tools addressing immediate supervisory needs, particularly in cryptocurrency market oversight. This hands-on approach reflects recognition that theoretical frameworks alone cannot keep pace with technological change. By creating working prototypes in real time, supervisors can evaluate whether AI-powered solutions actually function as intended within the messy realities of live financial markets, identify unforeseen complications, and develop remediation strategies before deploying tools at scale.

One promising avenue regulators are exploring involves embedding protective mechanisms directly into the architecture of digital asset systems themselves. Rather than attempting to monitor and police from the outside, this approach would bake compliance and security functions into the underlying infrastructure. Such an innovation could prove transformative for cryptocurrency oversight, an area where regulatory reach has historically struggled. If successful, embedded safeguards might offer templates for protecting other emerging financial technologies before they proliferate beyond regulatory sight.

The urgency intensifies as major powers adopt hardened stances toward advanced AI export. This month, the United States government directed Anthropic to halt shipments of its latest Mythos and Fable AI models, citing national security concerns that acknowledge AI's potential weaponisation and dual-use implications. These restrictions carry profound consequences for financial regulators outside America who may lack access to cutting-edge models necessary for defending their own systems. Switzerland faces particular strategic exposure given its role as a global financial centre; maintaining competitive access to advanced AI capabilities becomes a matter of systemic financial stability, not merely commercial advantage.

China's technological response underscores the competitive dimension underlying global financial regulation. The Chinese cybersecurity firm 360 Security Technology announced development of a domestically produced equivalent to Mythos, signalling Beijing's determination to achieve technological self-sufficiency in critical domains. This geographical fragmentation of AI development threatens to create isolated ecosystems where different regions operate with divergent technological capabilities and regulatory frameworks. For Malaysia and Southeast Asian nations with growing financial sectors, such fragmentation creates genuine dilemmas: aligning with Western technology stacks offers certain protections but introduces dependencies, while pursuing regional alternatives risks technological lag.

Amstad has articulated clearly that Switzerland cannot afford regulatory isolation from the world's most advanced artificial intelligence systems. Her position reflects hard-headed pragmatism: cutting-edge models, despite their risks, represent essential implements for modern financial supervision. Attempting to protect financial systems by restricting access to such technology would paradoxically leave them more vulnerable, not less, by forcing reliance on inferior defensive tools. This calculus extends beyond Switzerland to every sophisticated financial centre, creating pressure for continued access and dialogue even amid international tensions over AI governance.

The deployment pathway Amstad emphasises involves using advanced AI models to identify and repair vulnerabilities before systems go live operationally. This prophylactic approach—stress-testing emerging financial infrastructure through AI-powered simulation and analysis—could substantially improve security posture across the sector. Rather than managing crises reactively after breaches occur, regulators envision proactively hardening systems during development phases. Such methodology requires deep technical collaboration between private financial institutions, supervisory bodies, and AI developers, fostering transparency and shared responsibility for systemic stability.

For regional financial centres like Malaysia, these global supervisory trends carry immediate practical implications. As FINMA's international forum develops standards and tools, Bank Negara Malaysia and other regional regulators will face decisions about participation, technology adoption, and resource allocation toward AI-powered supervision. Building supervisory capacity in this domain requires investing in technical talent, infrastructure, and institutional expertise that many developing and middle-income financial centres lack. Yet ignoring these trends invites vulnerability as global banking becomes increasingly interconnected and threats operate without geographic boundaries.

The competitive stakes extend beyond cybersecurity into financial market integrity more broadly. Nations that develop superior AI-powered supervisory capabilities may attract financial activity from institutions valuing robust oversight and advanced risk management. Conversely, regulators that lag technologically risk reputational damage and potential migration of financial activity to better-supervised jurisdictions. This dynamic creates powerful incentives for rapid adoption, potentially overriding concerns about implementing complex systems that themselves pose operational risks if poorly managed.

Amstad's framing of AI as instrumental to financial sector resilience reflects a fundamental reckoning underway across the industry: artificial intelligence cannot be kept at arm's length through restrictive regulation, but must instead be integrated strategically into the defensive arsenal. The question confronting regulators globally is not whether to adopt these tools but how to do so responsibly, ensuring that supervisory AI systems themselves maintain appropriate transparency, auditability, and accountability. The international forum FINMA helped establish represents one answer, attempting to distribute risk and expertise across jurisdictions while maintaining independent regulatory authority. As these frameworks develop, they will substantially influence how financial systems globally prepare for the next generation of technological challenge.