The financial sector faces mounting pressure to harness artificial intelligence as a defensive weapon against rapidly evolving cyber threats, with regulatory bodies scrambling to build and deploy advanced monitoring systems. Marlene Amstad, president of Switzerland's Financial Market Supervisory Authority (FINMA), underscored the urgent need for supervisors and banks to embrace new technology, cautioning that the traditional pace of security updates no longer matches the speed at which malicious actors operate. Speaking following an international hackathon focused on developing supervisory tools, Amstad emphasised that vulnerabilities in financial systems present not only operational risks but also potential national security concerns that demand swift institutional responses.
The acceleration of AI-driven cybersecurity challenges has become impossible for regulators to ignore. Recent machine learning models trained to identify software weaknesses have uncovered a disturbing trend: the volume and sophistication of cyberattacks targeting financial institutions continue to climb, even as artificial intelligence itself introduces new layers of complexity to the security landscape. These discoveries have prompted regulatory bodies to confront hard questions about AI safety, institutional accountability, and the governance frameworks needed to manage algorithmic systems operating within the global financial infrastructure. The dual challenge of defending against traditional hacking while simultaneously managing risks posed by AI systems themselves has pushed regulation into uncharted territory.
FINMA has taken a leadership position by establishing an international forum dedicated to supervisory technology within the framework of the International Organization of Securities Commissions, a body whose member regulators collectively oversee approximately 95 percent of global financial markets. This forum represents an acknowledgment that cybersecurity threats transcend national boundaries and require coordinated international responses. By bringing together supervisors responsible for such vast market coverage, the initiative creates pathways for sharing best practices, harmonising approaches to AI adoption, and building consensus around protective standards that can be implemented across multiple jurisdictions simultaneously.
The collaborative hackathon that recently convened brought together roughly one hundred policy specialists and technology experts tasked with jointly designing tools for supervising cryptocurrency markets, an area particularly vulnerable to sophisticated attacks given its relative regulatory novelty and the substantial volumes of value flowing through digital asset platforms. The intensive working sessions generated practical solutions that could be deployed rapidly, reflecting the sense of urgency pervading these discussions. Rather than waiting for lengthy formal regulatory processes, the hackathon model allows supervisors to prototype, test, and refine tools in real time, accelerating the journey from concept to deployment.
One innovative approach under consideration involves embedding protective mechanisms directly into the underlying architecture of digital asset systems themselves, rather than relying solely on external monitoring and enforcement mechanisms. This preventative philosophy represents a shift from traditional supervisory methods that focus on detection and punishment of violations. By building safeguards into the systems from inception, regulators aim to make certain categories of harmful behaviour technically difficult or impossible to execute, creating a form of governance through code rather than through rules alone. Such an approach could prove particularly valuable in cryptocurrency markets, where the combination of anonymity, speed, and technical complexity create environments where traditional enforcement struggles.
The emergence of advanced AI models as both tools and potential vulnerabilities has complicated the regulatory landscape significantly. Experience with prominent language models including Anthropic's Mythos has exposed operational risks that were previously theoretical, demonstrating that AI systems themselves can be exploited or misused in ways that compromise financial system stability. The United States government recently ordered Anthropic to halt exports of its latest Mythos and Fable AI models on national security grounds, acknowledging that the geopolitical implications of advanced AI access extend into the financial sector. This action reflects growing recognition that technological leadership in artificial intelligence carries strategic weight comparable to traditional military capabilities.
The global competition for AI supremacy extends to financial supervision as well. Chinese cybersecurity company 360 Security Technology announced this week that it has developed a domestic alternative to advanced models like Mythos, signalling that nations unable or unwilling to export their most powerful AI systems are investing in building domestic technological capacity. This fragmentation of the AI landscape creates challenges for international coordination, as different regions may increasingly rely on different technological platforms with varying capabilities and potential vulnerabilities. Regulators like Amstad recognise that maintaining access to cutting-edge AI models is not merely a matter of efficiency but a prerequisite for competitiveness and national economic security.
Switzerland's position as a global financial centre makes its regulatory approach particularly influential. Amstad's emphasis that Switzerland must retain access to the most advanced AI models reflects concerns that regulatory isolation could undermine the country's ability to supervise its substantial financial industry effectively. If Swiss supervisors lack access to tools equivalent to those available to competitors in other jurisdictions, they may find themselves unable to match the sophistication of potential threats or to detect complex violations occurring within their regulatory domain. This competitive dimension adds another layer of urgency to the international push for AI adoption within financial regulation.
For Malaysian financial institutions and regulators, these developments carry immediate implications. As Bank Negara Malaysia and other Southeast Asian supervisory authorities continue strengthening their cybersecurity frameworks, the example set by international bodies demonstrates the necessity of proactive investment in AI-powered defensive tools. The interconnectedness of global financial markets means that vulnerabilities identified in one jurisdiction quickly spread to others, creating cascading risks. Malaysian banks with international operations must ensure they can match the cybersecurity standards expected by their counterparts in advanced markets, suggesting that participation in international supervisory forums and early adoption of emerging technologies should be priorities.
The strategic stakes underlying this regulatory pivot extend well beyond technical cybersecurity. AI tools in financial supervision represent a fundamental shift in how markets will be monitored, with implications for market transparency, competitive fairness, and systemic stability. The concentration of AI capability among a small number of providers and nations raises questions about regulatory sovereignty and the extent to which smaller financial centres can maintain independent supervisory capacity. As Amstad advocates for deploying AI to harden financial systems before vulnerabilities become exploitable, she is implicitly endorsing a model in which regulatory bodies themselves become sophisticated technology operators, requiring recruitment and retention of elite technical talent to compete on the international stage.
