The AI craze is a double-edged sword for our banking giants

Few companies outside the technology sector are as enthusiastic about rolling out artificial intelligence (AI) as massive banks.

Financial institutions have the deep pockets to afford hefty technology spending, their bosses are constantly trying to lift productivity (including through automation), and they compete to maximise profits.

As major Australian banks release results this week and next, following ANZ on Friday, it’s likely executives will tout how they’re using AI to improve operations.

However, this excitement has lately been drowned out by the growing alarm from financial regulators concerned by the growing cybersecurity threats posed by AI – an issue brought into sharp relief by a flash new AI model that could be used to turbocharge cyberattacks.

Central bankers often use hard-to-decipher language when talking about interest rates, but there’s no mistaking the concern from the regulators when discussing the risks posed by Mythos, the latest from AI giant Anthropic.

Bank of England governor Andrew Bailey summarised the problem last month, saying: “Anthropic may have found a way to crack the whole cyber risk world open.”

Beyond this one AI model, the fear is that the rapid advancement of AI has turbocharged the threat of cyberattacks on banks.

Announcing Mythos last month, Anthropic claimed the model was so powerful that it was dangerous to release it widely, and it was made available only to selected major companies.

Since then, a growing chorus of financial types has warned about threat of Mythos and its ability to detect holes in cybersecurity systems.

The Australian Prudential Regulation Authority (APRA) last week joined others in sounding the alarm, demanding a “step-change” in how banks manage AI-related risks. APRA warned the generation of AI models such as Mythos could increase the “probability, speed and scale of cyberattacks,” and this was one of several vulnerabilities introduced by AI.

Models have become so sophisticated they can find the gaps in digital security systems much faster than previously.

“What we’ve observed from our supervisory engagement is that while AI adoption is continuing apace, the systems and processes required to safely govern its use aren’t keeping up,” APRA member Therese McCarthy Hockey said.

Regulators will always emphasise the risks – that is their job after all. They have long warned of the dangers of major cyberattacks in finance – so, what’s changed to trigger the recent anxiety?

The big cause for concern is that the models have become so sophisticated they can find the gaps in digital security systems much faster than previously, which could allow uncontained attacks to inflict greater damage.

ANZ boss Nuno Matos underlined the issue of speed on Friday, saying the time banks had to respond to an attack had been “significantly shortened”.

“In a conventional cyberattack, especially those that could potentially be very aggressive, it takes time for the cyberattackers to find the right way to explore your deficiencies. With these kinds of tools, what is happening now is that they can find deficiencies much faster,” Matos said.

Matos said cyber threats were already a “very high risk” for banks, and the rise of models such as Mythos only elevated the problem. As a result, he said ANZ would need to invest more in its cyber defences.

The danger posed by Mythos and similar models is not the only AI risk catching the eye of finance watchdogs. Another risk is the governance of AI as banks, insurers and super funds start using the technology in ways that will affect customers directly.

AI is no longer in the experimentation phase – banks are trialling or using AI to process loans, to detect and disrupt scams, or to interact with customers. But APRA says the companies’ governance has not “matured” at the same pace. It says companies are often treating AI as “just another technology”, an approach that could overlook ethical issues such as bias from the AI models, or privacy and data risks.

This suggests that in the rush to roll out AI, there’s a real risk of banks (and other corporate giants) trying to move too quickly.

It’s not all bad news: banks are also using AI to fight scammers, for example, and are likely to employ it to process loans more efficiently, among other functions. There have been predictions AI-powered “agents” could help people make better decisions on money matters

All up, however, AI is a double-edged sword for banks. It brings risk, as well as the potential to boost the bottom line.

The most controversial impact on AI is probably on bank workers, many of whom are understandably worried about the risk to their jobs, as are hordes of other white-collar workers. There have not been wholesale AI-driven job cuts in Australian banking, but the Finance Sector Union has reported high levels of anxiety among staff about this risk.

Analysts at Macquarie said in March that jobs in banks were among the most exposed to being replaced by AI, estimating banks could reduce jobs by 10 to 30 per cent over the next five to 10 years. Initially, they predicted, banks were most likely to cut jobs outside Australia or in outsourced providers, rather than risk the political blowback that would come with large-scale domestic job cuts.

Whether in banking or other industries, AI is a force let loose. Regulators and politicians have been left scrambling as they deal with consequences, from job losses to the threat of cyberattacks.

Such risks should be remembered when executives from banks – and other companies – deliver pitches for how AI can improve the bottom line.

The Market Recap newsletter is a wrap of the day’s trading. Get it each weekday afternoon.