Frontier AI models are changing the cyber risk calculus. By helping threat actors identify, weaponise and exploit vulnerabilities more quickly, these models can increase both the speed and scale of cyber attacks. As discussed in our recent post, “Mythos: Governance, Technical, Business and Regulatory Considerations,” all businesses should be considering how best to respond to this emerging threat.
Now, the Financial Conduct Authority (FCA), Bank of England (BoE) and HM Treasury have published a joint statement on frontier AI models and cyber resilience, calling on UK-regulated financial services firms to take action to address the threat. While the statement is short and expressly does not introduce new regulatory expectations, it is a helpful guide on how to address the new and evolving cyber-AI threat landscape.
In this post, we explore the statement and suggest steps that firms may want to take to help translate the statement into practical action points, to ensure they meet their regulatory obligations.
Existing regulatory duties in a fast-moving threat landscape call for robust cross-stakeholder collaboration
To date, the UK regulators have been clear that their pre-existing regulatory tools will be used to regulate firms’ use of AI. The statement reaffirms that. For firms, therefore, a key challenge is ensuring, they take steps to address the threat in-line with their pre-existing regulatory obligations. This may include, for example, ensuring that:
- In accordance with Principle 3, they have appropriate systems and controls in place to respond to the fast-evolving cyber threat landscape;
- Given the nature, scale and scope of the threats posed by frontier models, they are able to demonstrate robust governance and oversight, in accordance with SYSC 4.1.1R, sufficient to allow them to identify, manage, monitor and report the associated risks effectively. Those risks must be viewed holistically though and down the supply chain; and
- For in-scope firms, in particular, they are assessing what, if any, changes are needed to comply with SYSC 15A operational resilience requirements and, in particular, whether scenario testing should be revisited given the new threat landscape.
Although the primary aim of the joint statement is to highlight new risks from frontier AI models, firms should bear in mind the possibility of supervisory or enforcement action where regulators identify weaknesses in a firm’s response. Both the FCA and the BoE have previously imposed significant financial penalties following cyber security breaches and IT failures. Where a firm’s organisational and controls deficiencies have contributed to financial loss to customers and/or major service disruptions, it will almost certainly come under regulatory scrutiny.
The upshot for firms is that they may want to review their current processes for identifying and addressing AI-enabled cyber risks, and ensure that there is sufficient internal regulatory oversight as part of a multi-stakeholder approach. Below we outline measures firms could consider taking more broadly to achieve that.
1. Brief boards and senior management on the threat landscape
The joint statement says boards and senior management should have sufficient understanding of frontier AI risks to set strategic direction and oversee control functions effectively. That could be achieved through an appropriate briefing which could, for example:
- Explain how frontier AI models may affect the firm’s threat model, including faster vulnerability discovery, more scalable exploitation, more convincing social engineering and shorter detection and containment windows. Providing concrete examples will be more helpful than abstract recitation of risk;
- Relay which important business services, critical systems, third-party dependencies and legacy systems are most at risk; and
- Document the discussion, decisions taken, action-item owners and follow-up timetable.
2. Re-engaging with cyber hygiene and response readiness
The regulators warn that frontier AI models can rapidly identify and exploit vulnerabilities across firms’ technology estates, and that firms should be able to triage, prioritise, risk-assess and remediate vulnerabilities more quickly, more frequently and at a larger scale. The joint statement also emphasises access management, network security and data protection as ways to reduce the attack surface available to AI-enabled attackers.
Firms may, therefore, want to revisit foundational operational resilience, IT and data hygiene to reduce their attack surface area and improve response readiness. This could include, for example:
- Reviewing their IT asset inventory to ensure it remains up-to-date and appropriately scoped. This will be key for firms to be able to identify where vulnerable software, libraries and cloud services are deployed;
- Revisiting the mapping of interdependencies. Having a robust understanding of operational interdependencies will be essential for firms to be able to plan and prioritise patching activity while appropriately managing potential downtime and operational disruption;
- Strengthening data minimisation practices. While firms have long worked to minimise the volume of data retained for a variety of reasons, the pace and scale of AI-enabled cyber threats make it more important than ever to purge old data or, at a minimum, ensure it is appropriately air-gapped;
- Ensuring that access controls and network segmentation have been properly implemented and are audited regularly; and
- Revising patching policies and procedures, and enhancing staffing to increase the speed at which patches can be deployed across the firm’s technology estate.
On the incident response side, firms should also consider:
- Refreshing their incident-response and recovery playbooks, paying close attention to internal escalation thresholds and how they may need to be applied differently in an era of potentially increased vulnerability disclosures; and
- The potential need to execute communications strategies at greater pace and frequency. A key challenge will be accurately communicating, internally and externally, the nature and source of risks. That may be increasingly difficult to do if the number of exploitable and exploited vulnerabilities increases.
3. Update risk mapping and scenario testing
Firms – particularly those subject to SYSC 15A – will want to consider whether frontier AI cyber risk is appropriately reflected in existing operational resilience mapping and scenario testing. Existing “severe but plausible” cyber scenarios may not adequately capture frontier AI models’ ability to “daisy chain” vulnerabilities across systems, suppliers and attack vectors more effectively than before.
Firms may therefore want to consider whether they have accounted for the risk of simultaneous exploitation of multiple vulnerabilities or attack vectors, including:
- Compromise of an identity provider or privileged access tool;
- Exploitation of a third-party software component;
- Rapid data exfiltration; and
- Disruption caused by emergency patching.
These scenarios should be mapped back to, and assessed against, relevant impact tolerances, recovery objectives, communications plans and a robust assessment of customer or market harm.
4. Revisit third-party, supply-chain and open-source risk
The regulators specifically identify third parties, supply chains and open-source software as areas of heightened concern. They state that firms should be able to identify, monitor and manage external applications, libraries and services integrated into their networks, and address vulnerabilities identified by third parties at scale.
To help address third-party supply-chain risk, firms may want to consider reviewing contracts and operating procedures with key service providers to ensure they require:
- Timely vulnerability notification and appropriate patching support;
- Incident updates with respect to actively exploited vulnerabilities; and
- Disaster recovery testing with access to results for the firm on request.
For EU-regulated firms, DORA-mandated terms will go some way to addressing the risks. Beyond contractual protections, firms may also want to consider contacting key service providers to understand what measures they are taking to address frontier model risks, and consider updating vendor-diligence questionnaires to capture whether and how vendors are using AI defensively to monitor their codebase for vulnerabilities and more broadly.
****
To subscribe to the Data Blog, please click here.
The cover art used in this blog post was generated by Gemini 3 Pro.
The Debevoise STAAR (Suite of Tools for Assessing AI Risk) is a monthly subscription service that provides Debevoise clients with an online suite of tools to help them responsibly fast-track their AI adoption. Please contact us at STAARinfo@debevoise.com for more information.
