“Do not wait for perfect clarity to address the threat posed by new AI models,” Constant wrote. “Instead, act now, and act with discipline, to strengthen the cyber resilience fundamentals that underpin your business.”
The letter has particular weight for Australia’s mortgage broking sector – which now facilitates more than 77% of all new home loans and handles vast quantities of borrower financial data daily.
Brokers and aggregators sit at the intersection of multiple data flows: lender systems, CRMs, serviceability calculators, identity verification tools and, increasingly, AI-powered platforms designed to accelerate lending decisions. Each integration point is a potential vulnerability.
ASIC’s concern is not that AI creates entirely new categories of risk, but that it lowers the barrier to executing sophisticated attacks. A phishing email that once required considerable skill to craft can now be generated in seconds. Vulnerabilities that once required significant resources to exploit can be identified and targeted at scale and speed.
Frontier AI poses major threat
The letter specifically calls out the accelerating pace at which AI is enabling attackers to discover and act on known software vulnerabilities, urging licensees to patch systems promptly and implement layered, defence-in-depth architectures.