Skip to main content

      Frontier AI is reshaping cyber risk in Australia

      Cyber risk is undergoing a structural shift. What was once episodic is now continuous, driven by rapid advances in frontier AI capability and reinforced by heightened regulatory attention in Australia. Capability disclosures from frontier AI laboratories, coupled with signals from APRA and the Australian Signals Directorate, point to the same conclusion: longstanding assumptions about cyber risk no longer hold.

      Frontier AI models have already demonstrated the ability to autonomously discover and exploit vulnerabilities at a speed and scale previously limited to highly resourced actors. As these capabilities evolve, the window between vulnerability discovery and exploitation continues to compress, challenging existing risk, control and assurance frameworks.

      This shift elevates cyber risk from a technical issue to a board and senior management priority. And it requires organisations to reassess risk posture, governance and operational response in line with a faster, more complex threat environment.

      Why this matters for Australian organisations

      Australia occupies a distinct position in this shift. As a Five Eyes partner with deep integration into allied intelligence sharing, the country benefits from early threat visibility. It also sits within the targeting envelope of state sponsored actors with access to frontier AI capabilities. 

      For Australian organisations, this is not a theoretical shift. It is a change in operating conditions.

      • Regulatory posture under pressure

        APRA CPS 234 already mandates information security capability commensurate with threats. The SOCI Act imposes positive security obligations on critical infrastructure and the ASD’s Essential Eight is under active revision.

      • A threat landscape moving at AI speed

        Australia is explicitly named in allied threat reporting. State-sponsored actors target government, defence industry, critical infrastructure and research institutions. ASD documents these threats extensively.

      • Legacy exposure across key sectors

        Financial services core banking (COBOL-era systems), energy and water utilities (long-lived OT/SCADA), and healthcare (fragmented IT estates) carry disproportionate risk.

      • Disclosure regime consequences

        The Notifiable Data Breaches scheme, APRA reporting obligations, and forthcoming Cyber Security Act requirements create compounding regulatory exposure when breaches occur.

      • A tightening cyber insurance market

        The Australian cyber insurance market is already tightening. Underwriters are reducing capacity for organisations with material unpatched legacy footprints.

      What changes for the enterprise?

      The response to this shift requires action across three different layers of the organisation, and none can be addressed in isolation.

      Cyber risks in the age of frontier AI can no longer sit primarily with technology and cyber teams. This is a board and senior management leadership matter, and they mandate the organisation’s risk posture. They should be changing the questions they ask of management, just as audit committees should reshape reporting, anchored in operational indicators rather than control assurance alone.

      APRA’s April 2026 letter reinforces this directly: boards must ‘maintain sufficient understanding and literacy with respect to AI in order to set strategic direction and provide effective challenge and oversight.’ 

      For critical infrastructure operators, the Security of Critical Infrastructure Act imposes equivalent obligations through risk management programs. The structural shift in AI-enabled offensive capability makes these obligations materially more demanding across all sectors. 

      Existing technology and operational risk assessments were calibrated to a threat economy where exploit development was expensive, slow and concentrated in skilled human attackers. That assumption no longer holds in the current landscape. Risk taxonomies, materiality thresholds, third party assessments and CRO metrics all require re baselining to reflect AI compressed timelines and chained vulnerabilities.

      For prudentially regulated entities, this includes reassessing the adequacy of information security capability relative to the new threat environment. For Critical Infrastructure operators, risk management programs must now account for AI-enabled threat scenarios. The principle applies broadly: any organisation whose risk settings were calibrated before frontier AI must revisit them. 

      The window between vulnerability disclosure and active exploitation which was once measured in months, is now measured in days, hours and minutes. Prioritising vulnerabilities by severity score alone and reviewing your external attack surface quarterly are no longer sufficient. Internal Audit must now test what was not previously tested and the assurance evidence flowing to the board must keep pace with the new operating tempo.

      The Essential Eight maturity model is the baseline for Commonwealth entities and widely used across the private sector, but target maturity levels and patch timelines now require reassessment as they may no longer reflect the reality of AI-compressed exploit cycles.

      Every organisation has technical debt. What has changed is that AI now turns that debt into an open door. The boards that act first will define the standard everyone else is measured against.
      Mark Tims

      Partner, National Leader Tech Risk & Cyber

      KPMG Australia

      test

      Australian sector exposure

      The impact of this shift is not uniform across sectors. In Australia, several industries carry disproportionate exposure.

      Financial services

      Core banking estates include decades-old platforms and middleware. APRA’s information security standard sets a high bar and JPMorgan Chase (a Project Glasswing partner – Anthropic’s initiative to secure the world’s most critical software for the AI era) has a head start. But most Australian banks and insurers do not.

      Energy and utilities

      Operational technology systems are long-lived and often unpatchable in place. Critical Infrastructure obligations apply with Australia explicitly named in allied threat reporting on state-sponsored targeting of energy infrastructure.

      Government and Defence

      Commonwealth entities face persistent state-sponsored targeting. The Information Security Manual and Essential Eight framework require reassessment against AI-enabled threats with Defence industry supply chains acutely exposed.

      Healthcare

      Healthcare entities are characterised by fragmented IT estates, thin security budgets, and large unsupported-software surface. Connected health infrastructure expands the attack surface.

      Mining, resources and manufacturing

      Ageing operational technology shows elevated intellectual property theft risk. Remote operations and autonomous systems create an expanded attack surface, and insurance capacity is constrained.

      Telecommunications

      Carrier-grade infrastructure is under Critical Infrastructure obligations with significantly exposed first-party code. Several global technology peers are Project Glasswing partners, but Australian carriers are not.

      Higher education and research

      Research IP is a documented target for state-sponsored actors with open network architectures and large user populations creating broad attack surface.

      Learn how frontier AI and cyber risk could impact your sector.

      Contact us

      How KPMG can help you work through the shift

      KPMG Australia offers private briefings for boards and senior management, targeted reassessment of risk and control frameworks, operating model uplift across all three lines of defence, and technical readiness assessments. All services are calibrated to the Australian regulatory environment and the specific demands of this new operating regime.

      • Board, audit committee and senior management briefings

        Through private sessions on the structural shift, we help you understand accountability expectations under CPS 234, the SOCI Act and the forthcoming Cyber Security Act, and the questions directors and audit committee members should now be asking of management.

      • Recalibration of risk and control frameworks

        We support you with targeted re-baselining of risk taxonomies, materiality thresholds and third-party risk views. This includes revalidation of prior assessment outcomes against the shift in threat landscape, to surface gaps that were not material under earlier assumptions. For APRA-regulated entities, we assist you with reassessment of CPS 234 information security capability adequacy.

      • Operating model uplift across the three lines

        We work with you to recalibrate your security posture across all three lines: first-line operations (patch velocity, attack surface, security operating model), second-line oversight (control design, risk metrics, board reporting), and third-line assurance (audit scope, testing, evidence). Aligned to CPS 234, ISM and Essential Eight frameworks.

      • Targeted technical-readiness

        We provide external exposure audit, detection and response uplift with greater emphasis on behavioural and exposure-based defence. This includes supply-chain and SBOM review, and platform architecture reviews aligned to the post-frontier-AI threat landscape along with assessment against ASD’s Essential Eight at revised maturity targets.

      A clearer view, a sharper conversation, a defensible plan

      We are running private sessions for boards, audit committees and senior management across Australia’s financial services, critical infrastructure and government sectors.

      What we’ll explore in this 90-minute live session at your office:

      1. The structural shift (10 min). What is genuinely different about the current generation of AI-enabled offensive capability. Evidenced rather than speculative. Independently validated by the UK AI Safety Institute and Five Eyes partners.
      2. The Australian regulatory posture (10 min). What APRA, ASD, OAIC and Home Affairs have signalled. The accountability framing for boards and senior management under CPS 234 and the SOCI Act. What supervisory follow-up is likely to look like.
      3. What changes for each line of defence (35 min).
        • Line 1 (IT and CISO): The compressed time between vulnerability discovery and exploit. The breakdown of CVSS-only prioritisation when low-severity bugs become chained exploits and volume overwhelms capacity. External attack surface as a continuously monitored discipline rather than a quarterly scan. What an AI-speed SOC requires.
        • Line 2 (Risk and Compliance): The technology and operational risk assessments that need re-performance to surface gaps that were not material before. The metrics that should now appear in the CRO’s pack: patch-to-exploit window by criticality tier, time-to-detect for autonomous multi-stage attacks, and third-party CVE blast radius. How risk appetite statements need re-expression when AI compresses attacker timelines.
        • Line 3 (Internal Audit): The assurance posture shift where existing CPS 234 audit programs have blind spots against AI-enabled threats. The changes to the risk universe. The evidence boards and audit committees should request on a quarterly cadence.
      4. KPMG’s point of view (10 min). What we believe an organisation of your profile should have completed, have in flight, and have on the roadmap as this new operating regime takes hold.
      5. Open discussion (25 min).
      Contact us

      Contact the team

      Frequently asked questions

      Frontier AI models have demonstrated the autonomous ability to discover and exploit zero-day vulnerabilities across every major operating system and web browser. This capability was previously the preserve of well-resourced nation-state teams. It will commoditise within 12 to 18 months. The speed, scale and sophistication of cyber-offensive capability are no longer bounded by the supply of skilled human attackers.

      Boards must treat this as a governance matter, not a technology matter. The actions to take include: 

      1. Seek a briefing on the structural shift and its implications for your organisation’s specific risk profile. 
      2. Mandate a reassessment of your risk and control frameworks against AI-compressed attacker timelines.
      3. Challenge management on patch velocity, detection capability, and legacy estate exposure.

      The window between vulnerability disclosure and active exploitation has compressed from months to days or hours. A meaningful share of exploitation now precedes the availability of any patch. The 30- to 90-day patching tolerances most Australian organisations operate against are no longer defensible, with critical patch response times now measured in hours, not weeks.

      CPS 234 requires information security capability commensurate with the size and extent of threats. The structural shift in frontier AI means the threat environment has materially changed with existing capability assessments now requiring revalidation. 

      Under the SOCI Act, responsible entities must maintain critical infrastructure risk management programs that account for AI-enabled threat scenarios. APRA, the ASD and Home Affairs are expected to provide further supervisory guidance.

      The Essential Eight remains the right framework. However, target maturity levels and implementation timelines require reassessment. Patch management at Maturity Level 3 (within two weeks for critical vulnerabilities) may no longer reflect the reality of AI-compressed exploit cycles. Organisations should assess whether current maturity targets are adequate given the new threat tempo.

      Explore more AI

      KPMG AI is built for the new world – where agents collaborate, impact is non-negotiable, and trust is what matters most.
      AI Services

      KPMG's strategic approach to designing, building, deploying and using AI strategies and solutions in a responsible and ethical manner.
      Trusted AI Framework