How to meet APRA's demands for improved AI security

Australia's prudential regulator has issued one of its strongest warnings yet on artificial intelligence adoption across the financial system, signalling that banks, insurers, and superannuation funds are not keeping pace with the risks created by rapidly accelerating AI deployment.

In its 30 April 2026 Letter to Industry on Artificial Intelligence, the Australian Prudential Regulation Authority (APRA) outlined a clear expectation that entities lift governance, assurance, and identity controls to match the speed and complexity of modern AI systems.

APRA's message is unambiguous. Existing frameworks are not fit for purpose in environments where machine-driven decision-making, autonomous agents, and continuously evolving models are becoming embedded in core operations.

The warning follows a supervisory deep dive conducted across major regulated institutions in late 2025, where APRA identified systemic shortcomings in how AI risk was being managed. The findings suggest that, while adoption is accelerating, governance maturity is lagging significantly behind.

A widening governance gap

APRA's review highlights a consistent pattern across entities. AI is still being treated largely as a conventional technology deployment rather than a distinct risk category requiring enterprise-wide oversight.

Among the most significant concerns is the mismatch between deployment velocity and control maturity. Institutions are increasingly embedding AI into customer-facing systems, credit decisioning, fraud detection and operational workflows, yet governance structures remain anchored in traditional IT risk models.

APRA identified four recurring issues. 

• First, AI-specific cyber threats such as prompt injection, data leakage, and manipulation of autonomous agents are increasing faster than defensive controls are evolving. 
• Second, governance maturity is lagging, with many organisations failing to recognise the probabilistic and adaptive nature of AI systems.
• Third, supplier concentration risk is becoming more acute, with heavy reliance on a small number of global providers and limited exit planning.
• Fourth, traditional audit and change management practices are proving inadequate for systems that continuously learn and evolve.

ID and access controls under strain

One of the most significant structural challenges identified by APRA is the emergence of non-human identities within enterprise environments.

AI agents, automated workflows, API-driven services and machine-generated credentials are increasingly acting as autonomous actors within financial systems. Yet identity and access management (IAM) frameworks in many organisations remain designed primarily for human users.

This creates a governance blind spot. Machine identities often operate with persistent credentials, broad permissions and limited traceability.

APRA has explicitly flagged that identity governance frameworks have not adapted to this shift. In practice, this means organisations may have no comprehensive inventory of AI-related identities, limited controls over how they are provisioned, and weak monitoring of their behaviour.

Bar raised for boards and risk teams

In response to these findings, APRA has articulated a set of minimum expectations that effectively redefine what "good practice" looks like in AI governance.

Boards are expected to demonstrate sufficient literacy in AI to provide meaningful challenge, ensuring that AI strategy aligns with organisational risk appetite rather than being driven purely by innovation priorities.

APRA also expects institutions to maintain a comprehensive inventory of all AI systems, use cases and dependencies, including third-party and fourth-party providers.

A further requirement is the implementation of continuous monitoring, replacing traditional point-in-time assurance approaches. This reflects APRA's view that static audit cycles are incompatible with dynamic AI environments where models can change behaviour post-deployment.

What organisations should do

To meet APRA's requirements for improved AI security, organisations need to undertake immediate, near-term, and ongoing steps. These include:

• Immediate steps (0–90 days):
  • Conduct a gap assessment of existing identity and access management (IAM) controls against AI governance expectations, with specific attention to whether non-human AI agents are appropriately governed
  • Establish an initial inventory of all AI systems, use cases, and machine identities
  • Review existing post-deployment monitoring to identify where assurance remains point-in-time rather than continuous
  • Brief internal audit and risk teams on AI-specific expectations and assess readiness to evaluate AI systems

• Near-term steps (90–180 days):
  Next, the focus shifts toward enforceable controls and governance integration. Steps to take include:
   
  • Extend identity governance frameworks to explicitly include AI agents as governed identities
  • Implement continuous monitoring capabilities for AI systems
  • Introduce enforceable access controls for high-risk AI actions
  • Strengthen supplier governance by addressing concentration risk and developing credible exit or substitution strategies for critical AI providers

• Ongoing steps:
  Over time, APRA expects governance to become embedded into system architecture rather than layered on top:
   
  • Maintain continuous identity and behaviour analytics across all AI systems
  • Treat AI agents as first-class identity entities within access review and privileged access management
  • Embed governance controls directly into AI lifecycle workflows
  • Continuously uplift internal audit capability

Taken together, APRA's direction signals a decisive shift. Governance can no longer operate as a periodic oversight function but must become continuous, automated, and as dynamically responsive as the AI systems it is designed to control.

AI governance becomes a board-level priority

APRA's April 2026 intervention marks a clear escalation in regulatory expectations around artificial intelligence in the financial sector. The message is not simply that AI introduces new risks, but that existing governance frameworks are fundamentally misaligned with the nature of AI-driven systems.

As financial institutions deepen their reliance on AI for critical decision-making and operational efficiency, regulators are signalling that governance must evolve from static oversight models to continuous, automated and identity-centric controls.