The Biggest AI Security Threat to Singapore Banks Is Already Inside Them
Source: The Business Times
Southeast Asian banks have handed credit, fraud, and compliance decisions to autonomous AI systems. A Business Times analysis warns the primary threat is no longer external hackers but the poorly governed AI already operating inside banks' walls.
A hypothetical but instructive scenario: a credit card shows a S$4 coffee, an e-commerce purchase, a small digital subscription. None triggers the bank's fraud detection — because they were not meant to. Overnight, the same card makes a nearly S$50,000 transfer. The cardholder sleeps through it. This is not a traditional hack. It is an AI-vs-AI attack, and Southeast Asian banks are particularly exposed.
Writing in The Business Times on Jun 25, Simon Liu argues that banks have already deployed autonomous AI systems that judge creditworthiness, block suspected fraud, and build anti-money-laundering models — often faster than any human can review. These systems are now being reverse-engineered by attackers using their own AI. Small, normal-looking transactions serve as training data for the attacker's model, which maps the bank's behavioral thresholds before executing a large, undetectable heist.
The article flags several structural vulnerabilities. SMS one-time passwords and static selfie-liveness checks — still treated by regulators as gold-standard controls — are described as near-obsolete against deepfake tools and AI-powered phishing. More concerning is the shadow AI problem: agents set up by staff without the CISO's knowledge, touching fund movement, already present in multiple large banks. Singapore's GovTech AI agent registry, announced earlier this month, is cited as a benchmark for bringing these unauthorised employees under control.
Why it matters for Singapore: Singapore's banks are among the most technologically advanced in Asia, and the Monetary Authority of Singapore has pushed aggressively on AI adoption. That strength creates a corresponding vulnerability — the more autonomous systems embedded in financial infrastructure, the larger the attack surface for adversarial AI. MAS's Fairness, Ethics, Accountability, and Transparency principles remain relevant, but the industry needs real-time defenses that match the speed of AI-driven attacks, not quarterly model refreshes that arrive weeks too late.