Hong Kong: SFC Circular on Cybersecurity Measures Against Frontier AI-enabled Cyber Risks

Frontier AI models are the most advanced AI models currently available, trained on massive datasets, and capable of performing complex, multi-step tasks at scale (e.g. advanced reasoning, agentic workflows, etc.). They have emerged as a double-edged sword in the cybersecurity landscape – on one hand, AI agents offer significant defensive advantages, enabling organisations to detect threats real-time, automate vulnerability assessments, and respond to incidents with unprecedented speed and accuracy; on the other hand, the same capabilities are also being harnessed by malicious actors, e.g. by automating the discovery and exploitation of system vulnerabilities without human guidance, and chaining multiple vulnerabilities into critical exploit paths.

In light of the evolving risks posed by frontier AI models, the Circular underscores SFC’s regulatory expectations for licensed firms to review and enhance their cybersecurity measures. Licensed firms are reminded that their senior management, including the Manager-in-Charge of Information Technology (MIC-IT), is ultimately responsible for managing cybersecurity risks faced by their firms. In particular, the MIC-IT should ensure that changes to the firm’s cybersecurity framework are adequately reviewed and approved and that enhancements are implemented properly and promptly.

Key headlines of the Circular

1. Risks highlighted by the SFC 

• Increased sophistication and frequency of cyberattacks: AI-enabled tools are accelerating the exploitation of system vulnerabilities and enabling more frequent, targeted and sophisticated attacks.
• Reduced response time for implementing remedial measures: The volume and frequency of security patches and updates are significantly increased due to how rapidly AI tools can identify new vulnerabilities. The time interval between identification or disclosure of a vulnerability and its exploitation by threat actors is rapidly diminishing, compressing the window for firms to act, requiring them to enhance and expedite their patching and vulnerability management processes to minimise exposure.

2. Measures to address AI-enabled cyberattack risks

• Security controls: licensed firms should implement robust and up-to-date security controls to protect their systems, prevent unauthorised access or disclosure of confidential client information, and safeguard client assets from misappropriation.
• Inventory: licensed firms should maintain (and keep up-to-date) an inventory of their technology assets and components, and identify higher-risk areas such as externally exposed, business critical systems or third-party dependent components.
• Cybersecurity frameworks: the SFC expects licensed firms to review and enhance their cybersecurity frameworks and consider the following key areas in doing so:
  • (a) Patching and vulnerability management – strengthen the patching and vulnerability management processes, promptly remediate known vulnerabilities and establish processes for urgent or critical fixes outside routine patching cycles, and allocate sufficient resources to handle potential increase in patch volumes.
  • (b) Access and privilege controls – operate on a zero-trust assumption (i.e. any user of system may be compromised), implement least-privilege access to all business critical components, and enhance firewalls and network segmentation to limit lateral movement across networks and systems. Treat external and untrusted inputs as potentially adversarial and apply maker-checker controls for high-impact actions.
  • (c) Detection and monitoring measures – strengthen threat detection and monitoring of anomalies in client trading and system activities and enhance threat intelligence gathering capabilities.
  • (d) Third-party supply chain risk management – implement proper procedures to address AI-enabled risks from third-party providers supporting business critical components, strengthen vendor risk governance and enhance initial and ongoing assessments to reflect the latest threat landscape.
  • (e) Incident response and recovery – enhance and regularly test incident handling procedures and contingency plans, establish rapid escalation mechanisms and consider pre-planned containment and exploit-interruption measures (e.g. blocking malicious activity, isolating systems and restricting access). Licensed firms shall also maintain regular data backups and promptly notify the SFC of material cybersecurity incidents, in accordance with the Code of Conduct and VATP Guidelines (as applicable).

For more information, the Appendix to SFC’s Circular sets out further examples of such control and procedures.

The SFC also reminds licensed firms deploying AI language models in their operations to ensure associated cyber risks are addressed in their cybersecurity framework and incident handling arrangements. In doing so, the core principles and regulatory expectations (including notification requirements for high-risk use cases) set out in SFC's circular dated 12 November 2024 on the Use of Generative AI Language Models should be factored in.

What’s next?

The Circular is in line with the broader development in how regulators and authorities globally are approaching AI‑enabled cyber risks. Given how AI tools can accelerate the scale and speed of cyberattacks, authorities across jurisdictions are increasingly recognising frontier AI as an amplifier of cyber risk and reminding organisations of its implications. For example, the Cyber Security Agency of Singapore has issued an advisory on frontier AI-associated risks in April; and the Bank of England, Financial Conduct Authority and HM Treasury have issued a joint statement on frontier AI models and cyber resilience recently in May.

The technology in this area is evolving rapidly and Hong Kong’s regulatory approach is increasingly aligned with global developments. SFC‑licensed firms should therefore take proactive steps to ensure their cybersecurity frameworks remain robust, adaptable and aligned with emerging AI‑related risks. For bespoke advice on strengthening your organisation’s cybersecurity measures and aligning them with evolving regulatory expectations on AI‑enabled cyber risks, please contact us for further information.