GRC Report Staff

AI Is Collapsing the Time Between Vulnerability & Attack, Luxembourg Regulator Warns

In guidance published Tuesday, Luxembourg's Commission de Surveillance du Secteur Financier (CSSF) warned that frontier artificial intelligence models are reshaping the cyber threat landscape by accelerating the speed, scale, and sophistication of attacks. While the technology presents significant opportunities, the regulator said it also gives malicious actors new tools to automate complex tasks, generate sophisticated code, and exploit vulnerabilities more quickly than traditional defensive practices were designed to withstand.

KPMG Survey Finds CISOs Caught Between AI Ambition & Security Reality

For all the attention artificial intelligence receives in boardrooms, one number in KPMG's latest cybersecurity survey stands out because of how ordinary it is. Only 24% of large organizations say AI is fully integrated into their cybersecurity programs. The rest are somewhere in between, testing it in isolated functions, weighing its value, or waiting for confidence to catch up with capability.

How AI Is Changing Internal Audit Before It Changes AI Governance

The first time artificial intelligence changes an audit function, it probably won't be because an auditor is reviewing an AI governance framework. It will be because someone quietly asks a large language model to summarize a hundred-page policy, compare two years of control testing, identify unusual journal entries, or draft the first version of an audit report.

European Financial Regulators Back ESRB Warning on Frontier AI Cyber Risks

On Tuesday, Europe's three financial supervisory authorities publicly endorsed the European Systemic Risk Board's warning that frontier artificial intelligence models are creating systemic cyber risks for the financial sector, lending the combined authority of the continent's banking, insurance, and securities regulators to a concern that has been gathering force for months. Their message was not that artificial intelligence introduces a new category of risk. It was that the pace at which the technology is changing offensive cyber capabilities is beginning to test assumptions that were reasonable only yesterday.

Australia Records Highest-Ever Data Breach Notifications as Cyber Threats Continue to Mount

There were 1,205 data breaches reported to the Australian privacy regulator in 2025. The new figures, released by the Office of the Australian Information Commissioner, show an 8% increase over the 1,112 notifications received in 2024. They do not necessarily mean organizations have become less secure; they do show that serious breaches remain a persistent feature of Australian business and government, and that reporting obligations under the Notifiable Data Breaches (NDB) scheme continue to generate a steady stream of disclosures whenever individuals are likely to face serious harm.

FTC Sharpens ‘Made in the USA’ Enforcement With New Warning Letters

The U.S. Federal Trade Commission on Monday issued warning letters to eight companies whose advertising appears to overstate where their products were made. Seven companies were told their products may have been falsely marketed as "Made in the USA," while another received a warning over products advertised as "Made in Texas," despite indications they were imported, either entirely or in significant part.

FCA Says AI Will Fundamentally Reshape Retail Financial Services by 2030

Artificial intelligence is poised to become one of the defining forces in retail financial services over the next decade, according to a review published Monday by the UK's Financial Conduct Authority, which argues that regulators, industry and government must begin preparing now for a financial system increasingly shaped by autonomous AI.