Richard Chiu | Sales Engineering Manager for Hong Kong
More About This Author >
Richard Chiu | Sales Engineering Manager for Hong Kong
More About This Author >
In view of the increasing number of incidents involving AI models, the Hong Kong Securities and Futures Commission (SFC) issued Circular 26EC32 to remind licensed corporations to review and adapt their practices to the evolving cybersecurity threat landscape. Issued on 2 June, the Circular recognises that traditional security architectures were not built to handle today’s threats.
For decades, cybersecurity policies have been founded on the premise that attackers move at a human speed. It means vulnerabilities can be detected, attack plans can be developed, and security personnel have time to investigate and respond to the threat. The document explicitly questions this premise.
The vulnerabilities listed by the regulatory body indicate a new environment in which AI is enabling faster reconnaissance, vulnerability identification, social engineering, and exploitation. This does not mean only an increase in the number and variety of cyberattacks, but that the timeline for defenders to contain them has significantly reduced.
For Hong Kong-licensed corporations, particularly electronic trading brokers, Type 13 depositaries, and virtual asset trading platforms, the circular stresses the need for structural fixes in addition to, or instead of, incremental patching.
The circular states that AI has made it easier and faster for attackers to discover and exploit system vulnerabilities, enabling them to coordinate attacks across multiple interconnected systems at scale. A slew of AI-enabled tools has lowered the barriers to phishing, social engineering, deepfake impersonation, and reconnaissance, exposing licensed firms to increased cybersecurity risks.
Individually, each is not new. However, what has changed is the efficiency, speed, complexity, and scale at which these threats can be delivered.
The use of AI technologies enables the automation of infrastructure reconnaissance, the detection of open ports or services, and vulnerability analysis, all at speeds previously unattainable. Disclosed vulnerabilities can be analysed instantly, whereas a chain reaction of lower-priority vulnerabilities can cause real-world disruption.
Concurrently, AI-driven phishing scams and deepfake impersonations are growing more sophisticated. The service desk, IT admins, and even privileged users are now under threat from highly realistic attacks that can mimic legitimate people and processes.
Another risk category arises when businesses adopt their own AI systems. The circular highlights risks such as prompt injection, jailbreaking, system prompt override, and data leakage through AI workflows. These are application-layer risks that can happen easily as large language models (LLMs) enter business processes.
Taken together, these developments create an environment where attackers can move from discovery to exploitation in a fraction of the time most companies are used to.
One key insight behind the circular is that AI speeds up the lifecycle of exploitation.
Automated tools can scan for exposed assets within seconds of a vulnerability disclosure. Attacks can adjust their tactics and techniques in response to the defensive measures deployed by the systems they target.
Under these circumstances, companies relying on human-based analysis, those with long approval processes, or those that rely on human escalation might face challenges, as they will find themselves on an entirely different timeline from their opponents.
This is why the circular stresses the need for vulnerability management, containment, and faster response mechanisms.
The recommendations contained in the circular are laid out in an accompanying annex across five areas of focus: patching and vulnerability management, access and privilege controls, detection and monitoring, third-party supply chain risk management, and incident response and recovery.
Instead of treating each of these as independent compliance requirements, they should be viewed as individual layers within a comprehensive defence structure.
While all licensed corporations are expected to consider these measures, electronic trading brokers, Type 13 depositaries, and virtual asset trading platforms are generally expected to implement them in full.
In sections A and C, the emphasis is on minimising exposure and enhancing visibility. The recommendations include accelerated remediation of existing vulnerabilities, threat-assessment-based patches, proactive scanning, anomaly detection, threat intelligence, and resiliency testing.
Section D addresses a risk that AI adoption has sharpened: the third-party services and managed platforms that licensed firms increasingly depend on are themselves potential attack vectors. Due diligence, supplier security visibility, and contingency planning for service disruption are no longer standard procurement hygiene — they are active security controls.
In Section E, the appendix lays out how threats will inevitably slip past preventive measures. The importance of pre-authorisation for containment measures, escalation procedures, and operational recovery highlights the speed at which AI-powered cyberattacks can happen.
Section B puts identity and access management at the centre of cyber resilience. It specifically calls for phishing-resistant multi-factor authentication for administrative, cloud, and privileged access accounts, together with least privilege and just-in-time access.
This is important because many organisations still use older authentication approaches that are susceptible to phishing, session hijacking, social engineering, and credential abuse.
The SFC recommends organisations to implement more effective identity controls, which it considers a foundational security requirement, rather than an add-on.
Also, enforcing least privilege and minimising standing privileges will help prevent attackers from moving laterally within environments if they have gained initial access.
It means identity controls are no longer just for access management; they are an essential part of cyber resilience.
The circular also recognises a truth already acknowledged by many enterprises: deploying AI systems will potentially create new attack surface.
To guard against AI-enabled attacks, businesses must implement mechanisms to detect and prevent prompt-injection attacks, protect against model manipulation, and limit the risk of exposing confidential information when interacting with AI tools.
For firms that implement a retrieval-augmented generation (RAG) approach, securing the data powering these systems is also critical. The scope of security extends beyond the AI system itself to include data discovery, access control, encryption, monitoring, and connection integrity to corporate data sources.
These application-layer controls address a different class of threat from perimeter defence. Advanced bot mitigation, web application firewall capabilities, anomaly detection, and virtual patching address automated reconnaissance, exploit attempts, and phishing infrastructure — the external attack surface that AI has made faster and more scalable.
At the foundation of all these initiatives is the need to retain control over sensitive data. The use of strong encryption, key management, data discovery, and data security governance minimises risks associated with AI operations, reliance on third parties, and modern threats such as model inversion and data inference.