Response to Risks from Frontier AI Models with Potential to Steal Data, Disrupt Critical Infrastructure and Exploit Software Vulnerabilities

The following question stood in the name of Mr Saktiandi Supaat –

5 To ask the Minister for Digital Development and Information (a) what is the Government's assessment of the risks from AI models claiming to be sufficiently advanced to steal data or disrupt critical infrastructure, to Singapore's financial system and critical infrastructure; (b) whether such AI-enabled cyber risks could constitute a new class of systemic financial risk; and (c) what early-warning indicators or triggers, if any, are being developed to detect such threats.

6 Mr Edward Chia Bing Hui asked the Minister for Digital Development and Information in light of recent reports on frontier AI models, such as Anthropic's Mythos with advanced capabilities to autonomously identify and exploit software vulnerabilities (a) what is the Ministry's assessment of the potential cybersecurity threats posed by such models; and (b) whether the Government is reviewing Singapore's current cybersecurity frameworks and safeguards to address these emerging risks.

Mr Edward Chia Bing Hui (Holland-Bukit Timah): Question No 5, Sir.

The Senior Minister of State for Digital Development and Information (Mr Tan Kiat How) (for the Minister for Digital Development and Information): Mr Speaker, Sir, my response will cover the questions raised by Mr Saktiandi Supaat and Mr Edward Chia in today's Order Paper. Can I get permission to take Question Nos 5 and 6 together, please?

Mr Speaker: Please proceed.

Mr Tan Kiat How: And my reply will also address related questions from Mr Yip Hon Weng and Mr Louis Chua filed for tomorrow's Sitting. If the Members are satisfied with the response, they may wish to withdraw their questions.

We share the Members' concerns and have been tracking these developments closely for some time.

[Deputy Speaker (Mr Christopher de Souza) in the Chair]

Let me first address Mr Louis Chua's question on access. The Government does not have access to Mythos. Anthropic has released it only to a limited set of partners under a controlled preview, and we are not aware of any local bank that has been granted access. More broadly, we do not assume that we will always have early access to every frontier model. Instead, we maintain close working relationships with various partners, including major artificial intelligence (AI) labs and cybersecurity firms to track capability developments and to assess safety and security implications when new capabilities emerge. We are also working with partners who have access to Mythos to better understand its capabilities and implications.

We should understand the advances in capabilities enabled by Mythos to be part of a continuum rather than a step change. Models like OpenAI's GPT-5.5 already show comparable cybersecurity capabilities and are more widely available. Open-source AI models are also rapidly improving and are likely to reach similar capabilities within months.

With AI, vulnerabilities that once took expert teams weeks to detect manually can now be identified autonomously in hours, sometimes minutes. Attackers can exploit these vulnerabilities much faster than our traditional patching cycles can address.

AI is also changing how attacks are carried out. For example, Google reported in 2025 that threat actors had used AI to develop a new class of malware. Unlike traditional malware that is hard-coded at the point of creation, the PROMPTFLUX malware was designed to consult a live AI model during attacks. The AI would rewrite portions of the malware code in real-time to evade detection.

Another example is high-fidelity deepfake frauds. In a 2024 case, criminals used an AI-generated deepfake video call to impersonate a multinational firm's chief financial officer and trick an employee into transferring $25.6 million to fraudulent accounts. Similar attempts have been made against business executives internationally and in Singapore too. Today, voice cloning requires only seconds of audio and impersonation tools are readily available.

These attacks are faster, more scalable and significantly more sophisticated. What we have not yet seen is fully autonomous AI agents running end-to-end campaigns. But this is a matter of time given the trajectory of technological developments.

So, the issue is not any single model like Mythos. The underlying shift is broader and the risks are real. We are treating them with the seriousness they deserve.

To Mr Saktiandi Supaat's query, we view AI-enabled cyber risk as an amplification of an existing systemic risk, rather than a wholly new category. The fundamentals to strengthen an organisation's cybersecurity matters more than ever. Therefore, the Monetary Authority of Singapore has convened the chief executive officers of major financial institutions to discuss the threat landscape and drive collective action on technology and cyber resilience. Financial institutions are treating this with the seriousness it deserves and have been strengthening their posture.

The same urgency extends across all sectors. The Cyber Security Agency of Singapore (CSA) will issue a letter to the boards and senior leadership of all critical information infrastructure (CII) owners today. This letter sets out clear expectations, including a review of cyber risk posture in light of AI-enabled threats. Our Government agencies are similarly on alert.

This is not an issue that should be delegated to IT teams alone. It demands leadership attention at the highest levels, including board members and chief executives. This applies whether an organisation runs information technology (IT), operational technology (OT), or both types of systems. The priority is to get the fundamentals right – and do so quickly.

Five areas matter.

First, revisit your cybersecurity risk assessment. Update these for IT and OT systems to account for the AI-enabled changes in the threat environment – in particular, the narrowing window between the discovery of a vulnerability and its exploitation by attackers.

Second, know what you have. Most breaches begin at an unmanaged asset – a forgotten internet-facing system, a third-party dependency, a shadow cloud account. You cannot defend what you cannot see. Ensure you have visibility over your current inventory.

Third, patch faster, monitor continuously. The time window between vulnerability disclosure and exploitation is collapsing. Periodic audits are not enough. Organisations need to move towards continuous monitoring, automated detection and tested incident response.

Fourth, govern your own use of AI. AI tools introduce new vulnerabilities, particularly when connected to sensitive data, code or critical systems. CSA's addendum on Securing Agentic AI, launched in October last year, sets out practical guidance on mapping workflows and applying controls across the entire life-cycle.

Fifth, use AI in defence. The same capabilities adversaries are deploying can be turned to detection, triaging and response. Mr Yip Hon Weng asked whether the Government is investing in AI-powered tools for active vulnerability and patch testing. The answer is yes. The Government has been fast-tracking capability building in using AI for cybersecurity for some time, working with industry to access and adapt the best tools available globally. At the same time, we are developing capabilities in-house, so that we are not dependent on any single external party. These are being piloted within Government and will be extended to more agencies and CII owners when ready.

To Mr Louis Chua's question on assessment capabilities, CSA leads this effort, working closely with relevant Government agencies and industry experts to exchange insights on the threats and mitigation measures. CSA is also reviewing standards and obligations for CII owners to account for the faster attack timelines. Under the Cybersecurity Act, CSA has the authority to direct and enforce action where necessary.

On Mythos specifically: without direct access, we cannot test the model ourselves. But we assess the risk based on published evaluations, threat intelligence and our ongoing engagement with the major AI labs. Where credible evidence emerges of a material risk to systems of national consequence, we work with and advise CII owners to patch and harden their systems. This is the approach we have used to date and we will continue to do so.

Mr Saktiandi Supaat asked about early warning indicators and triggers. We have an established approach to do this. First, we closely engage technology partners for early visibility and insights into new capabilities as they emerge. Second, CSA monitors active exploitation patterns and shares threat intelligence and advisories through established channels. Third, we conduct attack-surface monitoring and increasingly we are leveraging AI to do so.

Mr Yip Hon Weng asked about patching protocols and timelines. This is not a new problem. It has been existing. There are established practices for patching that can manage disruption to services. This includes staged rollouts and pre-tested roll-back procedures.

These efforts form a broader national effort to raise cybersecurity standards across all sectors. There is no silver bullet and no one-time fixes. We must adapt and adjust to new risks. This requires all stakeholders to play their part actively and responsibly.

Many small and medium enterprises (SMEs) do not have a chief information security officer (CISO) or even a dedicated IT team. To help our SMEs, CSA's SG Cyber Safe programme provides accessible cyber-hygiene guidance. This includes the CISO-as-a-Service and the Cyber Essentials and Cyber Trust Marks, which support organisations to assess and improve their security posture.

Individuals have a role to play as well. Three things matter most, as outlined in CSA's "Stop and Check" campaign. First, use two-factor authentication and strong passphrases. Second, update software promptly to ensure that cyber criminals cannot find and use vulnerabilities to infect devices with malware, steal data or take control of devices. Third, use ScamShield and anti-virus to safeguard devices and accounts. Basic cyber hygiene matters.

In conclusion, the Government will continue to raise awareness, set standards and support organisations in building robust cyber-defences. But resilience depends on everyone doing their part. We must act early and decisively and stay ahead of the threat.

Mr Deputy Speaker: Mr Edward Chia.

Mr Edward Chia Bing Hui (Holland-Bukit Timah): Sir, I have three supplementary questions. First of all, frontier models require a significant amount of compute and are likely to be concentrated among well-resourced organisations, leading to concerns about accessibility and uneven capabilities.

In this context, my first supplementary question is whether Singapore is actually working with international partners to establish norms, safeguards and coordinated responses to the risk posed by frontier AI models in cybersecurity?

The second supplementary question is whether the cybersecurity framework today, including those under the Cybersecurity Act and the CSA guidelines, are sufficient to address these emerging threats? Are they still fit for purpose?

And third, most importantly, how will the Government ensure that SMEs are not left behind and have access to these emerging new frontier capabilities to defend against such threats?

Mr Tan Kiat How: Sir, let me first set in context my response to Mr Edward Chia. As I mentioned earlier, the enhanced capabilities that frontier models bring to the table is on a continuum. It is not suddenly a step jump or a discontinuous capability that we are not prepared for. We have been monitoring this space for some time and are actively working with international partners, both technology companies developing those AI frontier models as well as governmental organisations, on these threats, including those from intelligence and security agencies.

These threats are not new. We have been monitoring this for some time and we have been taking steps to mitigate the risk. That is the first point.

The second is that – I will go back to the same point I made earlier – fundamentals matter. Let me use an analogy. As an organisation or an individual, you lock the front door, or you secure the locks of your front door when you leave the building or when you leave your house. These are fundamentals.

But over time, when we adopt more digital solutions, digital devices, adopt more different services in our organisation, even in our personal lives, we are almost thinking about it like building more annexes and building more facilities. Which means that your attack surface is much wider because you might have forgotten that you might have left a window open, your back door open, or a new annex in your building has a vulnerability. And what AI empowers or enables the bad actors to do is this that makes them much more capable and much faster in detecting those vulnerabilities and exploiting them.

So, first and foremost, it is about securing your own building, your own house, your own organisation, your own digital systems, making sure that vulnerabilities are detected early and locked down. And put in place enough investments to maintain your property, your digital systems, so that these vulnerabilities would not be exploited by others. So, basic hygiene matters, and I spoke about it extensively in my Parliamentary Question reply.

Thirdly, we are mindful that SMEs may not have such capabilities and we deployed different resources supporting them to: firstly do a self-check, a hygiene check, on their own systems through the various cyber essential marks and trust marks – they can look at the guidelines published by CSA; secondly, even as SMEs digitalise and adopt AI technology in their organisations, you want to make sure they are safe and there are guidelines in place for them to think about how to deploy AI solutions in their organisations and in their businesses.

And through programmes like SMEs Go Digital, where we work with our industry partners providing these technology solutions and pre-approve them for support, we make sure those basic cybersecurity hygiene practices are baked into those systems. So, we are taking a holistic view on it. But these threats are not new and we have been monitoring them for some time.

Mr Deputy Speaker: Mr Yip Hon Weng.

Mr Yip Hon Weng (Yio Chu Kang): Thank you, Mr Deputy Speaker. I thank the Senior Minister of State for his reply. My supplementary question is on talent. Given that cyber threats, especially AI-driven ones, are really borderless and driven by highly sophisticated global actors, could the Senior Minister of State clarify whether Singapore faces constraint in attracting and retaining top-tier global cybersecurity and AI talent needed to safeguard our systems? How confident is the Government that we have sufficient depth of experience and expertise to protect critical infrastructure and maintain public trust, rather than falling behind more advanced threat actors?

Mr Tan Kiat How: Sir, I thank Mr Yip for his supplementary question. I cannot agree more with him that talent is the most critical piece in cybersecurity. As we talk about adopting AI, it is important for us also to adopt AI as the good guys, the defenders – how are we building capabilities in AI to detect, to triage, to respond across the board. And talent is most critical.

But there is no one singular definition of what kind of cybersecurity talent is needed. It is a whole spectrum – from running operations to detection, to be able to do red teaming and penetration testing to sniff out vulnerabilities before the bad actors can do that. It requires a whole range of talent. It is not just technical talent but actually, a lot of times, it is understanding the psyche of the bad actors and how do we put ourselves in those shoes and to detect those vulnerabilities.

So, we require talent from different sources. That is why over the years, CSA, together with various Government agencies, including our security agencies, have been putting in place different schemes and programmes to support Singaporeans who wish to have a career in cybersecurity. It is a rewarding career – you are doing good, making an impact and it is a meaningful career with good prospects. And we are working very closely with the institutes of higher learning, our different schools, to have those pathways, not just for fresh graduates but also mid-career individuals who want to transit to a cybersecurity career.

And in fact, I read a quite useful article yesterday in CNA about talent, and we are doing much more. So, if anyone is keen to have a career in cybersecurity, please check out the resources. We certainly welcome more talent.

Mr Deputy Speaker: Mr Louis Chua.

Mr Chua Kheng Wee Louis (Sengkang): Thank you, Deputy Speaker. Just three quick supplementary questions for the Senior Minister of State.

First, I think the Senior Minister of State talks about gaining access to the best tools available globally. In so doing, is the Government working to gain direct access to the Anthropic Mythos model to enable the Government to better strengthen its cybersecurity defences?

Second, I think the Senior Minister of State also talked about how it is working with partners that actually have access. So, I was wondering if there has been any outcomes or patches to threats and vulnerabilities that have already been done, and if there have been any successes that the Senior Minister of State can share.

And lastly, in terms of the level of risk assessment through the CII, what is the Government's assessment of it right now, and how is it directly supporting the CII providers other than getting them to take action right now?

Mr Tan Kiat How: Sir, let me start by highlighting what I said earlier in my Parliamentary Question reply – that we have to look at this as not as just a single episode or single frontier model making announcement. Because this is a trend that we have seen for some time, and we have been monitoring the trend and taking action for period of time. And it is not just about a single model but broadly, even open-source models, we have built up capabilities over time and within matter of months because of how fast AI technology is developing.

We work closely with all AI labs, cybersecurity firms as well as different partners around the world to have early access, if we can, to different models and frontier models to test the capabilities. So, this is something we are working on.

On his second question around our risk assessment, well, we have been monitoring this trend for some time. Over the last months and year, we have been issuing different advisories. Some of them we publish and are publicly available, like how we think about securing agentic AI software systems in our organisations. Some, we work directly with CII owners.

In this House, during the Budget and Committee of Supply speeches, I shared with the House that I have been visiting every of the CII sectors – 11 critical information infrastructure sectors – over the past months and year. I am pleased to share with everyone that I have completed all 11. And the reason why I do so is to personally engage the leadership of each CII sector to understand what they are doing and to reinforce the threat that we are seeing because of AI capabilities. And I am very heartened that all the senior leadership, from chief executives to board members, are aware of the risks and are taking steps. So, they are not taking this lightly. They are putting in place, not just processes and investments to secure themselves and their systems, but also proactively thinking about how to secure their AI uses in their organisations.

I will use an analogy. When you want to have a fast car, you have a strong engine under the hood of your car. AI is that engine. You want to get from point A to point B as quickly as possible to be competitive. But at the same time, you need to have the safety features, the guardrails, your safety belts, good brakes in place. And organisations are thinking about how to secure the AI solutions in their organisations, even as they think about using AI to defend.

Lastly, I must also say that we have been working very closely with all of the CII sectors, I shared in this House during the Committee of Supply debates that the Government and CSA are leaning forward. We will share selected threat intelligence information with selected CII owners so that they can better monitor and detect threats against them, especially from advanced persistent threat actors. Secondly, in-house, we are building capabilities within the Government on how to detect those threats using AI and we will share those tools, where necessary, with CII owners.