Bank built its own threat hunting agent because vendors can’t keep pace with new threats

Steven

Bank built its own threat hunting agent because vendors can’t keep pace with new threats

Summary

Australia’s Commonwealth Bank built its own agentic AI threat-hunting tools because commercial vendors were too slow to keep up with rapidly evolving, AI-amplified attacks, said Andrew Pade, General Manager of Cyber Defence Operations, at Gartner’s Security & Risk Management Summit.

The bank’s threat signal volume ballooned from about 80 million to 400 billion (weekly), driven in part by AI-assisted attack techniques and reused backend code across campaigns. Faced with scale and analyst burnout, the bank developed internal AI agents that ingest external research and the bank’s own telemetry, identify risks across legacy, on-prem, SaaS and cloud estates, and produce rapid, actionable reports.

Outcomes reported: assessment time fell from roughly two days to 30 minutes; a second agent automates indicator-of-compromise hunting and report generation; and frontline analysts are elevated from repetitive work to problem-solving roles. The team had to pair security practitioners with data scientists to create useful tools, and address AI non-determinism (especially in red-team outputs) by forcing deterministic checkpoints for repeatability.

Key Points

  • Commonwealth Bank created its own agentic AI threat-hunting tools because vendors couldn’t respond quickly enough to emerging threats.
  • Weekly threat signals rose from about 80 million to 400 billion, in part due to AI-powered attack automation.
  • The bank’s AI agents reduced threat assessment time from two days to around 30 minutes and automatically produce reports.
  • A second agent hunts for indicators of compromise and frees analysts from repetitive tasks, improving morale and retaining talent.
  • AI non-determinism caused issues in red-team reporting; the bank imposed deterministic outcomes to make agent predictions repeatable and legally defensible.
  • Successful development required close collaboration between frontline security staff and data scientists — throwing the problem over the fence didn’t work.

Context and relevance

This case study sits squarely in the growing arms race between defenders and attackers as AI scales adversary capabilities. It shows large organisations are increasingly pushed to build bespoke AI defences when commercial offerings lag. The story highlights operational and people impacts: signal volume explosion, the need for deterministic outputs from probabilistic models, and the importance of cross-discipline teams to produce usable security tooling.

For security teams, it emphasises two trends: (1) off-the-shelf products may not keep pace with adversary innovation and (2) internal AI agents can materially cut triage time and reduce analyst burnout if carefully designed and integrated.

Why should I read this?

Quick and blunt: if you run security for an organisation that isn’t tiny, vendors won’t magically solve the AI wave for you. This piece shows how one big bank beat the noise by building its own agents — faster detection, much quicker response, and less soul-destroying grunt work for analysts. Worth a ten-minute skim if you care about scaling detection or keeping your security folk sane.

Source

Source: https://go.theregister.com/feed/www.theregister.com/2026/03/17/commonwealth_bank_ai_defense/