The Central Bank of the Philippines issued recommendations for Bangko Sentral-supervised institutions to manage emerging cybersecurity risks from frontier artificial intelligence systems. It warned that such systems can identify software vulnerabilities, generate exploit pathways and execute multi-stage cyberattacks with minimal human intervention, creating a more adaptive and scalable threat environment for financial institutions, third-party service providers and critical infrastructure. Institutions are told to ensure that cybersecurity and technology risk management frameworks, together with basic cyber hygiene, remain robust against faster and more sophisticated AI-enabled threats. The recommendations focus on stronger visibility and control across the attack surface, including current inventories of externally reachable assets, cloud services, identities, critical applications and software dependencies, including third-party and open-source components. They also call for stronger foundational controls such as credential hygiene, Multi-Factor Authentication for critical systems and assets, least-privilege access, device hardening, micro-segmentation, zero trust controls, faster patching, replacement or upgrade of end-of-life systems and reduced unnecessary internet exposure. For administrative and privileged access, the memo recommends hardware-backed MFA such as FIDO2 or WebAuthn keys, smart cards or certificate-based authentication, and says knowledge-based passwords and communication-based SMS or push authentication should be discontinued for those uses. Institutions are further advised to adopt AI-enabled defensive tools for patch management, threat hunting, exposure management and security orchestration, use virtual patching to block exploit paths, and review business continuity management and plans for AI-enabled threats. The memo says these recommendations complement existing risk-based information technology and cybersecurity requirements under the Manual of Regulations for Banks and the Manual of Regulations for Non-Bank Financial Institutions. It also recommends that supervised institutions formally develop an AI governance framework proportionate to their AI systems, operational complexity and risk profile, following the principles set out in BSP Memorandum No. M-2026-031 dated 24 June 2026.