The Guernsey Financial Services Commission has issued a Dear CEO letter asking regulated firms to review their technology risk management arrangements in response to advances in frontier artificial intelligence that can identify software vulnerabilities at much greater speed and scale. The Commission’s central message is that these tools may strengthen cyber defenses when used responsibly, but they also increase the likelihood that exploitable weaknesses across firms’ digital infrastructure will be found more quickly. Against that backdrop, it wants boards and senior management to treat technology risk as an evolving exposure that requires ongoing monitoring rather than a static compliance issue. The letter highlights vulnerability management, patching processes and third-party oversight as immediate areas for review. It stresses that advanced vulnerability discovery tools do not necessarily create new weaknesses, but expose weaknesses already present in systems used by firms, customers and markets, increasing the urgency of continuous maintenance and updates. Firms are expected to understand whether their IT patching regime remains appropriate if weaknesses need to be fixed in a significantly shorter timeframe without weakening checks and controls, and those relying on outsourced providers should ensure those providers can meet the firm’s needs in the changing environment.