In February 2026, the Bank of Italy confronted a problem that sounded almost absurd: fraudulent videos and online content were circulating with the name and image of Governor Fabio Panetta, presenting him as if he were endorsing investment schemes. The central bank warned the public and referred the matter to judicial authorities.
The fraud targeted individuals, but the deeper damage was institutional. A monetary authority had to prove that it could still speak in its own voice.
Finance runs on trust before it runs on code. Depositors keep money in banks, merchants accept digital balances and citizens follow central-bank guidance because official communication remains credible. Once that voice can be manufactured, the attack reaches beneath the transaction to the confidence that makes the transaction possible.
For ASEAN, this is no distant European curiosity. The region’s rapid expansion of digital finance, uneven institutional capacity and dense cross-border connections make it a plausible first test case for how AI-enabled attacks on financial trust may unfold across the wider Global South.
Stay ahead of the geopolitical week.
MD Briefing delivers expert analysis across five global fronts — the Indo-Pacific, energy, geoeconomics, European security, and the Middle East — every Monday morning. Free.
A threat that moves faster
Financial crime, cybersecurity and geopolitics are beginning to overlap. In 2024, an employee in Hong Kong authorised transfers worth about US$25 million after joining what appeared to be a video call with senior colleagues. The people on the screen were synthetic.
Frontier AI changes the economics of such attacks. Banks already depend on legacy systems, third-party software, cloud providers and layers of authentication that were never designed for machine-speed vulnerability discovery. Anthropic’s Mythos Preview reportedly identified thousands of serious software weaknesses and demonstrated an ability to find and exploit zero-day vulnerabilities across major operating systems and browsers.
The IMF warned in May 2026 that AI-enabled cyber incidents could disrupt payments, create funding strains and spread stress across markets. Its later analysis stressed that the greatest danger may come less from entirely new attack types than from the scale and speed with which AI can amplify familiar weaknesses.
A false statement from a central bank, a synthetic video of a bank chief executive or an automated attack on a payment provider could therefore move from operational disruption to financial instability before institutions have established what is real.
The preparedness divide
Europe and Canada are already turning frontier-AI warnings into supervisory action. In July 2026, the European Central Bank wrote to bank chief executives about AI-enabled cybersecurity threats and asked institutions to submit action plans. Canada’s Office of the Superintendent of Financial Institutions has issued dedicated technology-risk bulletins on frontier, generative and agentic AI.
The value of these measures lies in the warning time they create. Regulators are identifying the capability, briefing senior management and requiring institutions to examine how quickly they can patch, recover and communicate.
ASEAN already has important building blocks. Singapore’s Project MindForge has produced practical AI-risk tools for financial institutions and is now extending safeguards to AI agents. Indonesia’s Financial Services Authority issued AI-governance guidance for banks in 2025, explicitly covering advanced systems. The Philippines has a 2024–2029 Financial Services Cyber Resilience Plan, overseen through a dedicated multi-stakeholder council. Malaysia’s central bank has consulted on AI in finance and operational resilience, while the Bank of Thailand continues to tighten measures against mule accounts and scam networks.
These initiatives are substantial, but they remain nationally uneven. Publicly available regional frameworks still do not show an ASEAN-wide financial-sector mechanism that combines frontier-AI alerts, coordinated bank stress testing, common response protocols and supervisory follow-up. For ASEAN, this creates a double asymmetry: the region is exposed to frontier capabilities developed elsewhere while remaining outside many of the earliest warning, testing and evaluation loops.
Why ASEAN may be the first test case
ASEAN’s exposure comes from the way its digital economy has developed. Financial inclusion has advanced through mobile wallets, QR payments, digital banks, fintech lending and cross-border payment links. This is a development success, but it has also multiplied the number of people, platforms and institutions connected to the same trust environment.
The risks are distributed differently across the region.
Indonesia combines the scale of Bank Indonesia’s QRIS ecosystem and expanding digital banking with a persistent gap between use and understanding. OJK’s 2025 survey placed financial literacy at 66.46 per cent and financial inclusion at 80.51 per cent. A credible rumour about a bank, wallet or payment channel could move quickly through messaging groups and merchant communities before an official clarification reaches the same audience.
The Philippines has gone further on sectoral cyber resilience. Its central bank launched the Financial Services Cyber Resilience Plan in August 2024 and inaugurated the Financial Cyber Resilience Governance Council in February 2025. Yet its highly active information environment creates a pathway through which political manipulation, deepfakes and fraud could spill into financial trust.
Malaysia presents another profile. Bank Negara Malaysia began formal work on AI governance and operational resilience while the country continued attracting major investment in data centres, cloud infrastructure and AI. MDEC reported RM30.95 billion in data-centre and cloud investments in the first half of 2025. That growth increases Malaysia’s strategic importance, but it also deepens exposure to infrastructure concentration, third-party dependence and the geopolitics of computing access.
Thailand’s mature payment networks coexist with persistent scam and mule-account risks. The Bank of Thailand has strengthened individual-level screening and interbank information exchange, but regional criminal networks remain capable of moving money and identities across jurisdictions.
None of these cases predicts an imminent crisis. Together, they show why ASEAN may become the first regional laboratory for AI-enabled financial trust shocks in the Global South: rapid adoption, varied regulatory capacity, sophisticated scam ecosystems and geopolitical relevance are already present in the same space.
The inclusion-resilience paradox
A state-centric approach will miss much of this danger. Digital finance operates through a multiplex ecosystem of central banks, commercial banks, fintech firms, cloud providers, payment platforms, telecommunications companies, media and citizens.
An attack may begin in one layer and produce damage in another. A deepfake may target a bank executive without touching the core banking system. A manipulated message may trigger withdrawals even when deposits remain secure. A compromised vendor may disrupt several institutions at once. Social media and private messaging channels can transform uncertainty into collective behaviour.
This is the inclusion-resilience paradox. The infrastructure that widens financial access can also accelerate fear when verification systems, public literacy and crisis communication develop more slowly.
For ASEAN, trust defence must therefore extend beyond model governance. Banks need to connect cyber risk, fraud, third-party concentration, liquidity planning and public communication. Regulators need protocols for authenticating emergency statements. Citizens need simple ways to verify official information before forwarding claims that may trigger financial panic.
From national initiatives to regional preparedness
ASEAN already has a regional foundation. The ASEAN Regional Computer Emergency Response Team, whose physical facility opened in Singapore in October 2024, supports information exchange, incident response and capacity-building across member states. An information-sharing mechanism followed in May 2025.
Its current mandate is broader than financial stability. Closer links with central banks, financial regulators, payment operators and sectoral cyber-response teams would allow the region to build a specialised layer for AI-enabled financial threats.
That layer could begin with shared alerts on frontier-model capabilities, common fraud typologies, joint simulations of synthetic bank runs and agreed verification protocols for central banks and major financial institutions. Supervisors could compare action plans and identify cross-border dependencies before a disruption exposes them.
Here, Digital Non-Alignment becomes a practical agenda built around shared intelligence, testing capacity and institutional coordination. It would allow ASEAN to remain globally connected without becoming a passive recipient of technological risks generated elsewhere.
The same lesson applies more broadly across the Global South. Financial sovereignty cannot be measured only by who owns a payment rail or where data are stored. It also depends on whether institutions can detect manipulation, preserve public confidence and recover before uncertainty becomes contagious.
When trust becomes the battlefield
The next financial shock may begin with a synthetic message that spreads through criminal networks and feeds geopolitical suspicion before institutions can establish what is real.
Europe and Canada are already creating supervisory warning time. ASEAN has serious national initiatives and a functioning regional cyber foundation, but its financial-sector response remains fragmented.
That makes Southeast Asia more than another vulnerable region. It may become the place where the Global South first learns whether digital-finance success can withstand an attack on trust itself.

