(17 June 2025 – Australia) CBA is reinforcing its security engineers with pilot generative AI (GenAI) capability as well as 1200-plus “security champions” bank-wide.
The initiative seeks to embed security culture in all corners of the bank with the group’s security champions program running for several years but only referenced externally this year. Security champions receive training to develop a “security skillset” and generally comprise a “technologist, product owner or engineer” employed in various parts of the bank.
GenAI could aid the work of both security engineers and champions across the bank in future.
“The tools, based on AWS Bedrock, could augment and accelerate security assessments performed for software products and features developed at the bank. Some of the ways the technology can help actually reason and do what’s usually between the two ears of a security professional has been pretty powerful” commented CBA CIO for Group Security Harvey Deak at the AWS Summit Sydney.
“We’re looking forward to rolling this out en masse to the security champions program to augment both the human side of it, but also augmenting some of our security assessments as part of scaling the program out.”
“By embedding security champions within key areas, CBA effectively scaled its security practices while ensuring collective responsibility across the organisation.”
“There was a four times increase in the speed of our cyber security reviews and our processes in the software and system development lifecycle. That ultimately sped up the delivery of features and changes to our systems and products, translating into two times more technology changes, but also quality increased, so there have been 2.5 times fewer incidents as we’ve scaled this program out. Most importantly, the number of security issues and defects that were making their way through [to production] fell off a cliff” Deak added.