EVEDYEvedy logo
Compliance · 26 May 2026

APRA CPS 234 in the Age of GenAI: why passive governance is no longer enough

AI doesn't create new risk categories - it accelerates existing ones. Mapping CPS 234 to active, inline runtime enforcement.

Australian Prudential Regulation Authority (APRA)
All posts
VA
Vamsi Anusuri
Chief Product Officer, EVEDY

For Australian financial institutions, APRA Prudential Standard CPS 234 has long been the gold standard for cyber resilience - forcing organisations to maintain capability commensurate with their threats, protect critical information assets, and hold third-party vendors to the same rigorous bar.

But the arrival of Generative AI and autonomous agents has fundamentally disrupted the threat landscape. Regulators like APRA and ASIC have made it clear in recent guidance (26 May 2026): AI does not create a new category of risk - it accelerates existing ones. It compresses time, multiplies data movement, and opens massive "visibility gaps" where traditional, periodic manual controls fail.

If your organisation is relying on spreadsheets, quarterly audits, or passive AI registries to prove compliance, you are likely already lagging behind the pace of your own AI deployment.

01 · The Governance Gap

Why traditional controls are failing

CPS 234 requires controls "commensurate with the criticality and sensitivity" of information assets. When you deploy an AI agent to query a customer database, that agent is the information security control. If the agent lacks identity-bound access or cannot be monitored in real-time, the entity is in breach of its obligations.

Velocity mismatch
Traditional governance moves at the speed of a human meeting; AI moves at the speed of silicon. Controls that require manual intervention become bottlenecks that actually increase risk - driving Shadow AI adoption to bypass them.
Visibility decay
Logs tell you what happened an hour, a day, or a week ago. CPS 234 requires detection 'as close to real-time as possible'. A dashboard refresh on Friday is not a control - it is a post-mortem.
02 · Mapping

EVEDY: a runtime control plane for CPS 234

EVEDY was built to close the visibility-and-control gap APRA identified. We move governance from a periodic administrative task to active, inline runtime enforcement. Here is how EVEDY maps directly to the core pillars of CPS 234:

CPS 234 obligation → EVEDY controlruntime enforcement
CPS 234
Obligation
EVEDY control
§ Capability
Commensurate with threats
Inline runtime gateway, always-on
§ Identity
Access controls for non-human actors
Entra ID-bound prompt execution
§ Protection
Safeguarding information assets
Dynamic PII redaction in/out
§ Assurance
Testing & control effectiveness
Immutable cryptographic audit trail
§ Notification
Real-time incident detection
[BLOCK] events streamed to SIEM
Agent / User
Prompt issued
EVEDY active gateway inline
[ALLOW] · [BLOCK] · [REDACT]
Model / Data
Internal LLM · DB
On-prem SIEM
Splunk · Datadog (local)
Immutable audit
Cryptographic decision log
Pillar 1 · Commensurate with threats
Information security capability
EVEDY acts as an active, inline runtime gateway intercepting every AI prompt and response. Your AI security capability is always-on and scales instantly with traffic - regardless of how many agents or models you deploy.
Pillar 2 · No more anonymous agents
Identity-bound execution
Every AI invocation is tied to an authenticated enterprise identity (e.g. Entra ID). The agent does not 'have access' - the user does, and the agent acts as their proxy. If a prompt exceeds the user's clearance, EVEDY blocks it mid-flight.
Pillar 3 · Dynamic PII redaction
Protection of information assets
We don't just log data movement; we apply dynamic PII redaction. If an agent attempts to surface sensitive financial data to a user without authorisation, EVEDY masks it in the response stream before it reaches the UI.
Pillar 4 · Tamper-evident proof of control
Testing, assurance & immutable audit
Every [ALLOW], [BLOCK], and [REDACT] decision is logged with the exact policy triggered, user identity, and timestamp. When the regulator asks for proof, you provide a cryptographic record of enforcement - not a theory.
03 · Step Change

Urgency and discipline, at machine speed

APRA's recent letters to industry emphasise that boards and senior management are expected to act with "urgency and discipline." They expect entities to move away from low-value manual handoffs toward safe, controlled, and automated governance.

Real-time
Incident detection
Inline enforcement satisfies the 'as close to real-time as possible' obligation under CPS 234.
100%
Coverage of AI traffic
No prompt, no response, no agent invocation escapes the gateway - including Shadow AI.
Audit-grade
Cryptographic trail
Tamper-evident decision logs ship straight to your on-prem SIEM. Regulator-ready by default.

At EVEDY we view CPS 234 not as a hurdle but as a framework for excellence. By automating the governance layer, engineering teams ship AI agents at full speed - confident that their production environment is not just "compliant on paper," but actively resilient at the machine level.

"Don't let your compliance framework become a bottleneck. Treat speed as a core attribute of control effectiveness."
Audit your AI risk against CPS 234
Book an executive briefing to see active governance in action.
See the gatewayExecutive briefing