Leadership in the Age of AI

What happens when your one AI vendor goes down? APRA wants your exit plan

Thomas Green 4 July 2026 6 min read
In short

APRA found entities leaning on a single AI provider with untested exit plans, and judged point-in-time assurance unfit for models that drift. CPS 230 already requires tested continuity. Resilience is a substitution you have rehearsed, not a document you filed.

Key points
  • APRA's 30 April 2026 AI letter found entities "heavily dependent on a single provider for multiple AI use cases", and that "few had demonstrated robust contingency planning or tested exit and substitution strategies for critical AI providers".
  • The risk is not theoretical. In July 2024 one faulty update from a single vendor (the cybersecurity firm CrowdStrike, not an AI model) crashed systems across banks, airlines and hospitals worldwide, and one airline alone later reported roughly US$380 million in direct costs. Concentration plus an untested fallback is the exposure.
  • APRA also judged most AI assurance unfit for purpose: "point in time and sample based assurance methods", it said, are "ill suited to probabilistic models that learn, adapt and degrade over time".
  • CPS 230, in force since 1 July 2025, already requires management of material service providers and tested continuity. Mapping your AI supply chain and rehearsing substitution is now an expectation, not a nice-to-have.

"Almost everything we shipped this year runs through one AI provider, and when someone in the meeting asked what the plan is if they fail, or simply change the model under us overnight, the room went quiet." An executive told me that recently, and the silence he described is the real finding. It was not that the answer was bad. It was that there was no answer, and nobody had noticed the gap until the question was said out loud.

APRA noticed it across the industry. In its 30 April 2026 letter to banks, insurers and superannuation trustees, the regulator singled out exactly this pattern: a heavy reliance on one AI provider for many use cases, with little tested planning for the day that provider fails, prices you out, or quietly changes the model you built on. The uncomfortable answer to "what happens when your AI vendor goes down" is, for most entities right now, that nobody has rehearsed it.

What did APRA say about relying on a single AI vendor?

It named concentration as a specific, growing risk. APRA observed entities depending on a single provider across multiple critical use cases, and found that few had demonstrated robust contingency planning or tested exit and substitution strategies (a substitution strategy being a worked-out way to move to an alternative provider or process without the business stopping). It went further than the obvious supplier, asking entities to map "the full AI supply chain, including material, third-party and fourth-party dependencies". A fourth-party dependency is your provider's own critical supplier: the model host, the chip capacity, the data source sitting behind the company you actually contract with.

This concentration has built quietly because adoption has run so far ahead of governance. One 2026 industry survey reported that 98% of financial institutions have now deployed AI in some form. When almost everyone is building, and a small number of frontier providers supply most of the underlying models, the entire sector ends up leaning on a handful of the same shoulders. That is efficient until the moment it is fragile.

Why is concentration risk more than a hypothetical?

Because we have already watched it happen, at scale, in living memory. On 19 July 2024 a single faulty software update from the cybersecurity vendor CrowdStrike crashed Windows systems around the world, grounding flights and freezing banks, hospitals and government services. It is worth being precise: that was not an AI failure, it was a third-party software failure. The lesson transfers exactly though. One vendor, embedded in everything, with no rehearsed way to operate without it, equals systemic exposure. Delta Air Lines alone later reported around US$380 million in direct costs from the few days of disruption.

Now picture the same shape with a frontier AI provider instead of a security agent. The provider suffers an outage, or deprecates the model version your credit and claims processes were tuned to, or changes its terms. If your fallback exists only as a paragraph in a policy nobody has tested, you discover the gap at the worst possible moment. APRA is asking entities to find that gap on a quiet afternoon, deliberately, rather than on the day it costs them.

What APRA expects on AI supplier riskThe common gap it found
Visibility over the full supply chain, including fourth partiesSight of the direct vendor only
Tested exit and substitution strategies for critical providersContingency that exists on paper but has never been run
Active management of concentration across use casesOne provider quietly underpinning many critical processes
Contracts giving transparency, auditability and assuranceLimited ability to see inside model changes or performance

Pressure-test your AI resilience before it is tested for you

The most useful thing a leadership team can do this quarter is map where the whole organisation leans on one AI provider, and rehearse the day it is not there. We run that exercise with executive and risk teams.

Book your Strategy Session

Why will your current assurance miss this?

Because it was designed to certify a moment, and an AI system lives in motion. APRA was direct about the mismatch: entities lean on point-in-time and sample-based assurance methods that are ill suited to probabilistic models, which learn, adapt and degrade over time. A traditional audit samples a process, signs it off, and moves on. That works for a system that behaves the same way tomorrow. It fails for a model whose behaviour shifts as its inputs and its provider change underneath you.

APRA also noted that internal audit functions often lack the specialist skills and tools to assess AI at all, and that second-line risk functions (the independent oversight teams that sit between the business and the auditors) frequently cannot technically evaluate probabilistic or agentic systems. So the gap is twofold: the method is wrong, and the people asked to apply it have not been equipped. Continuous, proportionate monitoring across the model's life, watching for drift and customer impact, is what the regulator expects in its place.

Resilience is not a document you file. It is a substitution you have actually rehearsed.

What does a tested exit plan actually look like?

It looks like something you have run, not something you have written. CPS 230, the operational risk standard in force since 1 July 2025, already requires management of material service providers and continuity you can rely on, so this is a current obligation rather than a future one.

  1. Map the whole chain. List every critical AI use case, the provider behind it, and the fourth parties behind that provider. You cannot manage concentration you cannot see.
  2. Write the failure scenarios. Build plausible and systemic cases: an outage, a model deprecation, a price shock, a contract change. APRA specifically asks for these.
  3. Rehearse the substitution. Actually move a use case to an alternative, or to a manual process, in a controlled test. A plan you have never run is a hope, not a control.
  4. Fix the contracts. Secure transparency, auditability and notice of material model changes, so a provider cannot alter the ground beneath a regulated decision without your knowledge.
  5. Set concentration limits. Decide, as a board, how much of your critical activity may ride on any single provider, and hold the line.

APRA has asked the industry for a step-change, and supplier resilience is where the warning has the sharpest teeth, because the failure mode is sudden and very public. Resilience is not a binder on a shelf. It is a substitution you have already rehearsed, a chain you can actually see, and a model you are watching while it moves. Run the quiet test now, so the loud one never gets to choose the timing.

This is the third piece in a series on APRA's AI letter. The others cover what APRA now expects of your board, and why your existing risk framework already governs your AI.

Frequently asked questions

What is AI concentration risk, and why does APRA care about it?
Concentration risk is the exposure created when many critical processes depend on a single provider, so one failure cascades across the business. APRA's 2026 AI letter found entities heavily reliant on one AI provider across multiple use cases, with few having tested exit or substitution strategies. Because that fragility can hit a whole institution at once, the regulator now expects it to be mapped, scenario-tested and actively managed.
What is a fourth-party dependency?
It is your provider's own critical supplier. If you contract an AI vendor, your third party is that vendor; the fourth parties are the model host, compute provider or data source the vendor itself relies on. APRA asks entities to map the full AI supply chain, including these fourth parties, because a failure two steps removed can still stop your regulated process.
Why is point-in-time assurance inadequate for AI?
Point-in-time assurance certifies that a system was acceptable on the day it was checked. AI models are probabilistic and adaptive: they can drift and degrade as data and the underlying provider change, so a clean check last quarter says little about today. APRA expects continuous, proportionate monitoring across the model's life, watching for drift and customer impact, rather than periodic sample-based sign-off.
Thomas Green

About the author

Thomas Green

British technology futurist, AI keynote speaker and advisor. Thirty years across enterprise technology and AI strategy, helping leaders navigate the future of work. The futurist who died.

Get Thomas’ thinking into your inbox

Thoughts, stories and ideas on AI, leadership, and the future of work.