ECB gathers banks to discuss AI cybersecurity threats posed by Mythos.

      **Summary:** The European Central Bank (ECB) is meeting with banks on Tuesday to discuss the cybersecurity threats posed by AI models such as Anthropic’s Mythos, which has discovered numerous zero-day vulnerabilities. ECB Executive Board member Frank Elderson emphasizes the need for banks to expedite their patching processes, as AI can leverage weaknesses within minutes of a fix. The meeting arises amid rising concerns in European finance about Mythos, a leading AI model capable of identifying flaws in major systems and browsers.

      Elderson noted that banks have been working on cybersecurity issues for years, but the advancements in AI necessitate a quicker response. The ECB intends to alert financial institutions about the dangers posed by Mythos and similar technologies. It will also encourage US banks that have access through Anthropic's Project Glasswing to share their insights with European banks that currently do not have access.

      Access to Mythos is limited; only 40 to 50 organizations, including companies like Amazon and JPMorgan Chase, can use it, with no European banks on the list. During testing, the model successfully created working exploits over 83% of the time, often surpassing human experts. Anthropic has warned that adversaries might replicate similar capabilities within six to twelve months.

      Elderson's directive to banks is clear: they must patch vulnerabilities more swiftly, as AI can reverse-engineer fixes almost instantly after their release, shrinking the gap between identifying and exploiting flaws. European banks cannot use their lack of access to Mythos as a reason for inaction since malicious actors could soon obtain similar technologies.

      The ECB's call to action coincides with broader regulatory efforts across Europe, with finance ministers seeking access to Mythos. However, negotiations with Anthropic have made little headway, creating an opportunity for competitors like French startup Mistral AI, which is engaging European banks in developing its own cybersecurity solutions.

      Anthropic has opted to restrict access to Mythos through Project Glasswing, allowing partners to use the model to enhance their systems while sharing insights beyond the consortium to address regulatory concerns.

      The implications are significant, as Anthropic recently informed the Financial Stability Board about Mythos's findings at the behest of the Bank of England. Data from Palo Alto Networks reveals that advanced AI is detecting vulnerabilities at a rate seven times faster than usual, with only three to five months left before the industry runs out of defensive resources.

      The ECB's upcoming meeting will urge banks to comply with the Digital Operational Resilience Act, which mandates effective management of IT risks and incident reporting. However, it remains to be seen if the regulatory framework can keep up with AI technologies that discover long-standing vulnerabilities more rapidly than the institutions can address them. European banks are in a challenging position, having access to powerful tools for flaw detection that they cannot use, while regulators expect them to resolve the issues those tools would reveal. The pressure to resolve the access issue is escalating, yet without it, European banks are left to defend against unseen threats.