ECB advises banks to prepare for AI-related cyber threats.
Europe's banking regulator has a new concern: an AI model sophisticated enough to infiltrate the financial system. It requires all major banks to formulate a strategy by October.
The European Central Bank (ECB) has issued a warning to the largest banks in the eurozone. Frontier AI now represents a significant cyber threat, and financial institutions must develop plans to address it, according to Politico. Claudia Buch, chair of the ECB’s supervisory board, communicated this to bank CEOs and set a deadline for the end of October.
What the ECB requires
Buch urged banks to accelerate software updates and strengthen their AI-driven cyber defenses. She also called for increased scrutiny of the external technology providers they depend on. In the long run, banks need to upgrade outdated infrastructure and enhance their crisis management strategies.
While there are no penalties for non-compliance, banks that disregard the directive will not face formal consequences. The ECB stated that it may still utilize these plans to compare banks with one another and urge those that are lagging behind.
The Mythos effect
A particular model is at the forefront of this letter: Anthropic’s Claude Mythos. Anthropic claims that Mythos can identify unknown weaknesses in IT systems and has already detected thousands of significant vulnerabilities in major operating systems and browsers. Initially, the company restricted its users, which caused anxiety within European finance.
Buch expressed her concerns clearly. She noted that emerging models can identify software vulnerabilities and create working exploits “at unprecedented speed,” effectively narrowing the gap between discovering a flaw and exploiting it.
A systematic risk, not merely a banking issue
The ECB did not act in isolation. On the same day, the European Systemic Risk Board raised its evaluation of systemic cyber risk to “severe.” It indicated that frontier AI should now be considered a distinct source of systemic risk.
The board highlighted another concern. Most leading AI providers are located outside the European Union, leaving the region reliant on foreign companies and vulnerable to geopolitical pressures. It urged Europe to bolster its own AI capabilities.
Why it matters
This initiative aligns with a broader European urgency. ECB President Christine Lagarde warned last month that AI could precipitate a perilous financial crisis. The ECB has previously conducted drills simulating a severe cyber-attack on 109 banks. The threat is very real, with state-sponsored attacks increasing and European institutions, including France’s statistics office, already targeted.
A market has emerged in response to these fears. French startup Mistral is negotiating with European banks to provide a tool for identifying flaws. It is one of several companies racing to develop a domestic solution to Mythos. For now, regulators are clear about the risks but less specific regarding the solutions. Banks have until October to demonstrate their readiness.
Other articles
ECB advises banks to prepare for AI-related cyber threats.
The ECB has instructed euro-zone banks to present action plans addressing frontier-AI cyber threats by the end of October, as EU regulators highlight a "serious" systemic risk.
