European Central Bank gives banks four months to prepare for AI cyber attacks threat

2 Sources

Share

Europe's top banking watchdogs have issued urgent warnings about AI-driven cyber threats to financial stability. The European Central Bank has given 110 Eurozone banks until October 31 to develop comprehensive action plans against advanced AI models that can exploit vulnerabilities at unprecedented speed and scale.

European Central Bank Issues Urgent Directive on AI Cyber Attacks

The European Central Bank has taken decisive action against emerging AI cyber attacks, giving 110 Eurozone banks a tight four-month deadline to prepare comprehensive defense strategies

1

2

. Claudia Buch, chair of the ECB's supervisory board, sent a letter on Tuesday instructing lenders to submit detailed action plans by October 31 that include concrete measures to strengthen controls, allocate resources, assign clear responsibilities, and define implementation timelines

1

. The move reflects mounting concern among banking watchdogs about AI-enabled cyber threats that could undermine confidence and disrupt critical financial infrastructure.

Source: Reuters

Source: Reuters

Frontier AI Models Present Systemic Risks to the Financial System

In a parallel warning, the European Systemic Risk Board declared that frontier AI models such as Anthropic's Mythos represent systemic risks to the financial system across the Eurozone

1

2

. The ESRB, responsible for monitoring and preventing dangers to the region's financial system, emphasized that modern AI models can discover and exploit bugs "at a speed, scale and level of accuracy far exceeding previous AI models"

1

. These advanced capabilities mean IT weaknesses could now be "weaponised" in "a matter of minutes or hours," representing a fundamental shift for cyber security

1

. The concern centers on AI models whose cyber capabilities have become so powerful that access to some has been restricted, though this limitation currently excludes Eurozone banks

2

.

Source: FT

Source: FT

IT Security Upgrades and Third-Party Risk Management Take Priority

The ECB's directive requires banks to prioritize protecting internet-facing systems and other exposed technology assets, including third-party software and open-source components

2

. Short-term priorities include detecting and defending against large-scale attacks quickly while ensuring third-party risk management extends to IT service providers

1

. Over the medium term, banks must improve their cyber hygiene, modernize ageing technology, speed up vulnerability fixes, and strengthen monitoring capabilities

1

2

. The developments have "potentially profound implications for the confidentiality, integrity and resilience of banks' information and communication technology systems," the ECB stated in its letter to bank chief executives

2

.

Financial Stability Scenarios Range from Bank Runs to State-Backed Espionage

The ESRB outlined scenarios illustrating how AI-driven cyber threats could trigger cascading failures across the financial sector. Large-scale cyber disruptions could erode trust in financial institutions and potentially trigger runs on companies or countries perceived as less secure

2

. Risks range from gradual loss of confidence in smaller banks to state-backed espionage and coordinated attacks on payments systems, clearing and settlement infrastructure, potentially amplified by misinformation campaigns

2

. The watchdog warned that incidents could spread rapidly through common technology providers and shared software used across the financial sector

2

. To accommodate the urgent timeline, the ECB has postponed its annual IT risk questionnaire deadline from September to February, and may adjust on-site inspections and other supervisory activities on a case-by-case basis

1

2

.

Today's Top Stories

© 2026 TheOutpost.AI All rights reserved