2 Sources
[1]
Top banking watchdogs issue stark warning over AI-driven cyber attacks
Europe's top banking watchdogs have warned that frontier AI models such as Anthropic's Mythos pose "systemic risks to the financial system" as they gave lenders a tight four-month deadline to prepare for cyber security threats. The Eurozone's chief banking supervisor Claudia Buch on Tuesday sent a letter to 110 lenders giving them until the end of October to come up with a "comprehensive action plan" to combat the cyber risks posed by state of the art AI models. These should include "concrete measures to strengthen relevant controls, allocating the necessary resources, assigning clear roles and responsibilities, and defining timelines for implementation", said Buch, who is chair of the European Central Bank's supervisory board. In a separate warning issued on Tuesday, the European Systemic Risk Board said modern AI models can undermine financial stability across the Eurozone. The ESRB, which is responsible for monitoring and preventing dangers to the region's financial system, said the latest technology can discover and exploit bugs "at a speed, scale and level of accuracy far exceeding previous AI models". They represent "a paradigm shift for cyber security" as IT weaknesses could now be "weaponised" in a "matter of minutes or hours", it said. The watchdogs did not name Mythos in their warnings but referred to "frontier artificial intelligence models" in general. As a consequence, the bodies are urging banks to rapidly beef up their IT security capabilities. Over the short term, lenders need to be in a position to detect and fend off large-scale attacks quickly and to ensure that their third-party IT service providers are also able to do so, Buch stressed in her letter. Over the medium term, lenders also need to improve their "cyber hygiene", she added. In an attempt to compensate for the tight timeline, the ECB is postponing the deadline for its annual IT risk questionnaire, which banks now have until February to file rather than September. "Potential adjustments to other supervisory activities, such as on-site inspections or deep dives, will be considered on a case-by-case basis," Buch said in her letter.
[2]
ECB tells banks to draw up plans against AI attacks amid disruption fears
FRANKFURT, July 7 (Reuters) - The European Central Bank on Tuesday gave euro zone banks four months to draw up plans to counter AI-enabled cyber threats that could undermine confidence in the financial system and disrupt payments. The move reflects mounting concern among regulators about advanced AI models such as Anthropic's Mythos whose cyber capabilities have become so powerful that access to some of them has been restricted -- a limitation that currently excludes euro zone banks. "These developments have potentially profound implications for the confidentiality, integrity and resilience of banks' information and communication technology (ICT) systems," the ECB said in a letter to bank chief executives. It told banks to prioritise protecting internet-facing systems and other exposed technology assets, including third-party software and open-source components, while speeding up vulnerability fixes and strengthening monitoring. The euro zone's top banking supervisor also urged lenders to modernise ageing technology, improve cyber hygiene and strengthen crisis-management, recovery and information-sharing arrangements. Banks have until October 31 to submit their plans. To free up resources, the ECB has postponed a separate IT survey and may adjust inspections and other supervisory work. In a warning published alongside the ECB's letter, the European Systemic Risk Board said large-scale cyber disruptions could erode trust in financial institutions and even trigger runs on companies or countries perceived as less secure. "The ESRB considers these developments to be a source of systemic risks to the financial system," said the ESRB, a European Union body that issues recommendations to other authorities. To illustrate the risks, the ESRB outlined scenarios ranging from a gradual loss of confidence in smaller banks to state-backed espionage and coordinated attacks on payments, clearing and settlement systems, potentially amplified by misinformation campaigns. It said incidents could spread quickly through common technology providers and shared software used across the financial sector. Reporting by Francesco Canepa. Editing by Mark Potter Our Standards: The Thomson Reuters Trust Principles., opens new tab
Share
Copy Link
Europe's top banking watchdogs have issued urgent warnings about AI-driven cyber threats to financial stability. The European Central Bank has given 110 Eurozone banks until October 31 to develop comprehensive action plans against advanced AI models that can exploit vulnerabilities at unprecedented speed and scale.
The European Central Bank has taken decisive action against emerging AI cyber attacks, giving 110 Eurozone banks a tight four-month deadline to prepare comprehensive defense strategies
1
2
. Claudia Buch, chair of the ECB's supervisory board, sent a letter on Tuesday instructing lenders to submit detailed action plans by October 31 that include concrete measures to strengthen controls, allocate resources, assign clear responsibilities, and define implementation timelines1
. The move reflects mounting concern among banking watchdogs about AI-enabled cyber threats that could undermine confidence and disrupt critical financial infrastructure.
Source: Reuters
In a parallel warning, the European Systemic Risk Board declared that frontier AI models such as Anthropic's Mythos represent systemic risks to the financial system across the Eurozone
1
2
. The ESRB, responsible for monitoring and preventing dangers to the region's financial system, emphasized that modern AI models can discover and exploit bugs "at a speed, scale and level of accuracy far exceeding previous AI models"1
. These advanced capabilities mean IT weaknesses could now be "weaponised" in "a matter of minutes or hours," representing a fundamental shift for cyber security1
. The concern centers on AI models whose cyber capabilities have become so powerful that access to some has been restricted, though this limitation currently excludes Eurozone banks2
.
Source: FT
The ECB's directive requires banks to prioritize protecting internet-facing systems and other exposed technology assets, including third-party software and open-source components
2
. Short-term priorities include detecting and defending against large-scale attacks quickly while ensuring third-party risk management extends to IT service providers1
. Over the medium term, banks must improve their cyber hygiene, modernize ageing technology, speed up vulnerability fixes, and strengthen monitoring capabilities1
2
. The developments have "potentially profound implications for the confidentiality, integrity and resilience of banks' information and communication technology systems," the ECB stated in its letter to bank chief executives2
.Related Stories
The ESRB outlined scenarios illustrating how AI-driven cyber threats could trigger cascading failures across the financial sector. Large-scale cyber disruptions could erode trust in financial institutions and potentially trigger runs on companies or countries perceived as less secure
2
. Risks range from gradual loss of confidence in smaller banks to state-backed espionage and coordinated attacks on payments systems, clearing and settlement infrastructure, potentially amplified by misinformation campaigns2
. The watchdog warned that incidents could spread rapidly through common technology providers and shared software used across the financial sector2
. To accommodate the urgent timeline, the ECB has postponed its annual IT risk questionnaire deadline from September to February, and may adjust on-site inspections and other supervisory activities on a case-by-case basis1
2
.Summarized by
Navi
25 May 2026•Policy and Regulation

13 May 2026•Policy and Regulation
20 Apr 2026•Policy and Regulation

1
Policy and Regulation

2
Policy and Regulation

3
Policy and Regulation
