The eurozone’s top banking supervisor, the ECB, on Tuesday instructed major European banks to develop action plans to counter cybersecurity risks arising from increasingly powerful artificial intelligence systems.
The rise of AI models such as Anthropic’s Mythos, which excels at uncovering weaknesses in computer systems, has heightened concerns among European governments and policymakers.
The ECB’s supervisory board sent a letter to the 110 banks under its direct supervision, noting that the newest AI models constitute a “long‑term shift in the threat landscape rather than a temporary phenomenon.”
ECB Supervisory Board Chair Claudia Buch wrote, “While these developments do not introduce entirely new risks, they markedly increase the speed and scale at which such risks emerge.”
The ECB is asking major lenders—including Deutsche Bank, BNP Paribas and Santander—to submit by 31 October a plan outlining both immediate and longer‑term measures they will implement to bolster resilience against cyberattacks.
It said the plans should prioritize faster vulnerability and software‑patch management, stronger AI‑enabled monitoring and detection capabilities, and tighter scrutiny of third‑party technology providers and supply‑chain risks.
These initiatives must be driven from the highest levels of each institution, the ECB emphasized.
To allow banks more time to concentrate on the emerging threat, the ECB announced it would postpone its annual IT Risk Questionnaire from September 2026 to February 2027 and would consider adjusting other supervisory activities on a case‑by‑case basis.
After the deadline, the ECB will review each bank’s plan, discuss it with the institution, and conduct a horizontal analysis to uncover common weaknesses and best practices across the sector.
The letter also referenced other emerging technologies, including quantum computing, which it said “will have a significant impact on the cybersecurity landscape.” The ECB indicated it will address quantum‑computing risks in a separate letter “in due course.”
The supervisory board’s move coincides with a warning from the European Systemic Risk Board (ESRB), the EU body tasked with monitoring systemic financial risks.
On Tuesday the ESRB warned of “systemic cyber risks stemming from frontier artificial intelligence models.”
The warning follows the ESRB General Board’s June decision to raise its assessment of systemic cyber risk from “elevated” in March to “severe.”
The watchdog said frontier AI models represent a “paradigm shift” in cybersecurity and have become a source of systemic risk to the EU financial system, noting that “AI is already being used by malicious actors to enhance cyber‑attacks.”
The ESRB cautioned that AI could dramatically shrink the window for banks to identify and patch software vulnerabilities before exploitation, raising the risk of simultaneous cyber incidents across the financial sector.
It also warned that the concentration of leading frontier AI developers outside the European Union exposes the bloc to strategic dependency and geopolitical risk.
Anthropic, one of the world’s leading AI developers, has been creating increasingly capable frontier AI models. The company initially withheld the full version of Mythos over concerns that it could be misused to identify software vulnerabilities and aid hackers, before releasing a public version with built‑in safety safeguards last month.

