ECB Warns Banks to Prepare for AI-Powered Cyberattacks
European Central Bank regulators are pushing banks to immediately shore up their defenses against cyberattacks launched with artificial intelligence tools, even as European financial institutions lack access to the specific model that U.S. competitors are already using to identify vulnerabilities.
Frank Elderson, vice chair of the ECB's bank supervision division, said banks cannot use their lack of access to Anthropic's Mythos AI model as an excuse for delay. "Lack of access is not an excuse for inaction. On the contrary, it makes it even more critical that banks step up and act now," he said in an interview published in the ECB's Supervision Newsletter on May 13.
Large U.S. banks have been granted early access to Mythos and are already racing to patch security gaps the tool has identified in their systems, according to reporting by Reuters. The model has emerged as a significant threat to banking infrastructure, prompting warnings from regulators and cybersecurity experts across the industry.
The Access Gap Widens
The disparity in access to the technology is widening. Japan's three largest banks are expected to gain access to Mythos within two weeks, further extending the advantage held by U.S. and Japanese institutions over European competitors.
ECB President Christine Lagarde said earlier this month that the central bank is studying defenses against Mythos-guided attacks while operating at a disadvantage due to its own lack of access to the model.
Elderson warned that banks must prepare for future AI models that will be even more capable and released in rapid succession. The threat extends beyond banks themselves to their contractors and service providers, many of whom operate with outdated security practices.
Accelerating Security Patches
Banks and their contractors typically patch software vulnerabilities on longer update cycles. Elderson said they must now fix even minor weaknesses immediately rather than waiting for scheduled maintenance windows.
The ECB has already begun assessing how prepared the banks it supervises are for this new category of risk. The central bank's supervisors plan to question monitored institutions about their readiness for AI-assisted attacks.
For insurance professionals, this shift has immediate implications. As banks accelerate security investments and face potential breaches from AI-powered attacks, cyber insurance products and risk assessment frameworks will need to account for this emerging threat class. Understanding how financial institutions are responding to these warnings can inform underwriting decisions and policy development.
Learn more about AI for Insurance and how artificial intelligence is reshaping risk assessment in the financial sector.
Your membership also unlocks:
