ECB warns euro area banks to urgently defend against AI-driven cyber threats
European Central Bank board member urges immediate patching of vulnerabilities, noting that lack of access to advanced AI tools is not a valid excuse for inaction.
The European Central Bank has issued a stark warning to financial institutions across the euro area, urging them to urgently prepare for cyberattacks facilitated by artificial intelligence. Frank Elderson, a board member and vice chair of the ECB’s bank supervision arm, stated that banks must act immediately to defend against threats posed by Anthropic’s Mythos AI model or similar tools.
In a statement published in the ECB’s Supervision Newsletter on Wednesday, Elderson emphasised that the lack of access to the Mythos model by European banks is not an excuse for inaction. He argued that this disparity actually heightens the urgency for European institutions to strengthen their defences, describing the situation as critical.
The warning comes as large US banks, which have been granted early access to Mythos, are reportedly rushing to fix data system weaknesses flagged by the tool. Elderson noted that cybersecurity experts view the model as a significant challenge to banking data technology systems, prompting regulators to issue a series of warnings regarding the new risk source.
ECB President Christine Lagarde has previously acknowledged the region’s competitive disadvantage due to limited access to the model. The central bank is currently studying defences against Mythos-guided cyberattacks, while preparing to ask monitored banks about their preparedness for this emerging threat, as reported by Reuters in April.
Elderson cautioned that banks must brace for future AI models that could enable even more aggressive attacks, noting that such tools may be released in quick succession. He stressed that banks and their contractors need to address minor vulnerabilities immediately, rather than waiting for standard, longer software update cycles.
The global gap in access to the AI model could widen for Europe, with Japan’s three largest banks likely to be cleared to start working with Mythos in approximately two weeks. This development underscores the pressure on European financial institutions to close the security and technological gap with their international counterparts.
The ECB’s intervention highlights the growing intersection of artificial intelligence capabilities and financial stability risks. As regulators grapple with the pace of technological advancement, the central bank’s stance signals that traditional software maintenance timelines are no longer sufficient to mitigate the evolving threat landscape.
