ECB Tells Banks to Prepare for AI-Driven Cyber Threats

Banks must speed up software patching, strengthen monitoring, and improve oversight of third-party technology providers, the ECB said.
ECB Tells Banks to Prepare for AI-Driven Cyber Threats
The European Central Bank headquarters in Frankfurt, Germany, on March 6, 2025. Jana Rodenbusch/Reuters
|Updated:
0:00

The European Central Bank (ECB) has told the euro area’s largest banks to submit cybersecurity defense plans by Oct. 31, warning that advances in artificial intelligence are making cyberattacks harder to stop.

Chair of the ECB Supervisory Board Claudia Buch told the chief executives of banks under the ECB’s direct supervision in a July 7 letter that new AI systems are changing the cyber threat landscape.

“Emerging AI models are capable of identifying software vulnerabilities and generating functioning exploits at unprecedented speed, compressing the timeline between vulnerability discovery and exploitation,” Buch said.

She said banks should respond immediately by strengthening existing cyber defenses and addressing weaknesses that supervisors have already identified.

The ECB’s warning follows similar concerns raised during the International Monetary Fund (IMF) and World Bank Spring Meetings in April, where financial leaders discussed how advanced AI could reshape cyber risks across the banking system.

One focus of those discussions was Claude Mythos Preview, an experimental AI model developed by Anthropic. In an April 7 statement, the company said the model had identified “thousands of zero-day vulnerabilities ... many of them critical” across major operating systems and web browsers.

Anthropic said on April 16 that it was taking a cautious approach to deploying the Claude Mythos Preview model, adding that it would limit its release while testing additional cybersecurity safeguards on less capable AI systems first.

Cyber Defense Plans

The ECB instructed euro zone banks to submit a detailed action plan by Oct. 31. The plans must explain how each bank will strengthen security controls, assign responsibilities, provide resources, and establish implementation timelines.

Each institution should build the plan around its existing cybersecurity strategy while addressing both immediate threats and long-term resilience, the ECB said.

The banks were asked to install security updates more quickly, improve cyber monitoring, and ensure that external technology providers can respond to growing cyber threats. The letter also aids internet-facing systems, cloud services, and third-party software, which were priority areas because they are more exposed to attacks.

In this illustration, the Claude AI app is seen in the app store on a phone in New York City on Feb. 16, 2026. (Michael M. Santiago/Getty Images)
In this illustration, the Claude AI app is seen in the app store on a phone in New York City on Feb. 16, 2026. Michael M. Santiago/Getty Images

Buch said bank leaders are responsible for protecting their institutions from evolving cyber threats and may need to spend more on technology and hire more staff.

The ECB also reminded banks that the Digital Operational Resilience Act remains the main regulatory framework for managing technology risks and said unresolved supervisory findings could become more serious as AI accelerates cyber threats.

Financial Cyber Risks

The ECB’s warning follows similar concerns raised by global financial leaders. The Bank of England Governor Andrew Bailey said in April that the rapid development of advanced AI marked a turning point for financial-sector cybersecurity.

He said the main concern was whether advanced AI systems could rapidly identify vulnerabilities in other software that attackers could exploit.

ECB President Christine Lagarde has also raised concerns, saying policymakers must carefully balance AI’s potential benefits against its risks.

European Central Bank (ECB) President Christine Lagarde speaks to the media following the Governing Council's monthly monetary policy meeting in Frankfurt, Germany, on March 6, 2025. (Jana Rodenbusch/Reuters)
European Central Bank (ECB) President Christine Lagarde speaks to the media following the Governing Council's monthly monetary policy meeting in Frankfurt, Germany, on March 6, 2025. Jana Rodenbusch/Reuters

“What risks are we opening ourselves to with the artificial intelligence that is currently being developed?” she said in April.

“Recent developments have alerted all of us about the latest software development and the risk that can be identified, for good or the risk that can be identified for bad.”

Lagarde added that economists remain divided over AI’s long-term impact on productivity, employment, and financial stability.

The ECB letter said the bank is coordinating with international organizations, including the G7, the Basel Committee on Banking Supervision, and the Financial Stability Board, to strengthen global cooperation against AI-enabled cyber threats.

Google LogoMark Us Preferred on Google
Evgenia Filimianova
Evgenia Filimianova
Author
Evgenia Filimianova is a UK-based journalist covering a wide range of international stories, with a particular interest in foreign policy, economy, and UK politics.