Big-time lenders in the eurozone have until October 31 to present an action plan to the European Central Bank (ECB), according to an order from the regulator to ensure that the regionβs biggest lenders all score passing grades on their preparedness to defend against AI-driven cyberattacks.Β
The warning from the apex bank on the Old Continent arrives as the newest AI models have routinely gotten better at finding and exploiting software flaws faster than anyone can patch them, as noted in earlier Cryptopolitan reports.Β
Which European banks need to come up with AI action plans?
The ECB instruction that became public on July 7 was sent as letters to bank chief executives. However, the missive matters to every stakeholder, including anyone who moves money through the European financial system.
Claudia Buch, who sits at the head of the ECBβs supervisory board, told CEOs to spell out how they will board up their own systems as well as the standards of the outside technology providers they depend on.Β
For now, banks that miss the October deadline will not face any fines. Instead, the ECB said the evaluation could impact lendersβ reputation with the regulator. However, it did say it could press laggards to catch up.
Why is the ECB worried about AI now?
The ECBβs letter is the regulatorβs response to new AI models such as Anthropicβs Mythos, which have proven to be exponentially more cyber capable than earlier versions. The European headache is compounded by the fact that their access to these models depends on forces beyond their control.Β
Buchβs letter echoed those sentiments. She wrote that βemerging AI models are capable of identifying software vulnerabilities and generating functioning exploits at unprecedented speed, compressing the timeline between vulnerability discovery and exploitation,β with βpotentially profound implications for the confidentiality, integrity and resilienceβ of banksβ information and communication technology.
What does the ECB want banks to do?
For banks to get a passing grade on their action plan, they must first tick certain boxes.Β
For example, the ECB mandated for banks to double down on security for systems with internet exposure and similarly exposed assets. Third-party software and open-source components are also expected to be under the same scrutiny level.Β
Faster patches on vulnerabilities, tighter monitoring, best-in-class replacements for aging tech, revision of crisis management, recovery, and information-sharing setups were also on the to-do list.Β
The ESRB is warning about the same thing
The European Systemic Risk Board (ESRB) was on the same page as the ECB, with the EU bodyβs warning that frontier AI models βshould be treated as a source of systemic riskβ by the finance industry, arriving on the same day.Β
The ESRB, whose role is to issue recommendations to national and European authorities, named contagion as its top concern.Β
The push follows months of escalating alarm from senior officials. The Financial Times reported that the ECB summoned banks over flaws the latest AI models exposed, and separately described watchdogs issuing a stark warning over AI-driven attacks.Β
In June, IMF Managing Director Kristalina Georgieva said advanced AI could βdestroy the financial systemβ and told reporters that βMythos is just the beginning, there will be more like it.β Buch had flagged the direction of travel earlier, in a June 3 speech titled βStrengthening operational resilience for the age of AI.β
The regulatory pile-on continued on the same day, with the European Commission due to release its own action plan on AI risks, laying out how the bloc will take part in safety testing of advanced models.
If you're reading this, youβre already ahead. Stay there with our newsletter.



















English (US)