Banks face four-month deadline to bolster cyber defences against frontier artificial intelligence
Lenders have been handed a stark warning by Europe's top banking watchdogs, who say advanced artificial intelligence systems, including Anthropic's Mythos, could pose a serious threat to financial stability, and have set a four-month deadline for banks to strengthen their defences.
The European Central Bank's chief supervisor, Claudia Buch, wrote to 110 banks on Tuesday requiring them to submit a plan for tackling cyber risks linked to advanced AI by the end of October.
Separately, the European Systemic Risk Board (ESRB) cautioned that such technology could threaten financial stability across the eurozone, as it allows criminals to automate sophisticated attacks cheaply, while banks remain slowed by regulation, outdated systems and delayed software updates.
The Bank of England (BoE) issued a similar warning on Tuesday, stating that rapid progress in frontier AI had increased risks to cyber and operational resilience within financial markets.
BoE governor Andrew Bailey (pictured right), however, distanced the UK from the ECB's approach. “I saw what the ECB issued today,” he said. “I think it is sensible in terms of highlighting the issue. But in all honesty, we are taking a different approach. We are working very closely with the banks, because... it is not about issuing edicts.”
Regulators globally have grown increasingly concerned about a new wave of AI systems capable of identifying large numbers of previously undetected IT vulnerabilities.
The ESRB, tasked with monitoring risks to the EU financial system, said the new generation of AI represents a shift in cyber security, since weaknesses can now be exploited within minutes or hours. It said such tools can find and exploit software flaws with far greater speed, scale and precision than earlier AI systems, and raised its assessment of systemic cyber risk from "elevated" to "severe".
Anthropic, one of the most prominent AI developers alongside competitors such as OpenAI, became the first AI company to face export restrictions imposed by the White House, after officials expressed concern that its technology could be exploited to target vulnerabilities in critical infrastructure. Those restrictions on its flagship models were removed last week once the company agreed to introduce additional safeguards.
Bailey called for international cooperation on AI oversight. “These models are a big step forward in terms of capabilities and the threat issue is a really major step forward,” he said. “No single country can think that it can solve that resilience problem on its own.”
The European regulators did not refer directly to Mythos in their statements, instead using the broader term "frontier artificial intelligence models".
The warnings preceded the European Commission's own plan, published later the same day, to address the cyber security risks posed by advanced AI. The Commission intends to launch an EU-wide evaluation capacity for such models next year, which will assess cyber security risks, and will provide additional support to governments and businesses to protect critical infrastructure.
In the meantime, the ECB and ESRB have urged banks to accelerate improvements to their IT security.
In her letter, Buch said banks' action plans should include “concrete measures to strengthen relevant controls, allocating the necessary resources, assigning clear roles and responsibilities and defining timelines for implementation”.
She added that lenders must be able to detect and respond to large-scale attacks quickly in the short term, and ensure third-party IT providers can do the same.
Want to be regularly updated with mortgage news and features? Get exclusive interviews, breaking news, and industry events in your inbox – subscribe to our FREE daily newsletter. You can also follow us on Facebook, X (formerly Twitter), and LinkedIn.


