Banking

The ECB demands of European banks a plan to protect themselves from AI threats

The emergence of Anthropic's advanced models pushes the European regulator to demand security measures from the financial sector

ARA
07/07/2026

BarcelonaThe European Central Bank (ECB) has urged the main financial institutions in the euro area to present "by October 31, 2026" a comprehensive action plan with concrete measures to address cybersecurity threats related to cutting-edge artificial intelligence (AI) models, such as Mythos, developed by Anthropic.

In a letter addressed to the CEOs of the most significant banks in the euro area, the Chair of the ECB's Supervisory Board, Germany's Claudia Buch, warns that the ability of emerging AI models to identify vulnerabilities and generate functional exploits has potentially profound implications for the confidentiality, integrity, and resilience of the information and communication technology (ICT) systems of the banking sector. "This is a long-term shift in the threat landscape, rather than a temporary phenomenon or a risk linked to a single tool," she states in the letter, published this Tuesday by the ECB.

Cargando
No hay anuncios

In late May, the ECB met with European entities to analyze the implications of cutting-edge AI models for the sector, and Frank Elderson, Dutch representative on the ECB's Executive Board and Vice-Chair of the institution's Supervisory Board, had already announced that the institution would send a letter to all senior managers of the largest banks in the eurozone to request the implementation of proactive measures to ensure the robustness and security of their systems in the face of these changes. In this regard, in her letter, Buch urges key entities to promptly assess the impact of the threat landscape and to develop "a comprehensive action plan outlining concrete measures" to strengthen relevant controls, allocate necessary resources, clearly define roles and responsibilities, and establish implementation timelines.

This action plan, which banks will have to present to ECB technicians by October 31, 2026, must include the entity's cyber risk strategy and address both immediate priorities and long-term strategic aspects. The banking supervisor will conduct a cross-analysis of the various action plans presented by the banks to identify trends, challenges, and areas for improvement, and will share the conclusions with the entities.

Cargando
No hay anuncios

In the short term, the ECB asks the banking sector to accelerate the management of large-scale vulnerabilities; improve detection and AI-based defensive capabilities; and verify that third-party risk management is adequate, considering the role of ICT service providers in critical supply chains. In addition, the ECB points out that long-term operational and cyber resilience must be strengthened through structural measures, including strengthening defense in depth and cyber hygiene, as well as modernizing infrastructure.

Fears about Anthropic

For years, the emergence of AI systems has been a potential risk factor identified by the ECB, but the presentation in early April of Mythos, then the most advanced AI model of the North American multinational Anthropic, prompted state regulators on the continent and most European Union institutions to gather information on its potential risks. Mythos's ability to detect software vulnerabilities led the company led by Dario Amodei to cautiously limit its implementation.

Cargando
No hay anuncios

In early June, Anthropic expanded access to Claude Mythos Preview to approximately 150 new organizations based in more than 15 countries, including Spain, thus extending the reach of Project Glasswing, the collaborative initiative implemented by the North American start-up since early April together with 50 initial partners with preferential access to its advanced AI model, including US authorities and companies in the country.