ECB fears “systemic risks to the financial system” from Frontier AI like Mythos
The European Central Bank’s (ECB) chief supervisor, Claudia Buch, has called on the Union’s largest lenders to submit detailed strategies for managing risks from advanced artificial intelligence (AI) by the end of October. The focus is on the dangers posed by so-called “frontier models,” which could massively accelerate cyberattacks.
In letters to the CEOs of the most significant EU banks, Buch warned that novel AI models are capable of identifying software vulnerabilities at unprecedented speeds and generating functioning exploits. This development drastically shortens the timeline between the discovery of a security flaw and its actual exploitation. This poses significant challenges to the confidentiality, integrity, and resilience of banks’ information and communication technology (ICT) systems.
“Emerging AI models are capable of identifying software vulnerabilities and generating functioning exploits at unprecedented speed, compressing the timeline between vulnerability discovery and exploitation. These developments have potentially profound implications for the confidentiality, integrity, and resilience of banks’ information and communication technology (ICT) systems,” wrote Claudia Buch. This represents “systemic risks to the financial system.”
Requirements for Banks
The requested action plans are to include concrete measures for strengthening internal control systems. According to Buch, institutions must ensure that necessary resources are allocated, clear responsibilities are assigned, and binding timelines for implementation are defined. A key aspect of the plans is also the assessment of external technology providers: banks must ensure that their third-party providers are also prepared for these new threat scenarios.
Although no direct sanctions are currently planned for non-compliance, the ECB announced it will use the plans to compare how banks perform in tackling AI risks and to initiate follow-up measures if necessary.
Systemic Risk to the Financial Sector
The ECB’s warning is complemented by an assessment from the European Systemic Risk Board (ESRB). The body describes cutting-edge AI models as a potential source of systemic risk for the financial industry. If cyber incidents were to spread through critical infrastructures such as payment, clearing, or settlement systems, they could severely shock the entire financial system. Without coordinated EU-wide measures, these dangers could evolve into structural vulnerabilities, increasing the likelihood of a system-wide event.
Although the authorities did not name specific models in their official warnings, the industry frequently refers to models such as Anthropic’s “Mythos,” which are already attributed with extensive cyber capabilities.
Adjustments to the Supervisory Cycle
To accommodate banks given the tight timeframe, the ECB has made an administrative adjustment: the deadline for the annual ICT risk questionnaire will be moved from September to February. Additionally, the European Commission will present its own action plan on AI risks today, which is intended to regulate, among other things, the safety testing of advanced models by the bloc.

