FRANKFURT, Germany — European financial regulators are warning that a new generation of advanced artificial intelligence models could pose significant cyber threats to the banking system, prompting the European Central Bank to order major lenders to strengthen their defenses within four months.
The ECB’s chief banking supervisor, Claudia Buch, has directed 110 eurozone banks to submit comprehensive action plans by the end of October outlining how they will address cybersecurity risks associated with frontier AI models.
According to the Financial Times, Buch’s letter instructs banks to identify concrete measures to strengthen cybersecurity controls, allocate additional resources, assign clear responsibilities and establish implementation timelines.

Assessment Raised to ‘Severe’
The warning came alongside a separate assessment from the European Systemic Risk Board (ESRB), which raised its assessment of systemic cyber risk to “severe” from “elevated.” The ESRB said the latest generation of AI models represents a “paradigm shift” in cybersecurity because they can identify and exploit software vulnerabilities in minutes or hours, allowing attackers to automate highly sophisticated cyberattacks at unprecedented speed and scale.
The watchdog said financial institutions remain vulnerable because many continue to rely on legacy technology, face regulatory burdens and depend on software providers that may not issue security updates quickly enough, the Financial Times reported.
BoE Also Flags Concerns
The concerns were echoed by the Bank of England, which said rapid advances in frontier AI capabilities have increased risks to financial stability related to cyber and operational resilience.
However, Bank of England Gov. Andrew Bailey suggested a different regulatory approach than that being taken by the ECB.
“I saw what the ECB issued today. I think it is sensible in terms of highlighting the issue. But in all honesty we are taking a different approach,” Bailey said, according to the Financial Times. “We are working very closely with the banks, because … it is not about issuing edicts.”
Bailey also called for greater international cooperation on AI oversight, saying no single country can address the cybersecurity challenges posed by increasingly powerful AI models on its own.
Threat is Broad, Say Regulators
The regulators did not identify any specific AI system in their warnings, referring instead to frontier AI models generally. The Financial Times noted, however, that advanced systems such as Anthropic’s Mythos have drawn increasing attention from regulators because of their ability to identify previously undiscovered software vulnerabilities. Anthropic recently became the first AI developer subject to U.S. export restrictions over cybersecurity concerns before those restrictions were lifted after the company agreed to additional safeguards.
The European Commission also unveiled its own strategy to address cybersecurity risks associated with advanced AI. The plan calls for establishing an EU capability next year to evaluate advanced AI models, including their cybersecurity implications, while expanding support for governments and businesses to protect critical infrastructure.




