ECB to quiz eurozone bankers on Anthropic Mythos cyber risk
TL;DR
- European Central Bank supervisors are gathering information about Anthropic’s Mythos model and plan to quiz eurozone banks about preparedness, Reuters reported on 15 April
- The approach is lower-key than the US — routine supervisory dialogue rather than ad-hoc CEO meetings — but signals AI cyber risk has joined the ECB’s 2026-2028 priority list
- This week’s regulator pile-on (ECB, Fed, BoE, NCSC, Canadian officials) marks one of the fastest cross-jurisdictional convergences on an AI capability concern on record
ECB supervisors are preparing to ask eurozone bankers about the risks posed by Anthropic’s Mythos model, according to a source familiar with the matter who spoke to Reuters. The ECB approach will run through routine supervisory dialogue with bank staff rather than emergency meetings with top executives — the method used in the United States last week when Treasury Secretary Scott Bessent and Fed Chair Jerome Powell convened bank chief executives to discuss the threat.
What ECB supervisors are actually worried about
Mythos is understood by cybersecurity experts to pose significant challenges to banking’s legacy technology stack. The model’s capability to “code at a high level” has given it what sources described to Reuters as a “potentially unprecedented ability to identify cybersecurity vulnerabilities and devise ways to exploit them.” That capability is why Anthropic said the current iteration, Claude Mythos Preview, will not be made generally available. Instead, the company launched Project Glasswing, a private evaluation programme including JPMorgan Chase alongside dozens of tech companies and cybersecurity vendors.
An ECB spokesperson declined to comment. The central bank had already listed technology risk as a supervisory priority for 2026-2028; the Mythos disclosure has effectively accelerated that agenda.
A coordinated regulatory response
The ECB move fits a striking pattern. In the past seven days, UK Technology Secretary Liz Kendall and Security Minister Dan Jarvis warned businesses that Mythos is “substantially more capable at cyber offence” than any model previously tested by the AI Security Institute. Bank of England Governor Andrew Bailey urged regulators to understand the implications quickly. St. Louis Fed President Alberto Musalem told Reuters the central bank must “revisit how we’re thinking about cybersecurity.” Canadian Finance Ministry and Bank of Canada officials met with bank executives last Friday to discuss Mythos. President Donald Trump, despite his administration’s Pentagon ban on Anthropic contracts, backed government AI safeguards for the banking system.
Looking forward
For UK-based European subsidiaries, dual ECB and PRA scrutiny is now the operating reality. Banks should expect supervisory questions on model-specific threat assessments, red-team preparedness, and third-party dependencies on AI providers with access to frontier capabilities. The 2026-2028 ECB tech risk window is now compressed: what was a three-year agenda has become an urgent one. Expect the first wave of supervisory deep-dives within months.