ECB to press banks on defences against AI cyber threats
TL;DR:
- The European Central Bank will write to euro-area banks demanding practical measures against AI-driven cyber risk.
- Board member Frank Elderson warned newer AI models help attackers find and exploit weaknesses faster.
- He argued smaller lenders may struggle to afford defences that larger banks can more easily fund.
Europe’s banking supervisor is moving from discussion to demands. After meeting commercial lenders last week, the ECB will send a so-called “dear CEO letter” asking every bank it oversees to take proactive steps to keep their systems robust, board member Frank Elderson said, with targeted follow-up for individual institutions.
Not just a cybersecurity problem
Elderson, also vice-chair of the ECB’s Supervisory Board, framed AI-enabled attacks as a strategic threat requiring sustained, board-level attention over years — not a problem to delegate to IT. He noted that rapidly advancing models can discover vulnerabilities and chain “seemingly minor issues into serious threats”, and warned that critical infrastructure banks depend on — cloud providers, payment systems, even electricity and water supplies — could become targets, making once-remote “tail risk” scenarios more plausible.
His concern about uneven defences echoes the wider picture. Anthropic’s new analysis of real attacks found AI is letting less-skilled actors run expert-grade techniques, precisely the asymmetry regulators fear. In the UK, the same anxiety is playing out around access to defensive tools, with OpenAI offering UK banks a cyber AI model after lenders were locked out of Anthropic’s Mythos.
Looking forward
Though the ECB supervises euro-area banks rather than UK ones, the direction of travel matters for British finance: supervisors are starting to treat AI cyber resilience as a core prudential issue, and the Bank of England is unlikely to stay silent. Elderson’s point that smaller lenders face a steeper cost burden is the awkward part — robust AI defences may widen the gap between large banks that can pay and the rest that cannot.