The European Central Bank (ECB) has called an urgent meeting with major banks to address cybersecurity risks revealed by recent advances in artificial intelligence. The gathering, scheduled for tomorrow, comes amid growing concerns over vulnerabilities in financial institutions’ IT systems exposed by Anthropic’s Claude Mythos Preview and similar AI models.
Frank Elderson, vice-chair of the ECB’s supervisory board, which oversees banking operations in the Eurozone, emphasized the need for accelerated action. He noted that while cybersecurity issues have long been a focus, the rapid progress in AI demands faster remediation by banks. The meeting aims to enable banks to share assessments and experiences, while reinforcing the critical nature of these emerging threats.
The ECB supervises approximately 111 of the largest Eurozone banks, including subsidiaries of major U.S. institutions such as JPMorgan Chase, which have been granted access to Mythos as part of Anthropic’s “Project Glasswing.” However, most European banks remain excluded from direct access to Mythos, fueling concerns about their ability to assess and respond to associated risks. Anthropic has limited the release of Mythos primarily to select U.S. organizations for testing and evaluation, noting that the AI has uncovered thousands of high-severity vulnerabilities across major operating systems and web browsers. The company cautioned that the potential fallout could have serious implications for economies, public safety, and national security.
Elderson pointed out the urgency of accelerating the deployment of software patches to address these vulnerabilities. He warned that once a patch is released, adversaries can reverse-engineer the weaknesses it fixes in as little as 30 minutes, significantly shortening the window for protective action. Consequently, banks must develop processes to apply patches far more rapidly than current industry standards.
Despite the lack of direct access to Mythos, Elderson expressed hope that U.S.-based banks participating in the meeting would share insights gained from their testing. He stressed that European banks cannot use this lack of access as an excuse for inaction, highlighting the risk that malicious actors might soon exploit such AI technologies.
Anthropic has agreed to provide high-level briefings to select non-U.S. entities, including the Financial Stability Board—comprising finance ministers and central bankers from G20 countries—and the European Commission. The ECB described the meeting as an unusual and urgent intervention, underscoring the transformative impact of AI-driven cybersecurity challenges and the pressing timeline to address them. Elderson concluded by urging banks to approach the situation with utmost seriousness, noting, "The clock is ticking."