The European Central Bank is warning euro zone banks to increase cybersecurity investment as new artificial intelligence models make it easier to identify weaknesses in software and legacy banking systems.
Outgoing ECB Vice President Luis de Guindos said euro zone banks need to invest more in cybersecurity if they want to “get a grip” on new AI models that can find flaws in software.
AI models add pressure on bank defenses
The ECB’s warning comes as financial regulators grow more concerned about how advanced AI tools could change cyber risk.
Reuters reported that large language models such as Anthropic’s Mythos are viewed by cybersecurity experts as a significant challenge for banks and their older technology systems. The report said those concerns have triggered warnings from regulators and policymakers around the world.
The concern is that AI can accelerate the discovery of software vulnerabilities. For banks, that creates a problem because many financial institutions still rely on complex legacy systems, connected vendors, and layered digital infrastructure that may be difficult to patch quickly.
ECB has been questioning banks for weeks
The ECB is not only issuing a general warning. It has already been checking how prepared banks are.
The ECB has been “quizzing euro zone banks” about their preparedness for weeks, including at a meeting this week. De Guindos said the banking sector needs to “reach deeper into its pockets” to strengthen defenses against cyberattacks powered by AI.
Yahoo Finance shared that De Guindos told reporters that banks need to better understand the potential implications of new AI models and put in place “systems and cybersecurity patches” that can address the risk. He also said financial institutions must become more aware of the need for additional cybersecurity investment because the issue will be “quite structural” in the near future.
Small banks are also part of the warning
The ECB is making clear that AI-related cybersecurity risk is not only a problem for the biggest banks.
A meeting with euro zone lenders on Tuesday included a presentation by a U.S. bank that had access to Mythos, unlike European counterparts. De Guindos said the main message is that cyber risk is becoming more important and that investment must be “pervasive,” covering both large and small banks.
That point matters because smaller banks may have fewer resources, older systems, and smaller cybersecurity teams. If AI tools make attacks faster or more scalable, weaker institutions could become easier targets, even if they are not the largest players in the financial system.
Banking cyber risk enters the AI era
The ECB’s comments show how AI is changing the cybersecurity conversation in finance.
For years, banks have invested in cyber defenses against phishing, ransomware, fraud, and system intrusion. But AI models that can help detect software flaws, automate reconnaissance, or speed up vulnerability discovery could make those risks more intense.
For regulators, the concern is not only whether banks are using AI safely inside their own operations. It is also whether attackers may use AI to test, probe, and exploit financial systems faster than banks can respond.
The warning from de Guindos suggests that AI security is becoming a long-term cost of doing business in banking. Cybersecurity investment can no longer be treated as a periodic upgrade or compliance exercise. As AI tools become more capable, banks may need continuous monitoring, faster patching, stronger incident response, and more resilient systems across the entire sector.
