The European Central Bank on Tuesday ordered euro zone banks to submit plans by 31 October to defend against artificial intelligence-enabled cyber attacks, warning that increasingly capable AI models could threaten confidence in the financial system and disrupt payments.

The ECB has given lenders four months to outline measures to counter cyber risks linked to advanced AI systems, reflecting growing concern among financial regulators about the ability of sophisticated models to exploit vulnerabilities.

In a letter to bank chief executives, the ECB said recent developments had “potentially profound implications for the confidentiality, integrity and resilience” of banks’ information and communication technology systems.

Banks have been instructed to prioritise protecting internet-facing systems and other exposed technology assets, including third-party software and open-source components. The ECB said lenders should accelerate vulnerability patching, strengthen monitoring, modernise ageing technology, improve cyber hygiene and reinforce crisis management, recovery and information-sharing arrangements. To free up resources, the central bank has postponed a separate IT survey and said it may adjust inspections and other supervisory work.

The ECB’s intervention follows restrictions on access to some of the most advanced AI models because of their cyber capabilities, including Anthropic’s Mythos, with euro zone banks currently excluded from using those systems. Regulators fear increasingly powerful AI tools could make cyber attacks more effective and harder to detect, increasing operational risks across the banking sector.

In a warning published alongside the ECB’s letter, the European Systemic Risk Board said large-scale cyber disruptions could have consequences beyond individual institutions by damaging confidence in the financial system. “The ESRB considers these developments to be a source of systemic risks to the financial system,” the body said.

The European Systemic Risk Board outlined scenarios ranging from a gradual loss of confidence in smaller banks to state-backed espionage and coordinated attacks targeting payments, clearing and settlement systems, with misinformation campaigns potentially amplifying the impact. It said cyber incidents could spread rapidly through shared technology providers and commonly used software across the financial sector, increasing the risk of wider disruption.

The ECB’s latest warning comes a day after executive board member Philip R. Lane highlighted the growing economic significance of AI, telling a conference in Rome that policymakers face “many uncertainties surrounding the strength and timing” of AI’s effects on the economy and that “a data-dependent approach is best suited to assessing the overall impact of AI on the appropriate monetary policy stance.” Lane added that assessing AI’s implications “will be a major challenge for monetary economists and monetary policymakers in the years to come.”


Share.
Exit mobile version