ECB Urges Eurozone Banks to Prepare Now for AI-Powered Cyberattacks

The European Central Bank has called on banks across the eurozone to urgently strengthen their defences against cyberattacks carried out with the help of advanced artificial intelligence tools, in particular Anthropic's new Mythos model. The warning came on Wednesday from Dutch ECB executive board member Frank Elderson, who oversees European banking supervision.

Rentals in the Netherlands

Signaal tracks the Dutch rental market and notifies you the moment something matches your search. Be first to apply.

What Mythos is

Mythos was officially revealed by US AI company Anthropic in April 2026 as a frontier-level, general-purpose model with what the company calls "highly advanced cybersecurity capabilities." Anthropic describes it as a "new class of intelligence" sitting above its existing Claude Opus models.

Independent reports say Mythos has been able to detect and exploit vulnerabilities in software, including bugs that have remained undiscovered for decades. During testing, the model reportedly produced working exploits on its first attempt more than 83 percent of the time, often outperforming human cybersecurity specialists. It has also been able to identify "zero-day" vulnerabilities, previously unknown flaws in operating systems and browsers.

Because of those capabilities, Anthropic has so far not made Mythos publicly available. Access is restricted to a handful of vetted partners under a programme called Project Glasswing, including Microsoft, Apple, Amazon Web Services, Google and Nvidia, alongside several major US banks who have early access.

The ECB's warning

In an interview in the ECB's Supervision Newsletter, Elderson said European banks could not afford to wait until they themselves had access to such tools. "Lack of access is not an excuse for inaction. On the contrary, it makes it even more critical that banks step up and act now," he said.

Mythos is, he said, capable of "rapidly combining seemingly minor vulnerabilities into serious attacks that previously could only be carried out by teams of experts working for several days. This is an urgent situation; we are not dealing with a long-term scenario. It is uncertain how long it will take before these capabilities become more widely available."

Elderson urged banks, and the contractors they rely on, to fix even small security flaws straight away rather than waiting for the next routine software update cycle. He also warned that whatever comes after Mythos is likely to be still more powerful: "We need to be able to deal with ever more capable future models that could be released in relatively quick succession."

ECB president Christine Lagarde said earlier this month that the central bank itself is studying defences against Mythos-guided cyberattacks, while acknowledging Europe's disadvantage in not having direct access to the model. According to Reuters, ECB supervisors have already begun asking individual banks about their preparedness. The gap could widen further: Japan's three largest banks are reportedly set to be granted access to Mythos in about two weeks.

A European alternative, with Dutch backing

In a separate move that may give some European banks an option closer to home, French AI start-up Mistral, in which Dutch chip-machine maker ASML holds a major stake, is in talks with European banks about deploying its own alternative to Mythos, Bloomberg reported this week. Mistral already works with banks such as Britain's HSBC and France's BNP Paribas on AI-driven detection of security vulnerabilities, and is reportedly preparing to launch a standard version of the technology for broader sales.

Mistral has declined to comment in detail, but CEO Arthur Mensch told French parliamentarians this week that he sees technological autonomy as a strategic priority. "It is impossible to have the source code of the French army checked by Mythos. That creates such an irreversible dependency that we absolutely must find solutions," he said, while suggesting that some of the alarm around Mythos amounts to "scaremongering" given what other AI models can already do.

Is the threat as new as it seems?

Some cybersecurity researchers have echoed Mensch's note of caution. Speaking to CNBC, watchTowr CEO Ben Harris said that many of the vulnerabilities Mythos has found can also be uncovered with "clever orchestration of public models" already on the market, including earlier Anthropic and OpenAI systems. JPMorgan CEO Jamie Dimon has likewise warned that, in the short term, AI tools are making banks "more vulnerable" before they can be used effectively to defend.

Either way, the message from the ECB is that European banks should not stand still. Whether or not Mythos itself ever reaches their own servers, the underlying threat, of AI models that find weak spots faster than humans can patch them, is already here.