‘Clock Is Ticking,’ ECB Warns Banks Over Mythos and AI Cyber Risks

The European Central Bank has summoned banks to a Tuesday session over cybersecurity risks posed by Anthropic’s Claude Mythos and other advanced AI models.

Frank Elderson, vice-chair of the ECB’s supervisory board, said the regulator wants banks to accelerate the rollout of software patches to address vulnerabilities.

Why Advanced AI Models Have Banks on Edge

Anthropic released the Claude Mythos Preview in April under Project Glasswing, a restricted program. Recent evaluations show the scale of what Mythos uncovers. 

The UK’s AI Security Institute (AISI) found Mythos Preview cleared 73% of expert-level Capture the Flag (CTF) challenges. No AI model could pass that benchmark before April 2025.

Mozilla shipped Firefox 150 with 271 patches for vulnerabilities found by the model, far above prior Opus 4.6 results.

Follow us on X to get the latest news as it happens

Elderson said banks must accelerate patch deployment because attackers can now reverse-engineer fixes within 30 minutes. He warned that ‘andante’ tempo is no longer enough.

“There is a whole range of issues on cyber security that we have been engaging on with the banks for years, which are all still valid, but given the progress in AI, they need to be dealt with faster,” he told FT. “In musical terms, I would say andante may have been good enough, but we need to go to presto.”

The ECB supervises 111 of the largest banks in the Eurozone. Most European lenders sit outside Project Glasswing and lack direct access to frontier models like Mythos.

Elderson wants US institutions attending Tuesday’s meeting to share testing insights with their Eurozone counterparts. He called the access gap ‘unfortunate’ but said it cannot justify inaction.

Whether finance can patch as quickly as frontier AI surfaces new exploits may determine how institutions protect client funds in the near future.

Subscribe to our YouTube channel to watch leaders and journalists provide expert insights