The European Central Bank is done asking nicely. ECB Executive Board member Frank Elderson has issued a pointed directive to euro-area banks: invest more in cybersecurity, and do it faster, because artificial intelligence is rewriting the threat landscape in real time.

On May 13, 2026, Elderson publicly urged banks to prepare for AI-assisted cyberattacks, citing the rapid pace at which AI capabilities are advancing.

The AI problem banks can’t ignore

Anthropic’s Claude Mythos Preview, one of the models that has ECB officials concerned, has reportedly identified thousands of zero-day vulnerabilities. Zero-day vulnerabilities are security flaws that software developers don’t know about yet, which means there’s no patch, no fix, and no defense in place when an attacker finds one first.

The exploit success rate for Mythos against those vulnerabilities? Over 83%. In English: for every ten previously unknown security flaws the model found, it could successfully break through more than eight of them.

The ECB held meetings on May 25-26 where supervisors sat down directly with banking leaders to discuss expediting software patching and IT security upgrades. The conversations reportedly focused on the unique class of vulnerabilities that AI tools can expose, threats that traditional cybersecurity approaches were simply never designed to handle.

A long time coming, but the urgency is new

The ECB’s May 2024 Financial Stability Review explicitly discussed AI’s dual nature in the cyber risk equation. AI can strengthen defenses, automate threat detection, and accelerate incident response. But it can also hand attackers a supercharged toolkit that scales faster than any human red team ever could.

ECB Vice-President Luis de Guindos echoed Elderson’s position, confirming that banks have been told to invest more in cybersecurity specifically to address AI risk. Elderson emphasized that banks need to address historical cyber issues with increased speed.