ECB Convenes Banks over AI Cybersecurity Risks from Mythos
The European Central Bank (ECB) is convening banks on Tuesday to address cybersecurity risks from artificial intelligence (AI) models like Anthropic’s Mythos, which has discovered thousands of zero-day vulnerabilities.
Executive Board member Frank Elderson emphasizes the urgency, stating that banks must patch software vulnerabilities faster because AI can exploit them within minutes of a fix being released.
Background
The meeting follows concerns about the potential security implications of frontier AI models like Anthropic’s Claude Mythos, which has demonstrated remarkable capabilities in identifying and exploiting unknown ("zero-day") flaws in operating systems and browsers.
Only a limited number of organizations, primarily from the United States, have access to this technology through Anthropic’s controlled distribution program, Project Glasswing. European banks are not among them.
ECB Actions
The ECB plans to:
- Outline specific threats posed by AI models like Mythos.
- Encourage US banks with access to share their learnings with European peers.
Elderson stresses the need for faster patching, arguing that traditional update cycles are no longer sufficient due to AI’s rapid ability to reverse-engineer and exploit software fixes. He warns that European banks cannot use lack of access as an excuse, as malicious actors could soon gain access to similar technology.
Regulatory Response
The ECB’s intervention is part of a broader regulatory response across Europe:
- Euro-area finance ministers have demanded access to Mythos for testing.
- The European Commission is in talks with Anthropic about allowing European companies and banks to be tested for vulnerabilities identified by the model.