As a cornerstone of the modern economy, the banking sector relies on some of the highest cybersecurity resilience standards in existence. Faced with cyber threats that continue to grow in both volume and sophistication, the industry has responded through steadily increasing investments and mounting regulatory pressure, culminating in Europe with the introduction of the DORA regulation.
Today, however, the sector is confronting a phenomenon that is set to redefine the cybersecurity landscape. A new generation of so-called cyber-capable artificial intelligence models is emerging, marking the transition of AI from a productivity tool to an active component of the global cybersecurity infrastructure. These systems can be leveraged to strengthen existing defenses, but also to enhance offensive capabilities.
In this article, we examine this emerging trend, its practical implications for banking cyber resilience, and the scenarios that may unfold in the near future.
Key Points
- Starting with Anthropic’s Mythos, frontier AI models are becoming cyber-capable and can materially alter the balance between attackers and defenders.
- Speed is the critical factor. For the banking sector, the challenge lies in adapting to a landscape where the time available to identify and remediate vulnerabilities could shrink dramatically.
- The ECB has already taken action by launching a structured supervisory plan that includes CEO Letters, action plan monitoring, and dedicated follow-up activities for less-prepared institutions.
Frontier AI Models Are Rewriting the Rules of the Game
Until recently, identifying complex vulnerabilities, developing sophisticated exploits, or designing advanced defense systems required extensive expertise, experience, and investment. The shortage of highly skilled professionals acted as a constraint for both attackers and defenders and, to some extent, helped maintain a balance between the two sides.
Today, that balance is being challenged by the most advanced AI models. According to Anthropic, next-generation models are reaching levels of proficiency in software analysis that surpass most human specialists in vulnerability identification and exploitation tasks. Looking ahead, activities that previously required significant time and resources could be performed by AI models with unprecedented levels of automation and scalability.
This advantage will not automatically shift to attackers, as the same capabilities can be used to identify vulnerabilities before they are exploited, accelerate patch development, and strengthen software security across the board. The real issue concerns the speed at which these technologies will be adopted. If such tools become available to hostile actors before organizations, governments, and critical infrastructures are able to integrate them into their defenses, a period of significant imbalance could emerge.
For the resilience of the banking sector, this is an issue that must be addressed immediately. Although banking remains one of the most protected, regulated, and mature environments from a cybersecurity standpoint, a drastic reduction in the cost and complexity of cyberattacks could erode the effectiveness of the barriers built over recent years.
The Claude Mythos Case and the Emergence of Cyber-Capable Models
A turning point in this transition came in April 2026, when Anthropic announced the development of Claude Mythos Preview. Originally designed as a general-purpose model intended to surpass Claude Opus in reasoning capabilities, Mythos demonstrated such mastery of code analysis and operational autonomy in cybersecurity that it redefined the risk parameters associated with frontier AI models.
- The most disruptive capability, which quickly drew the attention of cybersecurity professionals, is the autonomous discovery and exploitation of zero-day vulnerabilities. During testing, the model identified previously unknown flaws across all major operating systems and browsers, uncovering bugs that had remained hidden for decades.
- Another key innovation is its ability to chain multiple vulnerabilities together to bypass layered security defenses. One example highlighted by Anthropic involved the automatic linking of four separate vulnerabilities to circumvent advanced protections such as Linux Kernel Address Space Layout Randomization (KASLR).
- The model also proved highly effective in reverse engineering proprietary code. Starting from a compiled binary, Mythos can reconstruct a plausible source code version of the program, analyze it for vulnerabilities, and validate its findings. This approach opens the door to offensive analysis of firmware, commercial applications, and any software for which source code is unavailable.
Project Glasswing: A Preventive Safeguard Against Emerging Threats
The capabilities described above—and many others—make Mythos a tool capable of reshaping the global cybersecurity landscape. It is precisely this awareness that led Anthropic to refrain from releasing it publicly.
Instead, the company launched Project Glasswing, an ultra-selective, tightly controlled access program designed to restrict Mythos’ capabilities exclusively to defensive purposes. The initiative has unfolded in two phases.
-
In the first phase, Anthropic engaged a small group of approximately 50 strategic global partners, including leading cloud hyperscalers and major cybersecurity players such as Microsoft, AWS, Google, and CrowdStrike. The objective was to leverage Mythos’ capabilities to scan their infrastructures and remediate vulnerabilities before any public exposure. During the first few months of testing alone, more than 10,000 critical or high-risk vulnerabilities were identified and resolved.
-
In June 2026, Anthropic announced the expansion of the partnership to approximately 150 additional organizations across more than 15 countries. This expansion aims to cover additional strategic sectors such as energy, water utilities, healthcare, and communications. These organizations share a common characteristic: a successful compromise could have catastrophic consequences for more than 100 million people per partner, posing a significant threat to global security.
The ultimate goal of Glasswing is clear: to create a sustainable asymmetric advantage for defenders, enabling them to leverage AI-driven speed to anticipate threats before comparable—but unconstrained—models are developed and deployed by malicious actors.
The Banking Sector’s Response: Frontier Models Enter the ECB Agenda
For the banking sector, passively observing the evolution of cyber-capable AI models is not an option. The central role of the financial system in both the economy and society means that any potential shift in cyber risk dynamics becomes a matter of systemic importance, extending far beyond traditional cybersecurity concerns and encompassing economic security and the resilience of national and international critical infrastructures.
The ECB Accelerates: Banks Must Prepare for Emerging Threats
In practice, the sector has not remained idle. The first signals came from the European supervisory authority, which has been assessing the potential impact of frontier models on the stability of the European financial system. On May 26, the ECB hosted an Industry Event focused on cyber risks associated with Frontier LLMs, bringing together ENISA, major financial institutions such as Bank of America and Intesa Sanpaolo, as well as senior European leaders responsible for ICT supervision and operational resilience. At the same time, the ECB is finalizing a CEO Letter addressed to the Boards of European Significant Institutions, which is expected to be distributed shortly.
The ECB’s initiatives indicate that this is not simply a new threat to be isolated and neutralized, but rather a paradigm shift requiring a fundamental reassessment of cyber risk management models. This reassessment cannot be delegated and demands direct involvement from the highest levels of governance. In this respect, the forthcoming CEO Letters represent an unmistakable signal.
The supervisory authority’s position is clear and is structured around four key principles:
- AI is considered a structural driver of cyber risk transformation, not a temporary phenomenon or an issue tied to a specific model.
- Speed is becoming the primary disruptive factor. The capabilities of advanced models may dramatically compress the time available to detect, assess, and remediate system weaknesses.
- The traditional “find and fix” paradigm is showing increasingly evident limitations. In a scenario where vulnerability discovery and exploitation can accelerate significantly, the ability to identify and remediate flaws alone may no longer guarantee adequate levels of resilience.
- Banks are expected to act immediately. The ECB is urging institutions to assess the impact of frontier models on their risk profiles, define dedicated action plans, and reallocate resources, investments, and controls toward the areas deemed most exposed.
The messages delivered during the May 26 event were reiterated just days later by Frank Elderson, Member of the Executive Board of the ECB and Vice-Chair of the Supervisory Board of the ECB, who further clarified the European supervisory authority’s position on the matter.
Priority Areas and Recommended Actions
The CEO Letters provide more detailed guidance on the areas that supervisors consider most exposed to the effects of frontier models, namely those where institutions are expected to focus their attention, resources, and capabilities in the short and medium term.
The identified priorities can be divided into two categories: initiatives to accelerate over the next three to six months and long-term structural measures aimed at strengthening resilience. The first category includes:
- Protecting attack surfaces through enhanced visibility of exposed assets and reducing opportunities for compromise;
- Accelerating and strengthening Vulnerability and Patch Management capabilities;
- Enhancing AI-supported monitoring, detection, and defense capabilities;
- Strengthening governance, investments, and supply chain assurance.
Alongside these immediate actions, the ECB also highlights several structural measures intended to improve long-term resilience, including the adoption of defense-in-depth architectures, continuous improvement of cyber hygiene practices, modernization of technology infrastructures, and enhancement of operational resilience, crisis management, and information-sharing capabilities.
The ECB outlines a supervisory plan
One particularly important aspect is that we are not seeing the introduction of new regulatory requirements, but rather an acceleration of supervisory expectations around DORA, cyber resilience, and ICT risk management, with impacts that could materialise in the very near term.
The ECB has already outlined a comprehensive supervisory plan consisting of several layers:
- Distribution of the aforementioned CEO Letter;
- Direct engagement of Joint Supervisory Teams (JSTs), tasked with discussing the potential impact of frontier models and related initiatives with banks;
- Collection and monitoring of action plans to assess how institutions intend to address the evolving risk landscape;
- Targeted follow-up activities for organizations considered less prepared, with particular focus on operational and cyber resilience gaps;
- Potential reallocation of supervisory resources toward the initiatives deemed most urgent and relevant.
These developments demonstrate that the ECB does not view frontier models as a hypothetical or long-term risk, but rather as an ongoing transformation that requires an immediate response and even more rigorous oversight.
By Your Side in Addressing Emerging Threats
At Kirey, we support leading financial institutions throughout their digital transformation journey, helping them manage cyber risk, comply with regulatory frameworks, and strengthen operational resilience.
Today, this commitment is more important than ever in light of the rapid evolution of cyber threats and an increasingly demanding regulatory environment characterized by growing expectations from supervisory authorities.
Contact us to learn how we are addressing these emerging threats and how we can help strengthen your organization’s security posture, effectively meet new compliance requirements, and build future-proof operational resilience.
