The warning is about time

Cybersecurity is often described as a contest of strength: stronger locks, stronger attacks, stronger defences. Europe’s latest warning to banks is more concerned with the clock.

A newly discovered software weakness creates a race. The organisation using that software needs to understand the problem, test a fix and deploy it. An attacker needs to turn the same weakness into something usable. Frontier AI models may shorten the second process enough to change the balance.

That is the central concern in a formal warning from the European Systemic Risk Board, or ESRB, the body that watches for threats to the EU financial system as a whole. It says highly capable models can help automate parts of a cyberattack, identify vulnerabilities and develop pieces of an exploit at greater speed and scale.

The board does not say that banks face a completely new category of attack. It says familiar weaknesses may become more dangerous because they can be discovered and used faster.

A deadline for major banks

The warning comes with a concrete request. The European Central Bank has asked the significant banks under its direct supervision to prepare action plans on AI-enabled cybersecurity threats and submit them by 31 October 2026.

The ECB’s letter places responsibility with bank boards. It asks institutions to address patching, threat monitoring, the defensive use of AI, dependence on outside technology providers, older systems and the ability to recover from a serious incident.

Those tasks are not new. Banks already operate under the EU’s Digital Operational Resilience Act, commonly known as DORA. What changes is the level of urgency. A slow patching programme or an incomplete view of third-party exposure becomes more consequential if attackers can scan, adapt and produce working components more quickly.

What recent model evidence shows

Two days after the European warning was published, OpenAI released the system card for GPT-5.6. The company classifies all three models in the family as ‘High’ for cyber capability under its Preparedness Framework, while keeping them below the ‘Critical’ category.

OpenAI says its more capable GPT-5.6 models can find vulnerabilities and assemble parts of exploits. It also says they did not autonomously complete end-to-end attacks against hardened targets in the tests it reports.

That distinction matters. The evidence does not show an AI system independently compromising a major bank. It does support a narrower point: useful parts of difficult cyber work are becoming easier for models, including smaller and faster ones.

The results remain company-reported evaluations, although the system card also includes work attributed to the UK AI Security Institute. Test environments are not the open internet, and a capability measured in a controlled challenge does not translate directly into a successful criminal operation.

Why regulators expect an offensive advantage

AI can help defenders too. It can sort alerts, find unusual behaviour, review code and help teams understand vulnerabilities before they are exploited. The European Commission’s new action plan on AI and cybersecurity explicitly promotes those uses and proposes secure testing facilities for critical sectors.

The ESRB nevertheless judges that offensive uses are likely to outweigh defensive gains in the short to medium term. Its reasoning is practical. Attackers can choose the moment and the weakest target. Defenders have to protect sprawling systems continuously, often while depending on old software and multiple suppliers.

There is also a concentration problem. A small number of model and cloud providers, many based outside the EU, supply capabilities used across the financial sector. An outage, security failure or sudden change at one provider could affect many institutions at once. Smaller banks may have less money and fewer specialists to manage that dependence.

This is a regulator’s forward-looking assessment, not a measured result across the whole banking system. It may prove too pessimistic if defensive tools, access controls and patching improve quickly. It may prove too cautious if offensive capability spreads faster than expected.

What a credible plan should contain

The ECB’s request is not satisfied by buying another AI product. A useful plan starts with the parts of security work that already cause delays.

Can the bank identify every system affected by a newly disclosed vulnerability? Can it patch critical services quickly without breaking them? Does it know which outside providers have access to sensitive environments? Can security staff distinguish an AI-generated flood of plausible alerts from the few that matter? If a supplier or core system fails, can the bank keep essential services running and restore trustworthy operations?

AI may help answer some of those questions. It may also create new blind spots if a bank cannot explain what a tool can access, where its data goes or how its output is checked.

Board oversight is therefore more than a governance formality. The decision to use a powerful model for security work is also a decision about data, suppliers, accountability and acceptable failure.

What remains uncertain

The largest unknown is the real-world balance between attackers and defenders. Public benchmarks can measure selected tasks, but they cannot fully represent a criminal group with time, target knowledge and access to other tools. Nor can they capture a well-run defensive team that has fixed its basic weaknesses.

It is also unclear how consistently European banks can turn the October plans into operating changes. Large institutions have complex technology estates. Smaller providers in their supply chains may be less prepared. A plan may identify the right risks without giving a team enough people, authority or time to reduce them.

The useful part of Europe’s response is that it avoids treating AI-cyber risk as a distant science-fiction event. The first problem is more ordinary: software weaknesses, slow repairs, concentrated suppliers and institutions that cannot see their own exposure clearly enough.

AI may make that old problem move faster. The deadline is meant to find out whether banks can move faster too.

Sources

  1. European Systemic Risk Board — Warning on systemic cyber risks stemming from frontier AI modelsFormal warning adopted 25 June and published 7 July 2026; primary source for the systemic-risk assessment and recommended actions.
  2. European Central Bank Banking Supervision — Letter on AI-enabled cybersecurity threatsPrimary source for the 31 October deadline and the areas banks are asked to address.
  3. ESRB — Frontier AI models and systemic cyber riskSupporting analysis of capability, concentration and financial-system transmission channels.
  4. European Commission — EU Action Plan on Cybersecurity and Artificial IntelligencePrimary policy source for the EU’s defensive-AI, model-evaluation and secure-testing measures, 7 July 2026.
  5. OpenAI — GPT-5.6 System CardCompany primary source for capability classifications, safeguards and reported evaluations, 9 July 2026.