The European Central Bank has called in major banks for emergency talks on cybersecurity threats posed by advanced artificial intelligence models, specifically Anthropic's Claude Mythos. The ECB warned that attackers can now reverse-engineer security fixes in under 30 minutes, a pace that threatens to outrun traditional patch cycles. The move comes as regulators scramble to contain the fallout from AI-driven vulnerabilities that are reshaping the threat landscape.
AI model breaks defense benchmarks
The UK's AI Security Institute tested Claude Mythos Preview and found it cleared 73% of expert-level Capture the Flag challenges — a milestone no AI model had reached before April 2025. Capture the Flag exercises simulate real-world cyberattacks and require deep technical reasoning. The institute's results suggest that frontier AI systems can now identify and exploit weaknesses faster than human security teams can mitigate them.
Mozilla's patch response
Mozilla had to issue 271 security patches in Firefox 150 based on vulnerabilities discovered by Claude Mythos. That number far exceeds the patches generated from the previous model, Opus 4.6, and shows how quickly AI can find flaws in widely used software. The episode underscores the pressure on developers to fix bugs before attackers weaponize them.
ECB's urgency: 'andante to presto'
ECB Vice-Chair Frank Elderson said banks need to accelerate patch deployment from an 'andante' to a 'presto' tempo because AI is accelerating threats. The ECB supervises 111 major Eurozone banks, most of which don't have direct access to frontier AI models like Claude Mythos through the bank-led Project Glasswing initiative. That gap leaves many institutions blind to the very tools their adversaries may be using.
Elderson's warning points to a simple problem: if defenders can't test against the latest AI, they can't anticipate the attacks it enables. The ECB has not specified deadlines for compliance, but the message is clear — slow patch cycles are no longer acceptable.
Unequal access to frontier AI
Project Glasswing was set up to give banks access to advanced AI models, but participation is limited. The majority of ECB-supervised banks are still locked out. That asymmetry creates a dangerous dynamic — attackers can exploit weaknesses that defenders haven't even seen modeled. The ECB is pressing for broader access, but no timeline has been announced.
The immediate question is whether the 111 banks under ECB supervision will get the tools they need to keep up, or whether the gap between offense and defense will keep widening.
