ECB Tells Euro Zone Banks: ‘Patch Now’ as Anthropic’s Mythos AI Redefines the Threat Landscape

The specific capabilities triggering alarm were twofold. First, Mythos’s vulnerability detection was operating at a scale and speed that rendered traditional security tools and manual patching cycles obsolete. It had identified thousands of flaws across hundreds of projects faster than any human team or conventional scanner could . Second, and more concerning, the model demonstrated a dual-use offensive capability: it could not only find flaws but also generate working exploits for them, with a first-attempt success rate exceeding 83% according to some evaluations .

This combination meant that malicious actors—whether state-sponsored groups or sophisticated criminals—could theoretically weaponize similar AI tools to scan banking infrastructure, identify unpatched vulnerabilities, and launch attacks before institutions could react. The ECB concluded that the timeline for defense needed to shift from weeks or months to hours or minutes .

Patch Now: No Access, No Excuse

Perhaps the most unusual element of the ECB’s message was its preemptive counter to an argument it knew banks would make: “We don’t have access to Mythos, so how can we defend against it?”

Elderson’s response was unambiguous. “Lack of access is not an excuse for inaction. On the contrary, it makes it even more critical that banks step up and act now,” he said in a May 13 interview . By late May, the message had sharpened into an operational directive: accelerate the rollout of software patches. The regulator stressed the “seriousness of the threat to the financial system” and pressed lenders to speed up work securing their IT systems, treating the model as an active risk regardless of their own access status .

The ECB’s Escalating Engagement: From Queries to Emergency Summons

The ECB’s actions in spring 2026 reveal a regulator racing to understand and contain a threat that outpaced its existing supervisory toolkit.

Mid-April 2026: The ECB convened a call with chief risk officers of euro zone lenders to canvass their assessment of the risks from Mythos . At this stage, the tone was inquisitive—supervisors gathering information about a new possible source of risk.

May 13, 2026: The posture shifted to public urgency. Elderson used an ECB Supervision Newsletter interview to urge banks to quickly prepare for AI-assisted cyberattacks, explicitly naming Mythos and similar tools .

May 24–26, 2026: The engagement reached its peak. The ECB summoned euro zone bank executives to an emergency meeting on May 26, while also hosting an online session that drew “more than 300 participants from industry, the public sector and representative associations” to share experiences and discuss common challenges .

The sequence reveals a progression from intelligence-gathering to operational pressure. By the final week of May, the ECB was no longer asking what banks knew; it was telling them what to do.

Project Glasswing and the Intelligence Asymmetry

Central to the crisis is Project Glasswing, Anthropic’s controlled distribution program. Rather than releasing Mythos publicly, the company granted access to a restricted consortium of critical-infrastructure partners—including major U.S. banks like JPMorgan Chase and Bank of America—who could use the model to find and fix flaws in their own systems .

European banks were largely excluded. This created a sharp information asymmetry: U.S. institutions could probe their systems with the most advanced cybersecurity AI ever built, while European lenders remained blind to the same vulnerabilities that Mythos could expose and, potentially, that adversaries could exploit .

The ECB’s response was to ask U.S. banks with euro zone operations to voluntarily share threat intelligence and mitigation insights learned through Glasswing with their European peers . It was an extraordinary request—asking commercial competitors to bridge a geopolitical access gap through voluntary cooperation.

Stalled Negotiations and Regulatory Frustration

The access gap persisted because high-level negotiations between the EU and Anthropic had officially stalled by late May 2026. Spain’s economy minister Carlos Cuerpo confirmed ahead of a summit of EU finance chiefs on May 22 that “unfortunately, there has been limited progress in this area” . Despite several meetings between Anthropic and EU officials, sources reported there had been “no direct talks on giving European entities access to Claude Mythos,” raising what one outlet called “strong cybersecurity fears for the continent” .

Anthropic’s position was deliberate. The company stated that Mythos’s offensive cybersecurity capabilities warranted limiting public release to prevent misuse, and it indicated plans to offer European banks access “soon” as early as April 2026. But by late May, no concrete deal had materialized .

Compounding the frustration was the regulatory reality. The EU AI Act’s Article 92, which grants the European Commission access to systemic-risk AI models for evaluation, had been in force since August 2025. However, compulsory enforcement powers—including the ability to impose fines under Article 101—do not activate until August 2, 2026 . This meant the EU’s AI Office could request access but lacked a hard legal lever to compel it during precisely the period when the threat appeared most acute.

Elderson expressed the resulting predicament directly, suggesting that the EU’s lack of access made the cybersecurity situation even worse: European banks could not use the very tool that reveals their vulnerabilities, while their U.S. rivals could actively strengthen their defenses .

What Comes Next

The ECB’s late-May warnings mark a watershed moment in the intersection of AI capability and financial stability risk. The immediate aftermath saw euro zone banks scrambling to accelerate patch cycles, while the broader questions remain unresolved. Will Anthropic grant European access before the EU gains enforcement powers in August? Can voluntary intelligence sharing among banks meaningfully close the gap? And most fundamentally, is the financial regulatory architecture—designed for an era of human-speed threats—adequate for a world where AI models can find and exploit flaws faster than institutions can patch them?

For now, the ECB’s instruction is unambiguous: patch now, share what you know, and assume the threat is active. The clock, in Elderson’s assessment, is already ticking.