AI can hack a bank in 21 minutes. The European Central Bank wants answers..

Link copied!
Jorge Monteiro

Jorge Monteiro

CEOEthiack

July 17, 2026

A few days before the European Central Bank ordered the eurozone's banks to prepare for AI-powered cyberattacks, Ethiack hosted a private roundtable at Fintech House in Lisbon. Around the table sat security leaders from Santander, Bankinter, Credit Agricole, BiG, Wizink, Aegon Santander, SIBS, Allianz, Lusitânia, Maxpay, the Portuguese Banking Association, the national cybersecurity centre (CNCS), plus a few outsiders from retail and telecom like SONAE, Leroy Merlin and Virgin Media O2. The topic was AI, and how it affects cybersecurity for companies that are defending people's money.

Nobody in that room knew that on the 7th of July, Claudia Buch, Chair of the ECB's Supervisory Board, would put her signature on a letter ordering every significant bank in the eurozone to produce an action plan against AI-class cyberattacks by the 31st of October. But if you read the letter and then read the notes from that breakfast, you'd swear the ECB had someone hiding under the table. The regulator wrote down, almost word for word, what those CISOs had been saying over coffee.

That's worth paying attention to. When the people defending the systems and the people supervising them independently arrive at the same diagnosis in the same week, the diagnosis is probably correct.

What the ECB actually said

The letter didn't come out of nowhere. On the 3rd of June, a month before it went out, the ECB's Frank Elderson stood up at a financial conference in Zurich and announced that frontier AI represents "a structural shift in the economics of cyber risk" and that a letter to major bank CEOs was on its way. Anyone who saw that speech knew exactly what was coming, but judging by the reaction on July 7th, not many did.

The letter itself is short and unusually blunt for a regulator. Frontier AI models can now find software vulnerabilities and build working exploits in minutes or hours. The European Systemic Risk Board, whose research sits behind the letter, called it a "collapse of defensive time buffers". The ECB is treating this as a permanent shift in the threat model, and it wants every bank under its supervision to respond with a concrete plan: named owners, budgets, staffing, deadlines. Submitted to their Joint Supervisory Team by October 31st, 2026.

The demands themselves are quite specific. Patch faster. Shrink your internet-facing attack surface and kill the legacy systems that can't be defended. Deploy AI-assisted detection, get serious about third-party and supply chain risk, and put cybersecurity on the board's agenda rather than three layers below it.

There's a detail in the coverage that should make European bank executives uncomfortable: the offensive capability the ECB is worried about, models like Claude Mythos that can tear through code looking for weaknesses, mostly isn't in European hands. The attackers renting that capability don't care about jurisdiction. The banks defending against it are being asked to respond to a class of adversary they can't even legally purchase.

Timeline: how a June speech in Zurich became an October 31 deadline for every significant EU bank with Ethiack's Lisbon roundtable landing right in the middle.Timeline: how a June speech in Zurich became an October 31 deadline for every significant EU bank with Ethiack's Lisbon roundtable landing right in the middle.

What the people in the room said

I have spent much of my career breaking into things with permission, a decent chunk of that inside financial institutions. The session notes from Lisbon read like the most honest conversation I've seen in this industry for years. A few things stood out.

In 2018, the average time between a vulnerability being disclosed and being exploited at scale was around 770 days. Today it's effectively zero. One participant described attacks built and executed by AI agents in 21 minutes, start to finish. Exploitation now begins at roughly the same moment as discovery. That one fact makes traditional patch cycles look irresponsible.

Image

Meanwhile the defenders are drowning in noise. Around 32,000 new CVEs were published in a single year, and only about 0.24% of them are ever actively exploited. Every team in that room already has more findings than they could fix in a decade. The toughest problem is knowing which handful, out of tens of thousands, an attacker will actually use against you this week.

Image

And the asymmetry is brutal. An attacker probing your infrastructure doesn't care if they break something. Your own security team has to test gently, in maintenance windows, with rollback plans, because taking down a payment system to test it is a catastrophic event. One CISO compared it to defending against a machine gun while being required to fire back one carefully aimed shot at a time.

The line that stayed with me the most, though, was about regulation itself. The people in that room weren't complaining about being regulated. They were complaining that compliance frameworks are so out of date that they don't actually make them more secure: 30-day remediation cycles, penetration tests every year (or three), risk matrices in spreadsheets. You can be fully compliant with all of it and still be exploited within an hour of the next CVE being published. Until this letter, compliance and reality felt like they were drifting apart. This letter shows an excellent step towards closing that gap.

The basic problem

Strip away the acronyms, compliance and security theatre, and the situation is just basic math. Attackers now take place within minutes of a vulnerability disclosure, while most banks assess their own defences on a clock measured in days, months or even years. It simply doesn't work.

Image

Annual pentests are the standard for many compliance frameworks, but they only give a snapshot of security posture for that one day, leaving the target exposed every other day of the year.

That model was defensible when exploitation took two years to arrive. But it is indefensible now that exploitation arrives in minutes. This is what the European Systemic Risk Board (ESRB) means by the "collapse of the time buffer". The ECB letter to CEOs is the moment the supervisor formally acknowledged it.

Which raises the obvious question for anyone drafting one of these action plans right now: if attacks are continuous and automated, what does a credible defence even look like?

What a credible plan looks like

Reading the letter, the ESRB report, and the Lisbon notes together, the answer converges on a few practical moves.

Reduce your attack surface

Most organisations still don't have an accurate inventory of their own internet-facing assets, and you can't defend what you don't know you know about. Or, perhaps more relevant, nobody can attack a target that doesn't exist, not even Mythos. Continuous attack surface monitoring comes before everything else, followed by ruthless decommissioning of the legacy systems the ECB explicitly called out.

Triage by exploitability

Triaging by exploitability sounds like common sense, but the most common way to triage is by CVSS scores. If only a fraction of a percent of CVEs get exploited, patching by CVSS score means burning your team out on flaws that don't matter. The metric that matters is whether a vulnerability is provably exploitable in your environment, right now.

Test at the speed of the attack

This is the hardest one to swallow, because it means accepting that the yearly pentest, on its own, is dead as a security control. It survives as a compliance artefact. If exploitation is continuous, validation and vulnerability discovery must also be continuous. The only way to know whether you'd survive an AI-driven attack today is to be subjected to an AI-driven attack today, by someone on your side. Regulation already leans this way: DORA's threat-led penetration testing exists to check whether a bank can detect, respond to and recover from attacks that mirror real-world threats, and Elderson's advice in Zurich was to act early and, in his words, "do not wait for the next incident to reveal where your vulnerabilities lie." You can see his full speech here.

Share what you learn

Elderson called for better information sharing across the financial system on vulnerabilities and incidents, and the Lisbon table agreed it's one of the highest-value defensive moves available. But there's an obstacle: competition law and data protection rules make banks nervous about warning each other, to the point where some sector meetings need lawyers in the room. The expectation is that supervising bodies like the ECB will keep pushing on this until sharing a fraud vector with a competitor feels routine. Similar recommendations have also taken place in other jurisdictions.

Push security into procurement

Several banks in Lisbon are already writing security testing requirements and posture evidence directly into vendor contracts before signing. Given how much of the ECB letter concerns third-party risk, we can all expect this to become even more common, and stringent.

Give priority to European vendors

I mentioned earlier that the offensive AI capability the ECB is worried about mostly isn't in European hands. The defensive side doesn't have to be this way. A security vendor gets privileged access to your infrastructure and a detailed map of your weaknesses. Where that vendor is located matters: an export control decision or a foreign court order can change what your tooling does, or who sees its findings, and nothing in your contract has the power to stop it. DORA already treats dependence on third-country providers as a risk in its own right, and the ECB letter leans hard on third-party exposure. When capability is comparable, European banks should give priority to European vendors. You can't claim to manage supply chain risk while ignoring the jurisdiction your supply chain reports to.

Keep humans in the loop

One panelist told a story about a developer who admitted half his code now comes from ChatGPT and he no longer fully understands how it works. The consensus in the room was that automation should do the relentless work, and people should make the calls that matter. That applies to defence as much as development.

Where Ethiack fits, and why this letter didn't surprise us

The reason Ethiack were hosting bank CISOs to talk about AI attacks was because we have seen this shift first hand. We're in the unique position to watch AI change cybersecurity in real time. This shift is exactly why we started Ethiack. It just so happens that our meeting with these banks happened days before the regulator demanded plans against AI attacks, but we have been building for exactly this moment for years.

Ethiack's platform is the capability the ECB is warning about, pointed the other way. Their AI pentesting engine, Hackian, continuously maps an organisation's attack surface, runs real exploitation routines against it, chains attack paths together and delivers proof of exploit for every confirmed risk. Instead of a scanner report with ten thousand maybes, you get evidence that this specific flaw, in your environment, can be exploited today, which is exactly the triage signal those overwhelmed teams in Lisbon said they were missing. It works about 30 times faster than a manual pentest, cuts scanner noise by around 90%, and pairs the machine with human ethical hackers for the depth and judgement that still needs a person.

For banks staring at the October 31st deadline, there's a practical bonus: the platform maps its findings to DORA and NIS2 requirements out of the box, so the evidence you generate defending yourself is the same evidence your supervisor wants to see.

Ethiack's "Hackian" is literally the plan that the ECB is asking for. With Ethiack on your side, a huge part of the plan writes itself. I'm not aware of another approach that honestly answers the ECB's core concern. If the threat is AI that attacks continuously, the defence has to include AI that attacks you continuously, with your consent, and tells you what it found before someone else finds it.

The deeper shift

In his Zurich speech, Elderson told a story from 2023. Ransomware hit ICBC's US arm and disrupted settlement in the US Treasury market, the deepest capital market on the planet. Part of the bank's workaround involved sending a courier across downtown Manhattan with a USB stick. His point was that none of this showed up on a balance sheet: "A bank can be well capitalised and highly liquid and yet still unable to operate." For a century, banking regulation has been about solvency. The ECB is now saying, in letters with deadlines, that the ability to keep operating under attack matters just as much as the capital ratio.

For twenty years, defensive security has been graded on effort. Did you run the scan, do the annual test, file the report, tick the framework boxes. Attackers, in that same period, were only ever graded on outcomes. Which is all that actually matters. AI has now made the outcome-graded side of the game so fast and so cheap that effort-based defence just doesn't work anymore, and the ECB letter is the first time a major supervisor has said so with a deadline attached.

Behind all of this, the real subjects are ordinary people. The pensioner who gets a call that spoofs the bank's real phone number. The family whose savings move out through an instant transfer in the time it takes to read this paragraph. The people around that table in Lisbon carry that weight daily, and most of the industry never sees them do it.

Banks now have four months to write a plan. The good ones will treat it as more than paperwork. Elderson was upfront that what's being asked for is multi-year investment in people, systems and governance rather than a quick fix, and the letter is right about one thing above all: the buffer is gone, and it isn't coming back.

If you're working on your ECB action plan and want to see what continuous, AI-driven security testing looks like against your own infrastructure, you can book a demo with Ethiack or start a free 30-day trial.

Validate your exposure

before attackers do.

30-day free trial. No commitment.

def hello(self): print("We are ethical hackers")

class Ethiack: def continuous_vulnerability_discovery(self: Ethiack): self.scan_attack_surface() self.report_all_findings() def proof_of_exploit_validation(self: Ethiack): self.simulate_attack() self.confirm_exploitability() self.validate_impact()

while time.time() < math.inf: ethiack.map_attack_surface() ethiack.discover_vulnerabilities() ethiack.validate_exploits() ethiack.generate_mitigations() ethiack.calculate_risk() ethiack.notify_users() log.success("✓ Iteration complete")

ISO27001

Compliant

Activate AI penTesting

Ethiack — Autonomous Ethical Hacking for continuous security Continuous Attack Surface Management & Testing