-
ESRB issues warning on systemic cyber risks from frontier AI models
7 July 2026The European Systemic Risk Board (ESRB) has published a warning issued on 25 June on the systemic cyber risks posed by frontier AI models. The warning highlights how frontier AI models are transforming the cybersecurity landscape by enabling threat actors to increase the speed, scale, and sophistication of cyber-attacks in the short to medium term. The ESRB urged all EU stakeholders, including financial institutions, to enhance their cybersecurity capacities and encouraged relevant authorities to reflect these risks in their supervisory and oversight work.
On the same date, the European Supervisory Authorities (ESAs) published a press release welcoming and supporting the warning. The ESAs raise concerns that AI-enabled cyber-attacks could threaten the operational resilience of financial institutions. In their view, while the Digital Operational Resilience Act (DORA) and the EU AI Act provide a strong regulatory foundation for managing these risks, they urge financial entities to strengthen their cybersecurity arrangements and call on competent authorities to reflect these developments in their supervisory activities. They also reiterate the ESRB's call on the EU to scale up its capacity, expertise and strategic autonomy in this critical area, which requires all parties to be involved, including AI providers, software providers, security firms, open-source maintainers, financial institutions, and authorities at both national and Union level.
The ESAs are working closely with the EU supervisory community to oversee that risks are identified and mitigated in line with the requirements of DORA. They are also engaging with critical ICT third-party providers on the measures they are taking to adapt to the situation to manage risks.
Blog
