BankingNewsAI Daily Brief ·
ECB orders banks to remediate AI-exposed software and IT security weaknesses promptly.
Banking AI
Financial institutions & fintech technology
ECB summons banks to remediate software/IT weaknesses exposed by new AI security models (“Mythos” risk)
The ECB is calling banks into a hastily arranged meeting to press them to fix IT and software weaknesses being surfaced by the latest AI security-testing models (widely framed as “Mythos” risks). This is a supervisor signaling that AI-driven vulnerability discovery is now a prudential issue, not just a CISO problem, with potential systemic implications if widely used components are found exploitable at scale.
Action
Accelerate enterprise-wide vulnerability management tied to critical banking services (payments, channels, core integrations) and be ready to evidence remediation governance to supervisors. Mandate a rapid inventory of externally exposed services and third‑party components, plus an “AI-assisted pen test” plan with clear audit trails and change control.
South Korea eases ‘network separation’ rules so financial firms can run genAI on internal networks
South Korea is significantly easing long-standing network separation requirements for financial firms, explicitly to enable generative AI use on internal networks while responding to emerging AI security threats. This is a concrete regulatory shift: instead of blanket isolation, the regime is moving toward controlled connectivity with compensating controls.
Action
Revisit your own “air-gap by default” policies and map what controls (identity, monitoring, data loss prevention, secure enclaves) would satisfy regulators if similar easing occurs in your markets. Use the Korean change as precedent to propose a governed path for internal genAI access to sensitive systems rather than continued blanket prohibition.
Catena Labs raises $30M and seeks a US national trust bank charter to build regulated rails for AI agents
Catena Labs (led by Circle co-founder Sean Neville) raised $30M and has had its filing accepted to pursue a national trust bank charter, positioning itself as regulated financial infrastructure for AI agents. The key change is charter ambition plus funding: they’re not pitching “agent payments” as middleware, but as a regulated banking platform built for machine-to-machine commerce.
Action
Pressure-test your payments and onboarding stack for machine customers (agents) and decide whether to partner, compete, or ring-fence exposure. Stand up a policy view now on what you will require for agent accounts (KYC/KYB equivalence, delegated authority, transaction controls, auditability) before this becomes a client demand.
General AI
Large language models & AI infrastructure
Gemini 3.5 Flash is GA across Google’s enterprise surfaces: fast, agent-optimized, 1M context, and priced for heavy production use
Google released Gemini 3.5 Flash as generally available and positioned it as its strongest agentic/coding model, shipping immediately across Gemini API/AI Studio, Search AI Mode, Android Studio, and enterprise surfaces. Key operating specs are 1M-token context, up to 65k output tokens, configurable “thinking levels,” and very high serving speed; third-party tracking (Artificial Analysis) places it near the top of the intelligence-vs-speed Pareto frontier but notes meaningfully higher cost vs prior Flash tiers. Net: this is a credible new default model for enterprise copilots/agent workflows where latency and tool-use matter as much as raw benchmark IQ.
Action
Force a cost/perf bake-off this week: benchmark Gemini 3.5 Flash vs your current LLM(s) on (1) contact-center summarization + next-best-action, (2) engineering productivity, and (3) fraud/AML narrative drafting—then renegotiate unit economics with vendors using Google’s published token pricing and your real throughput/latency measurements.
Google open-sources an ‘Agent Executor’ runtime aimed at operating AI agents safely in production
Google released an open-source Agent Executor intended to address the operational gap of running AI agents in production (execution, orchestration, and reliability concerns). The shift is from “build an agent demo” to “standardize the runtime layer,” which is where governance, observability, and failure modes become enterprise-grade issues.
Action
Direct your engineering platform team to evaluate whether your agent roadmap needs a standardized runtime with logging, approval gates, and rollback, instead of bespoke agent scripts per team. Use this to define a bank-wide control plane pattern (identity, policy, audit, sandboxing) before agent sprawl becomes ungovernable.
OpenAI strikes a content partnership with major Brazilian publishers (Folha/UOL) for attributed news in ChatGPT
OpenAI announced a strategic partnership with Grupo Folha and Grupo UOL to bring Brazilian journalism into ChatGPT with attribution and transparency. This is another step in mainstreaming licensed, attributable content pipelines into consumer/enterprise assistants—reducing some legal/brand risk versus open-web retrieval.
Action
Push your legal and AI governance teams to formalize a stance on retrieval sources (licensed vs open web) for any customer-facing assistant. For LATAM operations, assume employees and customers will increasingly treat ChatGPT as a default information layer and plan comms/compliance accordingly.