BankingNewsAI Daily Brief ·
The ECB escalates AI-model cyber risk into supervision, summoning banks for rapid remediation.
Banking AI
Financial institutions & fintech technology
ECB is escalating AI-model cyber risk into a supervisory issue (banks are being summoned to remediate fast)
The European Central Bank has called in banks for a hastily arranged meeting to press them to fix IT and security weaknesses exposed by the latest AI models (coverage points to Anthropic’s “Mythos” as the catalyst). This is a shift from “AI risk as a tech topic” to “AI risk as a prudential supervision topic,” with an implied expectation of concrete remediation plans, not pilots and principles.
Action
Commission a 30–60 day “AI-enabled cyber” gap assessment tied to existing vulnerability management and red-team programs, then pre-package board-ready evidence (controls, testing cadence, residual risk) for supervisors. Treat LLM-driven exploit discovery as a stressor to patch SLAs, third-party exposure, and legacy system hardening—before the regulator asks for timelines.
Robinhood is letting external AI agents trade and make card payments—agentic finance just crossed a platform threshold
Robinhood launched beta support for “Agentic Trading” and an “Agentic Credit Card,” allowing customers to connect AI agents (e.g., ChatGPT/Claude) to a dedicated account to place trades and initiate purchases. This moves agentic execution from experimentation to consumer-facing rails, forcing real design decisions on permissions, limits, audit trails, liability, and dispute handling.
Action
Define an “agent-permissions” standard now (scopes, transaction limits, step-up auth, time-bounded tokens, and immutable logs) that can be reused across brokerage, payments, and treasury workflows. Pressure-test your fraud/chargeback and suitability frameworks for agent-initiated activity—because customer intent and agent behavior won’t align cleanly under today’s policies.
Citizens Bank is standardizing omni-channel account opening with MANTL via Alkami—deposit growth and KYC ops efficiency play
Citizens Bank expanded its relationship with Alkami by selecting MANTL to enhance account opening across all channels, aiming for a unified onboarding journey and improved efficiency. While not framed as “AI,” it’s a concrete modernization move that directly impacts conversion, KYC/IDV workflow design, and the ability to plug in automation (including AI) safely at the edges of the funnel.
Action
Benchmark your end-to-end onboarding conversion and time-to-fund against digital-native best-in-class; if you can’t measure drop-off by step, you can’t fix it. Use platform consolidation to simplify KYC/AML control testing and to insert targeted automation (document review, exception triage) without creating channel-specific risk gaps.
General AI
Large language models & AI infrastructure
OpenAI Codex is shifting from “IDE helper” to remote operator: secure Mac app control from a phone (even when locked) plus richer app context
OpenAI shipped Codex product updates that enable remote computer use: Codex can securely use apps on your Mac from your phone even when the Mac is locked, and added “Appshots” to capture both screenshots and text from Mac app windows for better working context. They also added team plugin sharing and more detailed org analytics, signaling enterprise rollout and manageability. Net: coding agents are becoming cross-device operators, not just chat-in-the-IDE assistants—this is the direction your developer and automation tooling vendors will follow.
Action
Push your CISO + End-User Computing teams to define an “agent remote-control” policy now (allowed apps, privileged actions, logging/attestation, and isolation), because this capability is landing in mainstream tooling and will be requested by engineering and ops teams.
Anthropic claims its Mythos model found 10,000+ software vulnerabilities—LLMs are becoming exploit-finders at scale
Anthropic says its Mythos Preview model uncovered more than 10,000 cybersecurity vulnerabilities as part of Project Glasswing, aimed at countering AI-powered cyberattacks. The headline isn’t marketing—it’s a signal that vulnerability discovery is being industrialized, compressing the attacker/defender cycle and raising the baseline for secure software operations.
Action
Upgrade AppSec capacity assumptions: expect more findings, faster, and in older code you thought was “stable.” Revisit patch SLAs, compensating controls, and vendor security attestations with the explicit premise that AI will surface latent vulnerabilities continuously—not just during periodic pen tests.
Microsoft added Mistral Medium 3.5 to Copilot Studio—multi-model agent building is becoming the default enterprise posture
Microsoft announced Mistral Medium 3.5 is now available in Copilot Studio’s model lineup for building agents, expanding beyond a single-model worldview. This accelerates a practical reality for enterprises: model choice will be workload-specific (cost, latency, data residency, safety), and platform teams will need governance that spans models—not just prompts.
Action
Stand up a model-portfolio policy (approved models by use case, data classification, evaluation gates, and fallbacks) instead of letting each team pick ad hoc. Use multi-model support to drive leverage in vendor negotiations and to reduce concentration risk for critical workflows.