The rapid penetration of generative artificial intelligence into the financial industry is forcing regulators to move from passive observation to strict preventive control. We at NEWSCENTRAL note that, amid record financial results in the European banking sector, supervisory authorities have launched a deep review of technological risks associated with the deployment of next generation neural networks. The center of this regulatory pressure is Italy, where the national central bank has begun large scale consultations with representatives of the technology sector. Market precedents clearly show that financial institutions are increasingly facing hidden vulnerabilities when integrating third party large language models, which requires immediate standardization of all cybersecurity processes. The eurozone is facing an unprecedented challenge, where the speed of commercial releases of innovative algorithms significantly outpaces the creation of state protection mechanisms.
The reason for emergency closed door discussions organized by Bank of Italy Governor Fabio Panetta in the framework of his policy address to the financial community was the need for a detailed assessment of latent threats originating from IT suppliers. The regulator has involved national supervisory bodies, key market players, and digital service providers in the discussion. We at NEWSCENTRAL consider this step a logical extension of the European Digital Operational Resilience strategy DORA. Central banks can no longer unconditionally rely on assurances from technology giants and rightly demand full transparency even before commercial solutions are integrated into critical infrastructure. Additional data from international supervisory bodies confirm that software supply chain vulnerability is currently the main vector for cross border cyberattacks on financial conglomerates, with the European Central Bank already conducting similar stress tests for more than one hundred of Europe’s largest credit institutions.
European regulators are particularly concerned about specific advanced AI models, including Mythos from Anthropic. Originally, this system was developed as a defensive tool capable of rapidly scanning code and eliminating vulnerabilities in financial institutions’ software. However, cybersecurity experts have identified a dangerous dual use aspect of this technology. Freddy Miller, Senior Analyst at NEWSCENTRAL, points out that the Mythos model has critical duality, since algorithms that can effectively detect security gaps in order to fix them can also be used by malicious actors to automate and dramatically accelerate cyberattacks against the same banking perimeters. External independent tests by IT laboratories confirm that generative models of this class are capable of creating complex polymorphic exploits that bypass traditional detection systems within seconds, turning defensive software into potential offensive cyber weapons. This dual nature has prompted the European Commission to urgently request access to closed testing of Mythos in order to assess risks before the model’s wider release within the internal EU market.
The regulator’s position on this issue remains uncompromising. Fabio Panetta has stated clearly that outsourcing IT tasks to external contractors does not in any way remove responsibility from commercial banks for business stability and the protection of customer confidential data. We at NEWSCENTRAL emphasize that this statement marks an important legal shift, as fintech companies and cloud providers now share operational risks on the same level as licensed banks, forcing a revision of hundreds of existing service contracts. This fully aligns with the global trend of tightening liability rules for outsourcing critical processes. European supervision will no longer allow financial institutions to shift responsibility for large scale data breaches onto external software developers.
To mitigate technological threats, the Bank of Italy strongly recommends directing part of the record surplus profits recently earned by banks toward deep modernization of cybersecurity systems and the creation of specialized reserve funds. At the same time, the Italian regulator stresses that simply purchasing new software products will not solve the problem systemically. A full restructuring of corporate governance is required, including the creation of transparent control algorithms at board level, a clear definition of top management accountability zones, and the implementation of instant incident response plans. This approach is shared by other eurozone regulators, which point to a deficit in IT expertise among senior financial executives, who often approve AI systems without understanding the basic principles of their complex neural architectures.
We see in this development a long term structural trend that will soon affect the entire global financial market. Banks will have to accept that cybersecurity costs will become a permanent and significant expense, noticeably reducing net margin. At NEWS CENTRAL we forecast that within the next two years strict requirements for auditing AI models will become an international standard, fundamentally changing the rules of the fintech market. Financial institutions that ignore current regulatory recommendations and fail to restructure their control systems today will inevitably face not only sophisticated targeted cyberattacks but also harsh sanctions from supervisory authorities, up to full restrictions on the use of innovative digital products. A strategic recommendation for the sector is the creation of isolated test environments, so called digital sandboxes, for verification of third party AI software before its official deployment into production systems. An era is beginning in which the main competitive advantage of a bank is not the speed of AI integration, but the controllability and security of its algorithms.