EBA Warns AI Models Create New Cyber Risks for European Banks

The European Banking Authority warned that frontier large language models are creating new cyber risks for banks, the regulator said in its June 2026 Risk Assessment Report. The report said recent advances in these models have raised concerns among banks and supervisors.

The EBA said the models can generate highly convincing phishing emails, automate social engineering campaigns, and probe for weaknesses in AI-driven banking systems. Attackers could use them to craft malicious code tailored to a bank's specific infrastructure, the report said.

Banks that have deployed AI in customer service, fraud detection, or trading algorithms face the highest exposure, the EBA said. These systems rely on large datasets and model weights that, if stolen or manipulated, could cause widespread disruption.

The regulator recommended banks conduct regular red-teaming exercises, limit access to model weights, and implement strict data governance policies. It also urged supervisors to assess whether existing cybersecurity frameworks adequately cover AI-related threats.

The report highlighted that frontier models can be used for adversarial attacks on AI models themselves, such as data poisoning or model inversion. Smaller banks may lack the resources to defend against these threats, the EBA said.

The warning comes as European banks accelerate AI adoption to cut costs and improve efficiency. The EBA said it plans to issue detailed guidelines on AI risk management by the fourth quarter of 2026.