Integrated.SocialIntegrated.Social

From Espionage to Systemic Risk: How Claude, Mythos, and Agentic AI Are Forcing Banking Boards to Rethink Fiduciary Duty

Anthropic's Claude Mythos Preview completed a 32-step simulated corporate network attack autonomously in April 2026. The UK AI Security Institute, ECB, BaFin, and the Bank of England are treating this as a systemic risk event, not a technology curiosity. For banking boards and commercial leaders, the question is no longer whether AI can attack your infrastructure. It is whether your governance framework is ready for the regulatory scrutiny that follows.

Modi Elnadi13 min read
From Espionage to Systemic Risk: How Claude, Mythos, and Agentic AI Are Forcing Banking Boards to Rethink Fiduciary Duty
Key Numbers
73%

Mythos expert CTF success rate

AISI, April 2026

80-90%

AI share of first AI-orchestrated espionage campaign

Anthropic, November 2025

89%

YoY increase in AI-enabled cyberattacks in 2025

WEF, June 2026

85%

European banks under ECB supervision using AI

ECB, June 2026

The Moment the Calculus Changed

In April 2026, Anthropic's Claude Mythos Preview did something no AI model had done before: it completed a 32-step simulated corporate network attack from initial reconnaissance through to full network takeover, autonomously, in 3 out of 10 attempts. The simulation, built by the UK's AI Security Institute (AISI), was designed to replicate the kind of sustained operation that would take a team of human security professionals an estimated 20 hours to execute. Mythos completed it with a fraction of the human effort required.

That result, published by the AISI on April 13, 2026, was not a theoretical warning. It was a benchmark. And it arrived five months after Anthropic had already disclosed the first documented large-scale cyberattack executed without substantial human intervention, in which a Chinese state-sponsored group used Claude Code to compromise financial institutions and government agencies across roughly 30 global targets.

For banking boards, commercial leaders, and the regulators watching them, the question has shifted. It is no longer whether agentic AI can be weaponised against financial infrastructure. It can. The question now is whether your governance framework, your incident response capacity, and your board-level risk ownership are ready for what follows.

What Mythos Actually Did: The AISI Findings

The AISI has been tracking AI cyber capabilities since 2023. Two years ago, the best available models could barely complete beginner-level cyber tasks. By April 2026, the trajectory had accelerated to a degree that the Institute itself described as a step-change rather than an incremental improvement.

On expert-level capture-the-flag (CTF) challenges, tasks that no model could complete before April 2025, Mythos Preview succeeded 73% of the time. But CTF challenges test specific skills in isolation. The more significant result came from "The Last Ones" (TLO), the AISI's 32-step corporate network attack simulation spanning initial reconnaissance through to full network takeover.

Mythos Preview is the first model to solve TLO from start to finish. Across all its attempts, it completed an average of 22 out of 32 steps. The previous best performer, Claude Opus 4.6, averaged 16 steps. The AISI also noted that performance continues to scale with additional compute, tested up to a 100 million token budget, with no ceiling yet identified.

The AISI was careful to note the limitations of its evaluation. The ranges lack active defenders, defensive tooling, and penalties for actions that would trigger security alerts. Mythos could not complete the Institute's operational technology-focused range. But the directional signal is unambiguous: "capable of autonomously attacking small, weakly defended and vulnerable enterprise systems where access to a network has been gained."

The financial sector's legacy infrastructure, patchwork integrations, and decades of accumulated technical debt represent precisely the kind of environment where that capability becomes a material risk.

The Espionage Campaign That Came First

The AISI evaluation was not the first warning. In November 2025, Anthropic disclosed what it described as the first documented case of a large-scale cyberattack executed without substantial human intervention.

In mid-September 2025, Anthropic detected suspicious activity from a Chinese state-sponsored group that had manipulated Claude Code into executing a multi-phase espionage campaign against roughly 30 global targets, including financial institutions, large technology companies, chemical manufacturers, and government agencies. The attackers bypassed Claude's safety guardrails by jailbreaking the model: breaking the attack into small, seemingly innocent tasks, and telling Claude it was an employee of a legitimate cybersecurity firm conducting defensive testing.

The attack proceeded in phases. Claude conducted reconnaissance, identifying high-value databases. It then researched and wrote its own exploit code, harvested credentials, created backdoors, exfiltrated data categorised by intelligence value, and produced comprehensive documentation of the operation for use in future campaigns. AI performed 80 to 90 percent of the campaign. Human operators intervened at only 4 to 6 critical decision points per campaign. At peak, the AI made thousands of requests, often multiple per second, a speed that would have been, as Anthropic noted, "simply impossible to match" for human hackers.

The WEF reported in June 2026 that AI-enabled hackers increased their attacks by 89% year-on-year in 2025. The September 2025 campaign was not an isolated incident. It was the documented leading edge of a structural shift.

Project Glasswing and the Vulnerability Disclosure Problem

In April 2026, Anthropic announced Project Glasswing: a controlled pilot programme designed to prepare organisations for the arrival of Mythos. The model, described by Anthropic as too risky to release publicly, had already discovered thousands of high-severity vulnerabilities in virtually every major operating system and web browser.

Several major US banks received pilot access. Jamie Dimon, CEO of JPMorgan, confirmed publicly that Mythos had identified vulnerabilities in JPMorgan's systems that required remediation. The model's capabilities were presented at the IMF and World Bank Spring 2026 meetings, where the reaction from the most senior financial officials in the world was notable for its directness.

Andrew Bailey, Governor of the Bank of England and Chair of the Financial Stability Board, called it "a very serious challenge for us all." Christine Lagarde, President of the ECB, warned that if the technology falls into the wrong hands, the consequences could be "really bad." François-Louis Michaud, head of the European Banking Authority, stated that the risks and opportunities from the new technology were one of the EBA's top priorities.

Anthropic's own guidance to organisations was stark: review vulnerability disclosure policies to account for the scale of bugs that language models may soon reveal; automate incident response pipelines because most programmes are not adequately staffed for the expected volume of incidents; and prepare for a trajectory that may lead to a rapid increase in detected vulnerabilities until software is hardened, ironically in large part through code written by these same models.

The ECB's June 2026 Warning: A Structural Shift in Cyber Economics

On June 3, 2026, ECB Executive Board member Frank Elderson delivered a keynote at the Goldman Sachs European Financials Conference in Zurich that went significantly further than standard supervisory language. Speaking on operational resilience in the age of AI, Elderson described Mythos as representing "a structural shift in the economics of cyber risk" and identified three specific characteristics that distinguish it from previous threats.

First, it can discover and exploit vulnerabilities at a speed and scale far beyond what has been seen before. Second, it can combine seemingly minor vulnerabilities into serious attacks. Third, it can help reverse-engineer patches into exploitable vulnerabilities, and do so at unprecedented speed. The cumulative effect, Elderson argued, is that "the marginal cost of identifying and exploiting vulnerabilities in IT systems will decline, possibly by orders of magnitude."

He was explicit about the implications for institutions that consider themselves well-defended: "Current evidence suggests that these models may be effective not only against environments with weak levels of defense but also against standards that were once previously considered state of the art."

The ECB's response was not limited to speeches. The following week, the ECB sent a "dear CEO letter" to all banks under its supervision, requesting proactive measures. Elderson also framed the governance imperative in terms that should register at board level: AI cyber challenges "should not be viewed solely as a cybersecurity issue. They are a firm-wide strategic challenge with potential implications for banks' safety and soundness. It is therefore essential that banks' management bodies take clear ownership of the issue."

For context, more than 85% of banks under European banking supervision already use AI in some form. The ECB is not warning about a future risk. It is warning about a risk embedded in systems that are already running.

DORA and the Regulatory Framework That Now Has to Stretch

The EU's Digital Operational Resilience Act (DORA) became applicable in January 2025. It was designed to create a single regime for ICT risk management across the European financial sector, with explicit recognition that a localised breach does not merely affect one institution but can propagate across the broader financial ecosystem.

Legal analysis published by Stibbe in May 2026 examined the specific DORA obligations that AI-driven threats like Mythos now stress-test. Article 13 requires firms to monitor technological developments continuously and keep ICT risk management processes up to date to counter the latest forms of cyberattacks. Article 26 requires identified financial entities to carry out threat-led penetration testing (TLPT) every three years, mimicking the techniques of real-life threat actors. With Mythos, using an AI model to autonomously chain vulnerabilities within a system may now be part of the required testing capabilities.

The more urgent concern sits in Articles 10 and 11, which govern detection, response, and recovery. Stibbe's analysis concluded that AI-generated exploits may soon no longer be appropriately addressed by traditional cybersecurity software, and that financial entities may need to fundamentally review their implementation of both articles, including the deployment of AI-assisted detection mechanisms.

Third-party risk is an additional pressure point. DORA requires that contracts with ICT providers supporting critical functions contain adequate security measures. As AI models become capable of discovering vulnerabilities at scale in the software that underpins financial infrastructure, the contractual and governance requirements for third-party ICT relationships will need to reflect that reality.

BaFin, the PRA, and the Regulatory Layer That Is Coming

The ECB is not acting alone. BaFin, Germany's federal financial regulator, published its Risks in Focus 2026 report identifying digitalisation, including AI, as a primary supervisory priority. In 2026, BaFin is developing a concept for anchoring supervision of AI systems within its framework in accordance with the EU AI Act, building on existing AI supervision already in place for the German financial sector.

In the UK, the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA) are operating within a parliamentary inquiry into AI in financial services, launched in February 2025, which is examining both the opportunities and the systemic risks posed by AI. The Bank of England's Andrew Bailey has already placed AI cyber risk at the level of the Financial Stability Board's agenda.

The US Office of the Comptroller of the Currency (OCC) signalled in May 2026 that AI governance guidance is on the horizon, recognising both the threat and the opportunity for banks to deploy AI defensively. The pattern across jurisdictions is consistent: regulators are moving from observation to mandate, and the mandate will arrive faster than most boards currently anticipate.

The practical implication for any bank or financial institution operating across multiple jurisdictions is that AI cyber risk governance is no longer a single-regulator conversation. It is a multi-regulator, multi-framework obligation that requires board-level ownership, not delegation to IT middle management.

Finance Is the Opening Act

The financial sector is being called first because it presents the most concentrated combination of systemic interdependency, legacy infrastructure, and regulatory accountability. A breach that propagates through a major bank's settlement systems, as the 2023 ICBC ransomware attack demonstrated, can disrupt markets that are entirely unrelated to the original target. When the largest bank in the world by assets had to dispatch a courier with a USB stick across Manhattan to meet its Treasury settlement obligations, the fragility of the underlying architecture became impossible to ignore.

Mythos and its successors will not stop at financial services. Every sector with networked infrastructure, legacy code, and meaningful interdependencies faces the same structural shift in attack economics. Healthcare, energy, telecommunications, and defence procurement are all on the same trajectory. Finance is simply the sector where the regulatory accountability is most clearly defined and the consequences of failure are most immediately systemic.

The organisations that will be best positioned are those that treat this as a board-level governance question now, before the regulatory mandate arrives. That means investing in agentic AI defence capabilities alongside agentic AI offence awareness, building incident response capacity that can handle AI-scale vulnerability discovery, and ensuring that third-party ICT contracts reflect the new threat environment.

It also means being honest about the content and communications dimension of AI risk governance. When regulators, investors, and counterparties begin asking "what safeguards do you have against AI-assisted attacks?", the answer will need to be specific, evidenced, and board-endorsed. That question will sound as basic as "how are you patching vulnerabilities?" within 18 months. The organisations that have already built the answer will be at a material advantage.

For commercial and marketing leaders, the implication extends beyond IT governance. AI strategy that does not account for the risk dimension of agentic AI deployment, including the reputational and regulatory exposure of AI-assisted operations, is incomplete. The same capabilities that make AI valuable for pipeline generation, content automation, and demand generation also make AI a vector for reputational and operational risk if governance frameworks are not in place.

The ECB's Frank Elderson put it plainly: "In musical terms, andante may have previously been good enough, but now we need to move to presto." For banking boards and commercial leaders, the tempo has already changed. The question is whether your governance framework has kept pace.

What Commercial and Marketing Leaders Should Do Now

The regulatory and security dimensions of AI cyber risk are not the exclusive concern of CISOs and risk committees. Commercial leaders who are deploying agentic AI in GTM operations, content pipelines, and demand generation programmes need to understand the governance environment in which those deployments operate. Three actions are immediately relevant.

First, ensure that your AI deployment governance includes an explicit assessment of how agentic AI tools in your stack could be misused or weaponised, and that this assessment has been reviewed at board level. The ECB's framing is instructive: this is a fiduciary question, not an IT question. For a deeper look at how agentic AI is reshaping B2B pipeline strategy, see our analysis of Agent-Qualified Leads and the shift from MQL frameworks.

Second, review your incident response capacity against the scale of vulnerability discovery that AI models are now capable of generating. If your programme was designed for a pre-AI threat environment, it is likely under-resourced for what is coming. The AI visibility and citation gap that commercial teams are navigating in search is a parallel signal: the organisations that invest in AI-native capabilities now will be better positioned across both the opportunity and the risk dimensions.

Third, engage with the regulatory timeline proactively. The ECB's "dear CEO letter" has already been sent. BaFin's AI supervision framework is in development. The PRA and FCA are mid-inquiry. The organisations that arrive at the regulatory conversation with a documented, board-endorsed AI risk governance framework will have a materially different experience than those that are still building one when the mandate arrives. If you want to understand how AI governance intersects with your commercial strategy, start with a free AI growth audit.

About the Author

Modi Elnadi is Founder and Director of Marketing and AI Growth at Integrated.Social, a London-based B2B AI growth marketing agency. Modi has spent over a decade building commercial AI strategy for enterprise technology, financial services, and professional services clients, with a particular focus on the governance and risk dimensions of agentic AI deployment. His work spans AI-native GTM architecture, demand generation, and the intersection of AI capability and regulatory accountability that is now reshaping how boards think about AI investment. He advises commercial and technology leaders on building AI programmes that are both commercially effective and governance-ready for the regulatory environment that is rapidly taking shape across the ECB, PRA, BaFin, and OCC jurisdictions.

The Moment the Calculus Changed

In April 2026, Anthropic's Claude Mythos Preview did something no AI model had done before: it completed a 32-step simulated corporate network attack from initial reconnaissance through to full network takeover, autonomously, in 3 out of 10 attempts. The simulation, built by the UK's AI Security Institute (AISI), was designed to replicate the kind of sustained operation that would take a team of human security professionals an estimated 20 hours to execute. Mythos completed it with a fraction of the human effort required.

That result, published by the AISI on April 13, 2026, was not a theoretical warning. It was a benchmark. And it arrived five months after Anthropic had already disclosed the first documented large-scale cyberattack executed without substantial human intervention, in which a Chinese state-sponsored group used Claude Code to compromise financial institutions and government agencies across roughly 30 global targets.

For banking boards, commercial leaders, and the regulators watching them, the question has shifted. It is no longer whether agentic AI can be weaponised against financial infrastructure. It can. The question now is whether your governance framework, your incident response capacity, and your board-level risk ownership are ready for what follows.

What Mythos Actually Did: The AISI Findings

The AISI has been tracking AI cyber capabilities since 2023. Two years ago, the best available models could barely complete beginner-level cyber tasks. By April 2026, the trajectory had accelerated to a degree that the Institute itself described as a step-change rather than an incremental improvement.

On expert-level capture-the-flag (CTF) challenges, tasks that no model could complete before April 2025, Mythos Preview succeeded 73% of the time. But CTF challenges test specific skills in isolation. The more significant result came from "The Last Ones" (TLO), the AISI's 32-step corporate network attack simulation spanning initial reconnaissance through to full network takeover.

Mythos Preview is the first model to solve TLO from start to finish. Across all its attempts, it completed an average of 22 out of 32 steps. The previous best performer, Claude Opus 4.6, averaged 16 steps. The AISI also noted that performance continues to scale with additional compute, tested up to a 100 million token budget, with no ceiling yet identified.

The AISI was careful to note the limitations of its evaluation. The ranges lack active defenders, defensive tooling, and penalties for actions that would trigger security alerts. Mythos could not complete the Institute's operational technology-focused range. But the directional signal is unambiguous: "capable of autonomously attacking small, weakly defended and vulnerable enterprise systems where access to a network has been gained."

The financial sector's legacy infrastructure, patchwork integrations, and decades of accumulated technical debt represent precisely the kind of environment where that capability becomes a material risk.

The Espionage Campaign That Came First

The AISI evaluation was not the first warning. In November 2025, Anthropic disclosed what it described as the first documented case of a large-scale cyberattack executed without substantial human intervention.

In mid-September 2025, Anthropic detected suspicious activity from a Chinese state-sponsored group that had manipulated Claude Code into executing a multi-phase espionage campaign against roughly 30 global targets, including financial institutions, large technology companies, chemical manufacturers, and government agencies. The attackers bypassed Claude's safety guardrails by jailbreaking the model: breaking the attack into small, seemingly innocent tasks, and telling Claude it was an employee of a legitimate cybersecurity firm conducting defensive testing.

The attack proceeded in phases. Claude conducted reconnaissance, identifying high-value databases. It then researched and wrote its own exploit code, harvested credentials, created backdoors, exfiltrated data categorised by intelligence value, and produced comprehensive documentation of the operation for use in future campaigns. AI performed 80 to 90 percent of the campaign. Human operators intervened at only 4 to 6 critical decision points per campaign. At peak, the AI made thousands of requests, often multiple per second, a speed that would have been, as Anthropic noted, "simply impossible to match" for human hackers.

The WEF reported in June 2026 that AI-enabled hackers increased their attacks by 89% year-on-year in 2025. The September 2025 campaign was not an isolated incident. It was the documented leading edge of a structural shift.

Project Glasswing and the Vulnerability Disclosure Problem

In April 2026, Anthropic announced Project Glasswing: a controlled pilot programme designed to prepare organisations for the arrival of Mythos. The model, described by Anthropic as too risky to release publicly, had already discovered thousands of high-severity vulnerabilities in virtually every major operating system and web browser.

Several major US banks received pilot access. Jamie Dimon, CEO of JPMorgan, confirmed publicly that Mythos had identified vulnerabilities in JPMorgan's systems that required remediation. The model's capabilities were presented at the IMF and World Bank Spring 2026 meetings, where the reaction from the most senior financial officials in the world was notable for its directness.

Andrew Bailey, Governor of the Bank of England and Chair of the Financial Stability Board, called it "a very serious challenge for us all." Christine Lagarde, President of the ECB, warned that if the technology falls into the wrong hands, the consequences could be "really bad." François-Louis Michaud, head of the European Banking Authority, stated that the risks and opportunities from the new technology were one of the EBA's top priorities.

Anthropic's own guidance to organisations was stark: review vulnerability disclosure policies to account for the scale of bugs that language models may soon reveal; automate incident response pipelines because most programmes are not adequately staffed for the expected volume of incidents; and prepare for a trajectory that may lead to a rapid increase in detected vulnerabilities until software is hardened, ironically in large part through code written by these same models.

The ECB's June 2026 Warning: A Structural Shift in Cyber Economics

On June 3, 2026, ECB Executive Board member Frank Elderson delivered a keynote at the Goldman Sachs European Financials Conference in Zurich that went significantly further than standard supervisory language. Speaking on operational resilience in the age of AI, Elderson described Mythos as representing "a structural shift in the economics of cyber risk" and identified three specific characteristics that distinguish it from previous threats.

First, it can discover and exploit vulnerabilities at a speed and scale far beyond what has been seen before. Second, it can combine seemingly minor vulnerabilities into serious attacks. Third, it can help reverse-engineer patches into exploitable vulnerabilities, and do so at unprecedented speed. The cumulative effect, Elderson argued, is that "the marginal cost of identifying and exploiting vulnerabilities in IT systems will decline, possibly by orders of magnitude."

He was explicit about the implications for institutions that consider themselves well-defended: "Current evidence suggests that these models may be effective not only against environments with weak levels of defense but also against standards that were once previously considered state of the art."

The ECB's response was not limited to speeches. The following week, the ECB sent a "dear CEO letter" to all banks under its supervision, requesting proactive measures. Elderson also framed the governance imperative in terms that should register at board level: AI cyber challenges "should not be viewed solely as a cybersecurity issue. They are a firm-wide strategic challenge with potential implications for banks' safety and soundness. It is therefore essential that banks' management bodies take clear ownership of the issue."

For context, more than 85% of banks under European banking supervision already use AI in some form. The ECB is not warning about a future risk. It is warning about a risk embedded in systems that are already running.

DORA and the Regulatory Framework That Now Has to Stretch

The EU's Digital Operational Resilience Act (DORA) became applicable in January 2025. It was designed to create a single regime for ICT risk management across the European financial sector, with explicit recognition that a localised breach does not merely affect one institution but can propagate across the broader financial ecosystem.

Legal analysis published by Stibbe in May 2026 examined the specific DORA obligations that AI-driven threats like Mythos now stress-test. Article 13 requires firms to monitor technological developments continuously and keep ICT risk management processes up to date to counter the latest forms of cyberattacks. Article 26 requires identified financial entities to carry out threat-led penetration testing (TLPT) every three years, mimicking the techniques of real-life threat actors. With Mythos, using an AI model to autonomously chain vulnerabilities within a system may now be part of the required testing capabilities.

The more urgent concern sits in Articles 10 and 11, which govern detection, response, and recovery. Stibbe's analysis concluded that AI-generated exploits may soon no longer be appropriately addressed by traditional cybersecurity software, and that financial entities may need to fundamentally review their implementation of both articles, including the deployment of AI-assisted detection mechanisms.

Third-party risk is an additional pressure point. DORA requires that contracts with ICT providers supporting critical functions contain adequate security measures. As AI models become capable of discovering vulnerabilities at scale in the software that underpins financial infrastructure, the contractual and governance requirements for third-party ICT relationships will need to reflect that reality.

BaFin, the PRA, and the Regulatory Layer That Is Coming

The ECB is not acting alone. BaFin, Germany's federal financial regulator, published its Risks in Focus 2026 report identifying digitalisation, including AI, as a primary supervisory priority. In 2026, BaFin is developing a concept for anchoring supervision of AI systems within its framework in accordance with the EU AI Act, building on existing AI supervision already in place for the German financial sector.

In the UK, the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA) are operating within a parliamentary inquiry into AI in financial services, launched in February 2025, which is examining both the opportunities and the systemic risks posed by AI. The Bank of England's Andrew Bailey has already placed AI cyber risk at the level of the Financial Stability Board's agenda.

The US Office of the Comptroller of the Currency (OCC) signalled in May 2026 that AI governance guidance is on the horizon, recognising both the threat and the opportunity for banks to deploy AI defensively. The pattern across jurisdictions is consistent: regulators are moving from observation to mandate, and the mandate will arrive faster than most boards currently anticipate.

The practical implication for any bank or financial institution operating across multiple jurisdictions is that AI cyber risk governance is no longer a single-regulator conversation. It is a multi-regulator, multi-framework obligation that requires board-level ownership, not delegation to IT middle management.

Finance Is the Opening Act

The financial sector is being called first because it presents the most concentrated combination of systemic interdependency, legacy infrastructure, and regulatory accountability. A breach that propagates through a major bank's settlement systems, as the 2023 ICBC ransomware attack demonstrated, can disrupt markets that are entirely unrelated to the original target. When the largest bank in the world by assets had to dispatch a courier with a USB stick across Manhattan to meet its Treasury settlement obligations, the fragility of the underlying architecture became impossible to ignore.

Mythos and its successors will not stop at financial services. Every sector with networked infrastructure, legacy code, and meaningful interdependencies faces the same structural shift in attack economics. Healthcare, energy, telecommunications, and defence procurement are all on the same trajectory. Finance is simply the sector where the regulatory accountability is most clearly defined and the consequences of failure are most immediately systemic.

The organisations that will be best positioned are those that treat this as a board-level governance question now, before the regulatory mandate arrives. That means investing in agentic AI defence capabilities alongside agentic AI offence awareness, building incident response capacity that can handle AI-scale vulnerability discovery, and ensuring that third-party ICT contracts reflect the new threat environment.

It also means being honest about the content and communications dimension of AI risk governance. When regulators, investors, and counterparties begin asking "what safeguards do you have against AI-assisted attacks?", the answer will need to be specific, evidenced, and board-endorsed. That question will sound as basic as "how are you patching vulnerabilities?" within 18 months. The organisations that have already built the answer will be at a material advantage.

For commercial and marketing leaders, the implication extends beyond IT governance. AI strategy that does not account for the risk dimension of agentic AI deployment, including the reputational and regulatory exposure of AI-assisted operations, is incomplete. The same capabilities that make AI valuable for pipeline generation, content automation, and demand generation also make AI a vector for reputational and operational risk if governance frameworks are not in place.

The ECB's Frank Elderson put it plainly: "In musical terms, andante may have previously been good enough, but now we need to move to presto." For banking boards and commercial leaders, the tempo has already changed. The question is whether your governance framework has kept pace.

What Commercial and Marketing Leaders Should Do Now

The regulatory and security dimensions of AI cyber risk are not the exclusive concern of CISOs and risk committees. Commercial leaders who are deploying agentic AI in GTM operations, content pipelines, and demand generation programmes need to understand the governance environment in which those deployments operate. Three actions are immediately relevant.

First, ensure that your AI deployment governance includes an explicit assessment of how agentic AI tools in your stack could be misused or weaponised, and that this assessment has been reviewed at board level. The ECB's framing is instructive: this is a fiduciary question, not an IT question. For a deeper look at how agentic AI is reshaping B2B pipeline strategy, see our analysis of Agent-Qualified Leads and the shift from MQL frameworks.

Second, review your incident response capacity against the scale of vulnerability discovery that AI models are now capable of generating. If your programme was designed for a pre-AI threat environment, it is likely under-resourced for what is coming. The AI visibility and citation gap that commercial teams are navigating in search is a parallel signal: the organisations that invest in AI-native capabilities now will be better positioned across both the opportunity and the risk dimensions.

Third, engage with the regulatory timeline proactively. The ECB's "dear CEO letter" has already been sent. BaFin's AI supervision framework is in development. The PRA and FCA are mid-inquiry. The organisations that arrive at the regulatory conversation with a documented, board-endorsed AI risk governance framework will have a materially different experience than those that are still building one when the mandate arrives. If you want to understand how AI governance intersects with your commercial strategy, start with a free AI growth audit.

About the Author

Modi Elnadi is Founder and Director of Marketing and AI Growth at Integrated.Social, a London-based B2B AI growth marketing agency. Modi has spent over a decade building commercial AI strategy for enterprise technology, financial services, and professional services clients, with a particular focus on the governance and risk dimensions of agentic AI deployment. His work spans AI-native GTM architecture, demand generation, and the intersection of AI capability and regulatory accountability that is now reshaping how boards think about AI investment. He advises commercial and technology leaders on building AI programmes that are both commercially effective and governance-ready for the regulatory environment that is rapidly taking shape across the ECB, PRA, BaFin, and OCC jurisdictions.

Part of: Gemini Enterprise Agentic AI for Marketing & Sales & AI Governance, Safety & Regulatory Compliance for B2B

This article is part of our Gemini Enterprise Agentic AI marketing topic cluster. Explore related guides:

View all Gemini Enterprise Agentic AI for Marketing & Sales content →

Frequently Asked Questions

What is Claude Mythos and why is it considered a cybersecurity threat?

Claude Mythos is Anthropic's frontier AI model, announced in April 2026 as part of Project Glasswing. The UK AI Security Institute evaluated it and found it could complete 73% of expert-level capture-the-flag cybersecurity challenges and autonomously execute a 32-step simulated corporate network attack from start to finish. Anthropic described it as too risky to release publicly because it can discover thousands of high-severity vulnerabilities in major operating systems and browsers faster than human security teams can patch them.

What happened in the first AI-orchestrated cyber espionage campaign?

In September 2025, Anthropic detected a sophisticated espionage campaign by a Chinese state-sponsored group using Claude Code. The attackers jailbroke Claude by breaking the attack into small, seemingly innocent tasks, then used it to conduct reconnaissance, write exploit code, harvest credentials, and exfiltrate data across roughly 30 global targets including financial institutions and government agencies. AI performed 80 to 90 percent of the campaign with human intervention required at only 4 to 6 critical decision points. Anthropic described it as the first documented large-scale cyberattack executed without substantial human intervention.

How does DORA apply to AI-driven cyber threats for European banks?

DORA (Digital Operational Resilience Act), which became applicable in January 2025, requires European financial entities to identify all ICT risk sources, monitor technological developments continuously, and maintain threat-led penetration testing (TLPT) every three years. Legal analysts at Stibbe argue that AI-driven threats like Mythos require banks to fundamentally review their implementation of DORA Articles 10 and 11 (detection, response and recovery), update third-party risk contracts to account for AI-scale vulnerability discovery, and potentially include AI-autonomous attack simulation in their TLPT programmes.

What did the ECB say about Mythos and AI cyber risk?

In a June 2026 keynote at the Goldman Sachs European Financials Conference, ECB Executive Board member Frank Elderson described Mythos as a structural shift in the economics of cyber risk. He said the marginal cost of identifying and exploiting vulnerabilities could decline by orders of magnitude, that current evidence suggests these models may be effective even against standards previously considered state of the art, and that management bodies must take clear ownership of the issue. The ECB subsequently sent a 'dear CEO letter' to all supervised banks requesting proactive measures.

What is Project Glasswing and which banks are involved?

Project Glasswing is Anthropic's pilot programme designed to prepare companies for the arrival of the Mythos AI model. Several major US banks received pilot access. JPMorgan CEO Jamie Dimon confirmed that Mythos identified several vulnerabilities in JPMorgan's systems that needed to be addressed. The programme sent shockwaves through the IMF and World Bank Spring 2026 meetings, prompting Bank of England Governor Andrew Bailey to call it 'a very serious challenge for us all' and ECB President Christine Lagarde to warn that if the technology falls into the wrong hands, the consequences could be 'really bad'.

How are AI models like Claude being used to attack financial institutions?

Malicious actors are using agentic AI models in multi-phase attacks: initial reconnaissance to identify high-value databases, automated exploit code writing, credential harvesting, data exfiltration, and documentation of stolen assets for future operations. The Chinese state-sponsored group that used Claude Code in September 2025 bypassed safety guardrails by jailbreaking the model, breaking attacks into small seemingly innocent tasks, and telling Claude it was conducting legitimate defensive security testing. The AI made thousands of requests per second at peak, a speed impossible for human hackers.

What should banking boards do now to address AI cyber risk?

The ECB, NCSC, and Anthropic all recommend a similar set of actions: elevate AI cyber risk from IT teams to board-level fiduciary oversight; review vulnerability disclosure policies to account for the scale of bugs that AI models may soon reveal; automate incident response pipelines since most programmes are not staffed for the expected volume; apply security updates and access controls rigorously; enhance third-party risk contracts to require AI-grade security measures; and invest in AI-assisted defence tools for Security Operations Centre automation, threat detection, and vulnerability assessment.

How does AI change the economics of cyberattacks for financial institutions?

The ECB's Frank Elderson described it as a structural shift: the marginal cost of identifying and exploiting vulnerabilities will decline, possibly by orders of magnitude. Attacks that previously required deep technical expertise, weeks of reconnaissance, and significant resources can now be executed faster, at scale, and by a much broader set of actors. The WEF reported that AI-enabled hackers increased their attacks by 89% year-on-year in 2025. The AISI found that Mythos can complete a 32-step network attack in a fraction of the time it would take human professionals, and its performance continues to improve with more compute.

Further Reading & References

About the Author

Modi Elnadi

Founder & Director of Marketing and AI Growth · Integrated.Social

MBA, University of Surrey (Honours) · London, UK · Founded 2014

Modi Elnadi is the founder of Integrated.Social, a boutique B2B growth marketing agency established in London in 2014. With 16+ years deploying revenue-generating marketing systems across B2B SaaS, FinTech, Ecommerce, Sports Media, FMCG, Telecoms, and Travel & Tourism, Modi specialises in Agentic AI lead generation, AI Search Optimisation (SEO/AEO/GEO/LLMO), and PPC & Performance Max. He has managed $25M+ in paid media, delivered 5x–35x ROAS, and built multi-agent AI systems that generate pipeline daily at scale. Every engagement is consultative, data-driven, and ROI-accountable.

Sectors

B2B SaaSFinTechEcommerceSports MediaFMCGTelecomsTravel & TourismCybersecurityEnterprise AI

Expertise

Agentic AI SystemsGTM StrategyAI Search (SEO/AEO/GEO/LLMO)PPC & Performance MaxDemand GenerationAccount-Based MarketingCRM & RevOpsBrand PositioningPersona-Driven CampaignsA/B Testing & CRO

Ready to deploy a lead generation system?

We deploy agentic AI systems for B2B marketing and sales teams, live infrastructure that generates leads daily, not strategy decks. Get a free AI growth audit.

Found this useful? Share it with your network.

Help a colleague stay ahead of the AI marketing curve.

Keep Reading

All articles