On 7 July 2026, Claudia Buch, Chair of the ECB's Supervisory Board, wrote to the chief executive of every significant institution under European banking supervision. Letter SSM-2026-0301 gives each bank until 31 October to hand its Joint Supervisory Team an action plan on AI-enabled cybersecurity threats. The same day, the European Systemic Risk Board issued a warning on systemic cyber risk from frontier AI models. Frankfurt doesn't coordinate publications like that by accident.
The letter makes one narrow, technical claim: AI models can now find software vulnerabilities and produce working exploits fast enough to collapse the gap between discovery and exploitation. The ECB calls this a durable shift rather than a temporary phenomenon or a quirk of any single tool. The risks themselves are old ones. What's new is how fast they land.
The asks are spelled out: faster vulnerability and patch management, stronger monitoring and detection, proof that third-party risk management holds under current conditions, and a plan for legacy and end-of-life systems, replaced where possible and contained where not. There are no new rules; DORA stays the binding requirement. The ECB even pushed its annual IT Risk Questionnaire back to February 2027 to free up capacity. When a supervisor clears your calendar, it expects the time to be used.
The line that will outlast the deadline sits in an annex. AI-native and AI-assisted defensive tools, the ECB writes, "can help institutions keep pace with AI-enabled threats," provided governance, validation, and human oversight accompany them. Read that twice. A European supervisor has put in writing that human-speed defence alone won't hold against machine-speed attack. The rest of the letter hangs off that admission.
You can patch a server. You can't patch a customer.
The letter is about infrastructure: perimeter technologies, internet-facing assets, patching pipelines, legacy estates. About the place where AI-enabled attacks already make money, the customer channel, it says almost nothing.
There's a structural reason fraud sits outside the letter's logic, and it fits in two sentences. You can patch a server. You can't patch a customer. Every control in the ECB's annex assumes the vulnerability lives in code that the bank can find and fix. In fraud, the vulnerability is a person's trust in a phone call, and the exploit is a conversation. Criminals worked this out long before frontier models made headlines. Smishing now arrives in fluent, native-register language in every European market. Cloned voices sail past call-back checks. Deepfake videos keep an Authorised Push Payment scam alive at the exact moment a victim would once have grown suspicious, and automation runs mule networks at a pace no manual team can trace. An exploited vulnerability is a cost the attacker still has to monetise. A completed fraudulent payment is revenue. Machine-speed offence showed up in fraud first because fraud pays first.
Fraud teams have lived this diagnosis for years, mostly with tooling built for a slower enemy. The standard stack is a smoke detector wired to a phone that rings in a busy office. It senses well enough, then waits for someone to pick up, walk over, and decide what to do while the fire spreads. The con itself is old. What mutates is everything detectable around it: lure texts, sending domains, malware droppers, device profiles, mule routes. Regenerating any of them now costs the attacker close to nothing, so variants appear faster than rules committees can convene. Alert queues outgrow analyst headcount. By the time a human confirms the pattern, the campaign has already moved on. The ECB's warning that unresolved weaknesses turn material as attack speed rises reads, to anyone running fraud operations at a European bank, like a description of Monday morning.
What keeping pace takes
The ECB's answer for infrastructure, defence that runs at the attacker's speed under human governance, already has a working equivalent in fraud. Aviation settled the same trust question decades ago. Nobody hand-flies a passenger jet through a storm. The automation flies; the pilot commands. Authority moved up a level, from the stick to the system, and flying got safer, not less accountable.
Fraud defence is making the same move. A system observes the customer session, decides, and acts at the speed of the attack, while humans set policy, validate outcomes, and govern risk rather than approving every individual action. That operating model is Autonomous Fraud Operations, and it stopped being a thought experiment in December 2025, when Cleafy put it into production: detection, investigation and response running continuously against live traffic, fraud teams directing the system rather than racing it. Governance, validation and human control, the ECB's conditions for defensive AI, are the terms this model already operates under. The letter arrived after the approach was proven. What it adds is supervisory confirmation that defence at this speed is the only kind that scales.
Between now and 31 October, every significant institution will write an action plan for its infrastructure, and boards will read them. The useful move is to add one extra question to the Head of fraud while the letter is still on the table: when an attack starts within a customer session, how long will it take the bank to act, and how many people stand between the first signal and the response. A bank that answers in seconds, with humans governing rather than queuing, has machine-speed defence where the money moves. A bank that answers in hours is running the reactive model, the ECB just called insufficient, on the one side of the business where the losses already land in the P&L. On infrastructure, the supervisor set the deadline. In fraud, the attackers set it a while ago.
*Source: SSM-2026-0301, Addressing AI-enabled cybersecurity threats, 7 July 2026
%20CTA%20Blog%20Banners%20-%20Cleafy%20%20(5).png)
%20(3).png)
.png)
%20(1)%20copia%203.png)
%20(2).png)
%20copia%207.png)