What happened
Germany's Federal Financial Supervisory Authority (BaFin) warned that cyber risks are 'growing' and 'substantial' due to advances in AI and announced a new division dedicated to conducting targeted inspections at financial institutions to assess AI-related cyber preparedness, particularly in response to Mythos and similar frontier models.
Why it matters
This is the first formal regulator-mandated inspection regime specifically targeting AI cyber risk in a major financial center. It establishes a precedent that frontier AI capabilities (both defensive and offensive) are now subject to financial stability oversight, requiring banks and fintech to document AI security posture and vendor risk.
Action needed
Financial institutions operating in EU must prepare AI vendor risk assessments, inventory frontier models in use, and document access controls. Expect BaFin-mandated audit requirements for AI vulnerability discovery workflows within 6–12 months.