The European Central Bank (ECB) has instructed banks across the euro zone to develop comprehensive plans to defend against artificial intelligence-powered cyberattacks, giving lenders until October 31 to submit their strategies.

The directive comes as regulators grow increasingly concerned that advanced AI systems could be used to launch sophisticated cyberattacks capable of disrupting banking operations, payment networks, and critical financial infrastructure. According to the ECB, such threats could undermine public confidence in the financial system if left unaddressed.

In a letter sent to bank chief executives, the ECB urged financial institutions to strengthen the security of internet-facing systems and other high-risk digital assets. Banks were also advised to improve protections for third-party software, open-source technologies, and other external components that could become targets for cybercriminals.

The central bank called on lenders to accelerate software updates, patch security vulnerabilities more quickly, expand real-time monitoring, and enhance their overall cybersecurity frameworks. It also encouraged banks to modernize outdated IT infrastructure, improve cyber hygiene practices, and strengthen incident response, recovery planning, and information-sharing procedures.

To allow banks to focus on these priorities, the ECB said it would postpone a separate IT-related supervisory survey and may adjust the timing of certain inspections.

The warning was reinforced by the European Systemic Risk Board (ESRB), which cautioned that a major cyber incident could have consequences far beyond individual institutions. According to the ESRB, a large-scale attack could damage trust in banks, disrupt payment and settlement systems, and potentially trigger financial instability if customers lose confidence in affected institutions.

The ESRB also highlighted the growing risk of coordinated cyber campaigns, including attacks supported by misinformation and state-backed actors. Because many financial institutions rely on the same technology providers and software platforms, a successful breach at one point in the ecosystem could quickly spread across the wider banking sector.

The ECB's latest guidance reflects the increasing urgency among regulators to strengthen cyber resilience as artificial intelligence continues to reshape both defensive and offensive cybersecurity capabilities.