The European Systemic Risk Board (ESRB) warns against frontier AI models
The ESRB warns that frontier AI models have increased systemic risks and challenge the resilience of the financial system. Norges Bank and Finanstilsynet support the warning.
Advanced language models increase the risk of cyberattacks
New advanced AI models, often referred to as Frontier AI Models (FAIMs), have a significant capacity to identify and exploit weaknesses in operating systems and software, which are central to the current ICT infrastructure and financial systems.
In a press release, the ESRB states:
- Frontier AI models are changing the cyber threat landscape for the EU financial system.
- The models may increase speed, scale and sophistication of cyberattacks.
- Relevant authorities should reflect these risks in supervisory and oversight work.
The ESRB highlights that the frontier AI models are likely to strengthen cyber resilience in the long term. In the short term, however, they may provide an advantage to threat actors, enabling them to discover vulnerabilities with increased speed.
The threat landscape also affects the Norwegian financial system
Norges Bank and Finanstilsynet support the warning from the ESRB. New technology and artificial intelligence-based solutions can be used in institutions' defence against cyber threats but also in malicious attacks.
Rapid technological developments place high demands on institutions' digital defences, requiring them to maintain up-to-date systems and sufficient capacity to develop and implement a large number of patches and security updates. Norwegian financial institutions must closely monitor developments in the cyber threat landscape and ensure effective governance and control of both their own solutions and ICT operations that are fully or partly outsourced to third parties.
Norges Bank and Finanstilsynet follow up institutions' preparedness against malicious cyberattacks in their ongoing oversight and supervisory work within their respective areas of responsibility.
Link to the ESRB's press release.
Other relevant information
- Earlier this year, the Norwegian National Security Authority (NSM) provided guidance on how institutions need to be proactive in their efforts to reduce the risk of cyber operations.
- News item from NSM 12 May 2026 - https://nsm.no/aktuelt/om-mythos-og-anthropic (in Norwegian only)
- Finanstilsynet has addressed this risk in:
- The Risk and Vulnerability Analysis for 2026, published on 4 May 2026: https://www.finanstilsynet.no/publikasjoner-og-analyser/risiko--og-sarbarhetsanalyse/risiko--og-sarbarhetsanalyse-2026/risiko--og-sarbarhetsanalyse-2026/risiko--og-sarbarhetsanalyse-2026/, and in
- Risk Outlook, published on 12 June 2026: Risk Outlook – June 2026 - Finanstilsynet.no
- Norges Bank has addressed this risk in the Financial Infrastructure Report 2026, published on 10 June 2026 - https://www.norges-bank.no/en/news-events/publications/Financial-Infrastructure-Report/financial-infrastructure-2026/web-report-financial-infrastructure-2026/
- Finance Norway has issued advice to the industry on how to address new AI developments, published on 24 April 2026 - Finance Norway offers advice on how to address new AI developments (in Norwegian only)
About the ESRB
The ESRB is responsible for the macro-prudential oversight of the European financial system to contribute to the prevention and mitigation of systemic risk. Both Norges Bank and Finanstilsynet are Norwegian ESRB participants.