Blog | comforte

ECB Warning Shows How AI Is Changing the Threat Landscape

Written by Thomas Stoesser | Jul 16, 2026

These are concerning times to be a CISO. While business users are racing to adopt new AI tools to drive productivity and efficiency improvements, governments, regulators and security experts are all ringing alarm bells. In financial services, the stakes are particularly high.

The IMF has previously warned that cyber-attacks have caused losses in the sector exceeding $20bn. Now it’s feared that AI will supercharge threats and expose critical systems and data. That’s why the European Central Bank (ECB) last week issued a new demand that banks in the region draw up specific plans to tackle AI-powered threats.

One of the most effective ways they can do so is to take a data-centric approach to cybersecurity.

Why the ECB Is Worried

The ECB is giving European banks four months to come up with their plans. Its concerns are echoed across the industry, and beyond. The most powerful AI models are capable of finding and exploiting novel vulnerabilities, and new attack paths that network defenders may not have previously considered. That’s why Anthropic, OpenAI and others are restricting access to their top models.

However, even lesser LLMs are already having an impact, making attacks cheaper and faster to launch at scale. According to Verizon, only a quarter (26%) of critical and exploited vulnerabilities were fully remediated by organizations in 2025, a drop from 38% the previous year. Median time to resolve was also up, from 32 days to 43 days, as organizations struggled with the growing volume of CVEs discovered by AI.

It All Comes Down to Data

All of which means AI is making traditional perimeter-based security less effective – and not just because of its ability to rapidly exploit new vulnerabilities. AI can also help to automate credential-based attacks, and improve phishing ROI for attackers.

The technology isn’t just arming threat actors. As it makes its way into a growing number of organizations, AI infrastructure itself becomes a target – for sabotage, data theft and extortion. The threat is as much an insider as an external one: shadow AI and accidental leakage are a toxic combination for many organizations.

This is why security and governance efforts must start with the data itself. By automatically discovering, classifying and applying strong data protection to data, wherever it is in the organization, organizations effectively render it useless to hackers. This mean that, even if their AI-powered phishing, credential abuse or vulnerability exploitation efforts succeed in breaching perimeter defenses, they will not be able to extort a ransom or monetize it in other ways. This is the value of comforte TAMUNIO.

Three Layers of Defense for AI

However, comforte’s TAMUNIO goes beyond providing protection from AI-powered attacks. It also helps organizations to manage risk across their own fast-growing AI attack surface. This is the AI infrastructure that is not only a target for external threat actors, but is also a wider governance, security and compliance risk.

TAMUNIO offers three layers of defense:

  1. Protecting data before it reaches any AI system

    TAMUNIO ensures sensitive fields like names, payment cards, health records and account IDs are tokenized before being sent to public LLMs, AI copilots, third-party analytics, RAG pipelines, or MCP-connected AI workflows that access databases and enterprise information sources. This reduces the risk of leaks and breaches, simplifies GDPR/PCI DSS 4.0 compliance, and accelerates AI time to value.

  2. Detecting and deidentifying sensitive data on the fly

    This applies to structured and semi-structured data, whether it’s in AI prompts, text-based outputs, MCP-connected data exchanges, or third-party model interactions. It further reduces risks associated with human error and limits bad actor opportunities.

  3. Confidential compute for mission-critical workloads

    When your AI model absolutely must access plaintext data, such as for model training and inference, TAMUNIO ensures it can do so securely by using Data Sovereignty Zones for hardware-level isolation, and enforcement of runtime security policies. It’s particularly valuable for organizations in heavily regulated industries that want to accelerate AI adoption without increasing business risk.

Building resilience, driving business growth

Although central banks in the US and UK have been more circumspect in their advice to financial institutions, the ECB’s approach is sound. As the UK’s National Cyber Security Centre (NCSC) recently warned: “AI is changing how attacks are carried out, increasing their scale and speed.” Rapid advances in agentic AI could soon help attackers automate the “complete intrusion lifecycle,” in a way that will overwhelm many defenders, it added.

Financial services firms must therefore think carefully about how to build resilience against the backdrop of a rapidly evolving threat landscape. One of the best ways of doing so, while unlocking the power of data for business growth, remains data-centric security powered by TAMUNIO. Its tokenization capabilities mean that data can still be used for AI and analytics. But crucially, bad actors can’t unmask it. At a time when AI risk is running rampant, it puts businesses back in control of their own destiny.