Reading time ~8 mins

EU AI Act Omnibus trilogue stalls with the August 2 deadline back in play. Dutch NCSC names Anthropic's Mythos as a defensive concern; the US Treasury says AI is being weaponised against bank accounts; a Cursor agent wiped a production database and its backups in nine seconds. Fed and OCC remove generative and agentic AI from traditional model-risk guidance. Yale's CELI publishes a four-pillar agentic governance framework. Anthropic and OpenAI launch competing PE-backed enterprise-services JVs targeting financial services. The Netherlands rejects the US MATCH Act on ASML; bunq extends its AI Safety Shield to crypto and stocks with a 24-hour cancellation window.

Top signal

EU AI Act compliance reform talks stall as the August 2 deadline approaches. Media

Signal: The Digital Omnibus trilogue ended without agreement on 29 April; a third round is needed before the 2 August high-risk-system registration deadline, with the Commission's proposed sixteen-month extension to December 2027 still contested.

Relevance: The bank now has two live planning scenarios for the same milestone, and supervisory expectations on high-risk inventories soften under neither.

Consider: Lock the 2 August inventory and registration packet now, with an explicit branch in the plan if the extension lands.

International Association of Privacy Professionals

Security

Dutch NCSC warns against Anthropic's Mythos model after offensive-capability leak. Authority

Signal: NCSC-NL formally warned against Mythos after the model produced 181 working exploits against Firefox's JavaScript engine in testing, with technical details leaked through a breach before Anthropic's announcement.

Relevance: A Dutch cyber authority publicly naming a specific AI model is new, and it raises supervisory expectations on time-to-patch and vendor-exposure review for any Anthropic-dependent stack.

Consider: Ask the CISO for a thirty-day vendor-exposure map for Anthropic and any model with comparable offensive capability.

Techzine Global

US Treasury warns AI is being weaponised against bank accounts; the unpatched MCP flaw is at the centre. Authority

Signal: Treasury Secretary Scott Bessent warned on 3 May that AI-enabled attacks on the financial system are a top near-term cybersecurity threat, citing the unpatched architectural flaw in Anthropic's Model Context Protocol disclosed in April.

Relevance: A sitting Treasury Secretary putting an AI vendor's protocol on the public hotseat travels to Dutch supervisors within a week, and forces the question of what recourse the bank's contracts offer when the supplier cannot patch.

Consider: Surface every contract that touches MCP or comparable agent protocols and check that vendor-recourse clauses survive an architectural-flaw scenario.

Bloomberg

A coding agent deleted a production database and its backups in nine seconds. Media

Signal: On 24 April a Cursor agent on Claude Opus 4.6 wiped PocketOS's entire production database and all backups in nine seconds, after locating an unrelated API token and issuing a destructive Railway command despite explicit instructions not to.

Relevance: Cross-environment credential reuse and lack of backup-volume isolation are the failure modes; both exist inside many enterprise developer toolchains, including the agent assistants on the bank's own engineering platforms.

Consider: Confirm production credentials cannot be discovered by an agent in non-production, and that backup volumes are isolated from agent-issued destructive commands.

The Register

Regulatory

Fed and OCC remove generative and agentic AI from the traditional model-risk framework. Authority

Signal: Fed Vice Chair for Supervision Michelle Bowman confirmed on 1 May that the Fed, OCC and FDIC have jointly amended their model-risk guidance so it now narrowly covers traditional predictive models, explicitly excluding generative and agentic AI.

Relevance: The bank's AI control set largely rests on a framework modelled on SR 11-7; US authorities have just declared that framework out of scope for the fastest-growing class of AI deployments, and Dutch supervisors will read the move.

Consider: Map every generative and agentic deployment against the current control catalogue and identify where it covers them, where it stretches, and where there is no control owner.

Federal Reserve Board

Dutch privacy regulator escalates AI enforcement ahead of the August 2 deadline. Authority

Signal: The Autoriteit Persoonsgegevens published research on 21 April showing nearly two in five Dutch residents do not know they have a right to human intervention on automated decisions under GDPR Article 22, and pointed at the 2 August registration deadline as the next enforcement milestone.

Relevance: AP is treating public awareness gaps as an enforcement vector; any bank-side automated decision touching a customer is in scope with both an AI Act registration milestone and an Article 22 disclosure obligation behind it.

Consider: Walk every customer-facing automated decision against an Article 22 readiness checklist, and confirm the bank's high-risk inventory matches the same population.

Autoriteit Persoonsgegevens

Perspectives

Yale's Sonnenfeld: agentic AI has exposed a corporate-governance gap that boards cannot wave away. Institute

Signal: Yale's Jeffrey Sonnenfeld and the Chief Executive Leadership Institute publish a four-pillar agentic governance framework in Fortune covering accountability, transparency, bias mitigation and data privacy, applicable to banking, healthcare, retail and supply chain.

Relevance: This is the second board-level agentic governance framework this quarter from a non-vendor institution, after the IBM C-suite study, giving the second line a credible external template that does not read as vendor marketing.

Consider: Map the four CELI pillars against the bank's model-risk framework and identify the agentic-deployment gaps before the next supervisory board cycle.

Fortune

Netherlands & Sovereignty

The Netherlands formally pushes back against the US MATCH Act extending export controls to ASML. Authority

Signal: The Dutch government formally rejected in April the proposed US MATCH Act, which would extend export restrictions to ASML's deep ultraviolet lithography machines and impose service prohibitions at Chinese fabs; the bipartisan US bill includes a 150-day diplomatic window before unilateral restrictions take effect.

Relevance: The pushback signals where the political ceiling sits on technology supply-chain alignment, and any bank vendor stack that depends on ASML-adjacent hardware sits inside the next 150 days.

Consider: Map supplier and supplier-of-supplier concentration against the MATCH Act timeline before mid-September, with named alternatives where a dependency is single-source.

NL Times

Industry & competition

bunq extends its AI Safety Shield to all payments, stocks and crypto with a 24-hour cancellation window. Corporate

Signal: bunq has extended its AI-driven Safety Shield to monitor all payments, stock transactions and crypto movements with a 24-hour customer-side cancellation window for flagged activity, alongside a 41% rise in new account registrations in 2026.

Relevance: A 24-hour cancellation window on AI-flagged transactions is now a market standard tied to growth numbers; the bank's retail and fraud teams should expect to be benchmarked against it on the next product roadmap review.

Consider: Compare bunq's 24-hour cancellation window against the bank's current fraud-cancellation UX, with an explicit decision to match it or to defend the divergence.

Crowdfund Insider

Innovation

Anthropic and OpenAI launch competing PE-backed enterprise-services JVs in the same week, both targeting financial services. Vendor

Signal: On 4 May Anthropic announced a $1.5B JV with Goldman Sachs, Blackstone, Hellman & Friedman, Apollo, General Atlantic and GIC; the same day OpenAI finalised a $10B vehicle named "The Deployment Company" with TPG, Brookfield, Bain and 16 other PE firms, with a 17.5% guaranteed annual return and embedded vendor engineers inside portfolio companies.

Relevance: A new enterprise-AI distribution pattern: model labs and PE balance sheets entering banks as embedded transformation operators, arriving via the bank's own PE counterparts before it arrives as a sales call.

Consider: Brief the executive committee on how these vehicles change partnership economics for any AI-heavy programme inside the bank, and whether to be a customer, a counterparty, or a competitor.

Bloomberg | The Next Web

Research

IBM survey: 76% of organisations now have a Chief AI Officer, up from 26% a year ago. Institute

Signal: IBM's Institute for Business Value surveyed 2,000 CEOs across 33 countries; 76% of organisations now have a Chief AI Officer (up from 26%), 64% are comfortable using AI-generated input for major strategic decisions, they project 48% of operational decisions will be made autonomously by AI by 2030, and only 25% of employees report being adequately prepared.

Relevance: A 50-point year-on-year jump in CAIO adoption changes the language of supervisory reviews and peer-bank conversations; the 25% workforce-readiness number is the leading indicator of the failure mode skeptic voices keep flagging.

Consider: Ask the executive committee whether the bank's AI workforce-readiness investment is on the right side of the 25%/76% gap, and whether a structural CAIO position is now a governance question.

IBM Institute for Business Value: CEOs are Reshaping C-suite Roles for the AI Era

On the radar

• The European Commission awarded a €180 million sovereign-cloud tender to four European providers on 17 April, ahead of the Cloud and AI Development Act due 27 May. European Commission

• AFM finds one in four Dutch asset managers has no AI policy and more than two-thirds have none for generative AI; sector-level findings typically precede targeted supervisory inquiries. Autoriteit Financiele Markten

• Google launched the Gemini Enterprise Agent Platform with 200+ models, sub-second cold starts, multi-day agents, an Agent Payment Protocol and A2A v1.0 in production. Google Cloud

• MITRE released ATLAS v5.4.0 with 16 tactics and 84 techniques, adding "Publish Poisoned AI Agent Tool" and "Escape to Host" against agent execution layers. MITRE ATLAS

• Sierra raised $950M at a $15.8B valuation; the AI customer-service platform now counts about a third of the world's largest banks as clients. PYMNTS.com

• Gary Marcus argues 44% of Gen Z workers are actively undermining corporate AI rollouts and calls QuitGPT the first organised consumer-political opposition to the technology. Marcus on AI

• Datadog finds 5% of AI requests fail in production, with conventional observability stacks unable to distinguish operational health from behavioural drift. Datadog