AI Pulse Daily Brief | 2026-06-23
Reading time ~12 mins
Attackers are already exploiting an AI gateway flaw that can expose model credentials, prompts and routing settings. EU supervisors published the first DORA incident baseline, while Dutch policymakers pushed back on AI privacy-law relaxation and acknowledged an AI-assistant supervision gap. Santander, Morgan Stanley, Deutsche Bank and Scotiabank show banking AI moving from internal assistants into measured value, client-operated agents and workforce-scale controls.
Top signal
Attackers are exploiting an AI gateway flaw that can expose model credentials. Institute
Cloud Security Alliance reported on 13 June that attackers are actively exploiting a flaw in LiteLLM, an open-source gateway used to route traffic between applications and AI models. The US cyber agency added the flaw to its exploited-vulnerability catalog on 8 June. A compromised gateway can expose model-provider credentials, usage logs, prompts, responses, routing settings and connected AI infrastructure.
This cuts through because AI gateways sit at the junction between internal applications and external model providers. The blast radius is concentrated but serious: organizations running this gateway, directly or through vendors, can lose credentials and model traffic from one middleware layer. For the bank, this turns experimental AI infrastructure into an operational-resilience surface that resembles identity or payment plumbing more than ordinary application software.
Regulatory
EU supervisors published the first DORA incident baseline, with an AI cyber warning. Authority
The European Supervisory Authorities published their first Article 22(2) report under the EU's Digital Operational Resilience Act on 3 June 2026. The report covers 3,383 major technology incidents reported for 2025, excludes final reports submitted after the 5 February 2026 cutoff, and says around one third had cross-border impact while almost one third originated from third-party failures. Cybersecurity incidents were 10% of the total, but the supervisors warned that highly capable AI tools require the highest cybersecurity standards.
This matters because DORA is now moving from legal obligation into comparative incident evidence. The stake is whether the bank can explain provider-origin failures, cross-border impact and AI-enabled attack scenarios against the supervisory baseline. The 2026 validation cycle has a clearer yardstick than the first reporting year did.
Dutch cabinet opposed AI privacy-law relaxations in EU negotiations. Media
iBestuur reported on 22 June that an 18 June 2026 Tweede Kamer letter says the Dutch cabinet is trying to block parts of the European Omnibus Digital package affecting AI privacy rules. The cabinet objects to a proposed GDPR Article 6 legitimate-interest basis for certain AI uses, wants any Article 9 exception for special-category personal data narrowed as far as possible, and says no full impact assessment was performed before further Council of the European Union negotiations.
This lands because Dutch AI deployment planning cannot assume that European privacy rules will loosen in the near term. The present stake is compliance calibration: business domains using personal data in AI systems face a Dutch policy position that still leans conservative while the EU negotiation is live. That matters before any final text changes the operating room for data-heavy AI use cases.
Dutch AI-assistant supervision remains unsettled while AI Act duties start applying. Authority
Tweede Kamer reported a 2 June 2026 question-time exchange on company AI assistants used in settings such as customer service. The state secretary said part of the European AI Act already applies while the Netherlands still has to designate national supervisors. AI Act Article 5 prohibited-practices rules already apply, and Article 50 transparency duties for interacting with AI systems apply from 2 August 2026.
This matters because customer-facing AI assistants can draw parliamentary attention before the Dutch supervisory architecture is tidy. The stake for digital channels is the gap between legal duties and institutional assignment: business domains can be in scope even while the formal question of which Dutch supervisor leads is still open. That is exactly the kind of timing gap that creates reputational risk before enforcement routines are mature.
Perspectives
Board oversight is moving into agent memory, data location and AI cost. CxO voice
Chief Executive interviewed Iterate.ai co-founder and CEO Jon Nordmark on 22 June about treating AI as a fiduciary and strategic governance topic rather than an IT initiative. Nordmark argued that boards need to scrutinize shared-cloud infrastructure, long-term AI memory, data exposure, vendor incentives, usage-cost economics and the persistence of agentic systems before risky workflows become normal. This is a medium-confidence executive perspective, not a measured cross-industry study.
This cuts through because it frames AI oversight as a set of decisions already embedded in architecture and procurement. The stake is oversight evidence: agent memory, where data sits, who benefits from vendor lock-in and how usage costs grow are now governance facts, not technical side-notes. That lens connects directly to today's security and DORA items, where control failures show up as resilience risk.
CFO scrutiny is reaching enterprise AI budgets. Media
Forbes contributor Ron Schmelzer argued on 22 June that enterprise AI buying is moving from demos into finance-led budget review. The article says vendors are adding usage analytics, spend controls, cost allocation, throttles and safeguards for runaway agents as AI costs begin to resemble cloud computing: small unit charges can become material when agents repeatedly call models, search data, use tools or hand work across systems.
This matters because AI value cases are shifting from adoption counts to governed production economics. The stake for domain leaders is measurement: who used the system, what it cost, what business outcome changed, and which limit stopped uncontrolled usage. This is a perspective piece, but it names a budget discipline that scaled AI workflows increasingly need to survive finance scrutiny.
Netherlands & Sovereignty
AFM tied AI compute scarcity to financial-stability concentration risk. Authority
The Netherlands Authority for the Financial Markets' 2026 Financial Stability Report, published on 8 June, says financial institutions rely heavily on digital infrastructure and a limited number of cloud and AI service providers. AFM says demand for AI computing power is growing faster than supply, creating dependency on a limited number of providers, while many cloud, software and AI providers are non-European. It also warns that geopolitical tensions can turn digital dependencies into pressure points through sanctions or abrupt service interruption.
This matters because a Dutch supervisor is placing AI infrastructure inside the same risk frame as outsourcing concentration and operational resilience. The stake is present in the next supplier and continuity reviews: AI compute access, provider location and exit options are no longer only sourcing preferences. They are becoming financial-stability evidence.
Netherlands Authority for the Financial Markets
European Commission proposed a cloud and AI sovereignty framework. Authority
The European Commission's Cloud and AI Development Act page, published on 3 June, says the proposal aims to strengthen Europe's sovereignty and competitiveness in cloud and AI. It targets at least tripling EU data-centre capacity within five to seven years, introduces a single EU-wide sovereignty framework for cloud and AI, and links public-sector procurement to European added value, supply-chain resilience and open source. The Commission explicitly frames over-reliance on non-EU cloud providers as a risk to digital autonomy and resilience.
This matters because European sovereignty policy is becoming a practical vocabulary for cloud and AI hosting choices. The stake for a Dutch bank is the assessment language: infrastructure location, third-country independence, ownership and software transparency are moving into the same discussion as model hosting and sensitive workload placement. The proposal is not yet a binding procurement rule, but it is a durable signal for how European control may be judged.
Industry & competition
Santander put AI metrics around its 185,000-employee rollout. Corporate
Banco Santander said on 22 June that it is extending AI access to all 185,000 employees and has moved from ambition into group-wide execution. The bank reported EUR 35 million in AI-generated business value in Q1 2026, said it is on track to exceed EUR 200 million by year-end, and targets more than EUR 1 billion in AI value from 2026 to 2028. It also reported 17,000 people using AI in software, 40% of code developed by AI in June, 100,000 anti-money-laundering alerts processed yearly by Openbank AI models, and more than 280 process automation agents in production.
This is medium-confidence because the figures are self-reported, but the disclosure still cuts through. The stake is measurement discipline: Santander is connecting employee access, engineering use, anti-money-laundering operations and process agents to a public value number. That gives bank leaders a concrete comparator for how AI value is being narrated at enterprise scale, even before the numbers can be treated as audited outcomes.
Morgan Stanley opened wealth platforms to client-operated AI agents. Media
Citybiz, citing CNBC, reported on 3 June that Morgan Stanley plans to let corporate clients' autonomous AI agents access data and insights from its ShareWorks and Equity Edge stock-plan administration platforms. The report says Morgan Stanley has already granted early access to selected clients and plans to expand access to about 3,400 stock-plan administration clients by next year. The source is secondary reporting, but the control pattern is specific.
This matters because the novelty is not another internal assistant. The stake is delegated access: externally operated software may begin interacting with regulated financial-service platforms on behalf of corporate clients. That shifts consent, audit logging, accountability and liability from future design questions into a live banking precedent.
Deutsche Bank says AI cut some investment-bank task timelines to three months. Media
PYMNTS.com reported on 18 June that Deutsche Bank's investment-bank technology chief told Reuters that AI is helping the bank cut completion time for some tasks from two years to as little as three months. The article says the bank is developing AI tools to automate financial-data extraction and analysis and to link external events to portfolio exposure. It also says Deutsche Bank manages AI usage costs by allocating usage credits to engineers and allowing more when value can be demonstrated.
This is medium-confidence secondary reporting, so the precise cycle-time claim should be read cautiously. The reason it belongs is the pairing of value and cost controls: baseline cycle time, achieved reduction and usage-budget discipline appear in the same operating story. That is a useful pattern for separating scaled AI value from pilot anecdotes.
Innovation
US directive suspended two newly launched Anthropic enterprise models. Vendor
Anthropic said on 12 June that a US government export-control directive required it to suspend access to Claude Fable 5 and Claude Mythos 5, two newly launched frontier models, for all customers. Anthropic said the restriction was triggered by concerns over a possible safeguard bypass affecting cyber-capability controls, while access to other Claude models was unaffected. The affected models had launched for business use on 9 June 2026.
This is a short-window signal because access changed faster than enterprise procurement cycles. The stake is availability risk: a frontier model can become unavailable through government direction after launch, even when a vendor positions it for business use. For model-risk and procurement readers, that makes fallback terms, access controls and safeguard dependencies part of the deployment fact pattern rather than contract boilerplate.
Research
Anthropic found coding agents reward expertise more than job title. Vendor
Anthropic's report Agentic coding and persistent returns to expertise, published on 16 June, analyzed about 400,000 Claude Code sessions from roughly 235,000 people between October 2025 and April 2026. The report finds that users make about 70% of planning decisions while Claude makes about 80% of execution decisions. It also finds that expert-rated sessions trigger more than twice as many Claude actions per prompt and produce about five times as much output, while non-software occupations can reach at least partial success at nearly the same rate as software-related users.
This is medium-confidence vendor research because occupation, expertise and success are inferred from one product's telemetry. It still matters because it gives an early measured pattern for workforce redesign: agentic tools appear to reward domain knowledge, planning and verification, not only formal coding roles. That is a more useful training signal for business domains than treating coding agents as a developer-only productivity program.
Anthropic: Agentic coding and persistent returns to expertise
Security
Five national cyber agencies warned boards that AI is shortening response windows. Authority
The UK National Cyber Security Centre published a joint statement on 18 June from the UK, US, Canadian, Australian and New Zealand cyber agencies. The statement is aimed at senior leaders and boards rather than a single technical flaw. It says AI is increasing the speed, scale and sophistication of cyber attacks and shortening the time between a vulnerability being found and exploited.
This belongs late in the brief because it is framework guidance, not a new incident. The reason it still matters is the board-level source and the timing: national cyber agencies are telling leaders that control performance has to be evidenced in months, not years. For a bank already under DORA resilience expectations, that turns AI-enabled attacker speed into a governance and reporting question.
National Cyber Security Centre
On the radar
- Scotiabank said more than 71,000 employees now have access to its Scotia Intelligence tools, with 5,500 engineers using AI for coding and a 30% quarter-over-quarter increase in employee AI use for client-question replies. Scotiabank
- Q2 launched a customer-care AI agent for banks and credit unions, claiming data isolation, audit logging, human control over consequential actions and pilot support-request resolution under one minute. Q2 Holdings, Inc.