Speaking in an interview in Paris, Ross said geopolitical tensions and advances in AI are combining to heighten cybersecurity threats. She noted that regulators are increasingly focused on how AI models could accelerate the execution of cyberattacks, making them harder to detect and contain.
Her comments come amid reports that a new AI model developed by Anthropic can identify and exploit previously unknown vulnerabilities in IT systems, adding urgency to regulatory concerns about emerging technologies.
Ross said ESMA has been engaging financial institutions under its supervision to assess their cybersecurity readiness, particularly in light of developments in AI. She stressed the need for closer coordination between national and EU-level regulators to strengthen oversight capabilities and build technical expertise.
The warning aligns with broader efforts by European authorities to improve resilience in the financial sector. In November, ESMA and other EU regulators identified key technology firms considered critical to financial infrastructure under new rules aimed at enhancing operational stability. While declining to confirm whether AI providers could be added to that list, Ross indicated the regulatory framework remains under review.
Beyond cybersecurity, Ross highlighted concerns about elevated market valuations and potential volatility triggers. She cautioned that current investor optimism—driven in part by strong performance in technology stocks—could reverse sharply if disrupted by major events, potentially leading to significant market sell-offs.
Heightened volatility, she added, often prompts regulators to scrutinise trading activity for signs of insider dealing. Authorities including the U.S. Commodity Futures Trading Commission are already examining recent trades in oil derivatives following sharp price swings linked to geopolitical developments.
Ross also pointed to ongoing challenges in regulating the cryptocurrency sector. With national regulators across the EU tasked with overseeing crypto firms, companies have been given until the end of June to secure licences or cease operations. She noted that enforcing compliance after the deadline would be a key test for regulators.
Meanwhile, the European Commission has proposed expanding ESMA’s powers to supervise major cross-border financial players, including crypto firms, as part of efforts to centralise oversight and reduce fragmentation across EU markets.
Ross suggested there is growing political momentum among member states to advance these reforms, signalling a potential shift toward stronger, more unified financial supervision in the bloc.