New at Horizon3.ai

Meeting the ECB’s AI-Enabled Cybersecurity Mandate with NodeZero

A practical way for significant institutions to build a credible action plan before the 31 October 2026 deadline.

The Mandate

On 7 July 2026, the European Central Bank (ECB) warned significant institutions that frontier AI models can identify vulnerabilities and generate working exploits at unprecedented speed, compressing the time between discovery and exploitation.

The ECB is calling on banks to assess the impact of this evolving threat landscape without delay and to submit a comprehensive action plan to their Joint Supervisory Team by 31 October 2026.

The Challenge

Traditional, manual, point-in-time testing is insufficient against these high-speed threats.

Banks must pivot from maintaining lists of theoretical vulnerabilities to evidence-based validation.

How NodeZero supports the ECB’s six focus areas:

  1. Protect the attack surface: Finds and validates reachable exposure.
  2. Accelerate vulnerability and patch management: Prioritizes real risk and confirms fixes work.
  3. Enhance monitoring, detection, and AI-enabled defense: Tests whether controls detect likely attack paths.
  4. Strengthen governance and supply chain assurance: Turns findings into evidence for prioritization and oversight.
  5. Reinforce defense-in-depth and cyber hygiene: Validates whether core controls stop escalation and lateral movement.
  6. Improve operational resilience and recovery: Exercises realistic attack paths to test response and recovery.

NodeZero helps banks fight AI with AI by continuously validating what is actually exploitable, proving remediation works, and generating governance-ready evidence that supports a more credible action plan.

225,000

pentests safely run in production

Horizon3.ai is trusted by global governments, Fortune 10 giants, and major healthcare providers, where the need for security and safety is absolute.

Proven in Financial Services:

A tier-1 financial services organization’s first autonomous internal pentest illustrates the shift from point-in-time compliance testing to continuous, evidence-based resilience.

Rapid Deployment

3 full domain compromise pathways and 586 previously undiscovered critical impacts found in less than 14hrs.

7.2M

Files found to be accessible to any domain user.

117

Hosts NodeZero obtained admin rights to by abusing domain user privileges

Explore customer stories