Anthropic's Mythos AI model sparks global concern over advanced hacking capabilities

UK gov's Mythos AI tests help separate cybersecurity threat from hype

Last week, Anthropic announced it was restricting the initial release of its Mythos Preview model to "a limited group of critical industry partners," giving them time to prepare for a model that it said is "strikingly capable at computer security tasks." Now, the UK government's AI Security Institute (AISI) has published an initial evaluation of the model's cyber-attack capabilities that adds some independent public verification to those Anthropic reports. AISI's findings show that Mythos isn't significantly different from other recent frontier models when it comes to tests of individual cyber-security related tasks. But Mythos could set itself apart from previous models through its ability to effectively chain these tasks together into the multi-step series of attacks necessary to fully infiltrate some systems. "The Last Ones" finally falls AISI has been putting various AI models through specially designed Capture the Flag challenges since early 2023, when GPT-3.5 Turbo struggled to complete any of the group's relatively low-level "Apprentice" tasks. Since then, performance of subsequent models has risen steadily, to the point where Mythos Preview can complete north of 85 percent of those same Apprentice-level CTF tasks. While that's technically a high-water mark for AISI's CTF tests, recent competing models like GPT-5.4 and Anthropic's own Opus 4.6 and Codex 5.3 showed comparable results (within 5 to 10 percent accuracy) across multiple CTF difficultly levels in recent months. That doesn't seem like a level of improvement that would necessitate the kind of protectionist limited release Anthropic has undertaken for Mythos Preview. Where Mythos showed more relative cyber-attack potential, though, is in "The Last Ones" (TLO), a test range that AISI set up to simulate a 32-step data extraction attack on a corporate network. The test, which requires "chaining dozens of steps together across multiple hosts and network segments" was intended to simulate the kind of sustained operations that would take a trained human roughly 20 hours to complete, AISI estimates. Here, Mythos outshined all previous models, becoming "the first model to solve TLO from start to finish," AISI said. While Anthropic's new model only succeeded in 3 out of 10 attempts, even the average Mythos Preview run got through 22 of the 32 required infiltration steps, significantly higher than the 16-step average achieved by Claude 4.6. Mythos Preview still has its limitations, though. AISI points out that the model still struggles with "Cooling Tower," an even more difficult seven-step test designed to simulate an attempted disruption of the control software for a power plant. But AISI also writes that it expects "our evaluations would continue to improve with more inference compute" past the 100 million token budget imposed for its tests. Small, weakly defended systems beware Overall, Mythos' performance on TLO suggests that the model "is at least capable of autonomously attacking small, weakly defended and vulnerable enterprise systems where access to a network has been gained," AISI writes. That said, the group cautions that its simulated cyber ranges lack the kind of active defenders and defensive tooling often present in critical real-world systems. AISI's TLO test is also designed to have specific vulnerabilities that might not exist in real-world systems and doesn't penalize models for the kind of detection that might cause a real-world infiltration attempt to fail. For those reasons, AISI says it can't be sure whether "well-defended systems" would fall to an automated attack from Mythos Preview. But as future models match or outperform Mythos' capabilities, AISI warns that those designing system protections should similarly utilize AI models to help harden their defenses.

What is Mythos and why are experts worried about Anthropic's AI model

The company says Mythos is too dangerous to release publicly. Cybersecurity experts agree the model's capabilities matter, but not all of them are buying the most alarming claims In the wake of Anthropic's announcement of its latest artificial intelligence model, Mythos, on April 7, the company has stood by an unusual decision: refusing to release it to the public. Not since OpenAI temporarily withheld its GPT-2 model in 2019 has a major developer deemed a system too dangerous for the public. More than a week later, that choice is still reverberating through finance and regulatory circles. "The fallout -- for economies, public safety, and national security -- could be severe," Anthropic said on its website. But while officials scramble to gauge the implications of the model's unprecedented hacking capabilities, cybersecurity experts are divided over whether Mythos marks a major break from what came before or an expected step down an already troubling path. Anthropic did not respond to a request for comment from Scientific American. If you're enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today. A 245-page technical document released alongside the announcement outlines what the company presents as a major leap in capability. The model operates like a senior software engineer, demonstrating an ability to spot subtle bugs and self-correct mistakes. It also scored 31 percentage points higher than Anthropic's previous cutting-edge model, Opus 4.6, on the USAMO 2026 Mathematical Olympiad, a grueling, two-day proof-based competition. But that same coding prowess makes Mythos a formidable offensive weapon, and Anthropic says it can outstrip all but the most skilled humans at identifying and exploiting software vulnerabilities. In tests, it found critical faults in every widely used operating system and web browser. Of those vulernabilities, 99 percent have not yet been patched. And Anthropic has disclosed only a fraction of what it says it has found. Independent evaluations suggest the danger is real, if more bounded than the company has implied: an assessment by the U.K.'s AI Security Institute (AISI), which was granted early access, found the model succeeded in expert-level hacking tasks 73 percent of the time. Prior to April 2025, no AI model could complete those tasks at all. Instead of a public rollout, Anthropic is limiting access to a clutch of organizations to use defensively, allowing them to scan their networks and patch problems before the flaws become public knowledge. That initiative is called Project Glasswing. The initial group includes Microsoft, Google, Apple, Amazon Web Services, JPMorgan Chase and Nvidia. Mythos is the first of a new crop of AI models that have been trained on next-generation graphics processing units (GPUs) -- the advanced chips that power AI training -- and its capabilities have continued to rattle financial firms well beyond the initial announcement: on Thursday, German banks said they were consulting authorities and cyber experts about the risks, while the Bank of England said AI risk testing had intensified after Mythos came into view. Yet the cybersecurity community remains split on the true severity of the threat. "The Anthropic announcement was very dramatic and was a PR success, if nothing else," says Peter Swire, a professor at the School of Cybersecurity and Privacy at the Georgia Institute of Technology and former advisor to the Clinton and Obama administrations. Swire notes that among his colleagues, "a large fraction of the cybersecurity professors believe this is pretty much what was expected, and pretty much more of the same." Ciaran Martin, professor of practice at the Blavatnik School of Government at the University of Oxford and former CEO of the U.K.'s National Cyber Security Center, shares that view. "It's a big deal, but it's unlikely to prove to be the end of the world," he says. "I would not be at the more apocalyptic end of the scale." AISI acknowledged limits to the AI's abilities. During testing, Mythos faced near-nonexistent software defenses that lacked many protections present in the real world -- a scenario Martin compares to a soccer forward scoring a goal against the world's worst goalkeeper. Neither expert denies that Mythos is a significant advance, but suggest the decisive regulatory action is partly driven by institutional self-preservation. "CISOs [chief information security officers] and cybersecurity vendors have a rational incentive to point out the potentially very severe consequences of a new development," Swire explains, even if their internal estimates assume the actual impact will be a fraction of what Anthropic's press release claims. As Martin notes, it is rare for any organization "to suffer commercial detriment by predicting calamity." "One risk after Mythos is that it will be easier to turn a vulnerability, a known flaw, into an exploit, something that somebody actually takes advantage of," Swire says. "Every cybersecurity defender should take Mythos seriously, but the expected harm to defense is likely to be far lower than the worst-case scenarios would suggest."

Mythos Access Must Be Granted on Level Playing Field, Nagel Says

Anthropic's Mythos model should be shared with affected organizations to ensure a level playing field in assessing its uses and dangers, according to Bundesbank President Joachim Nagel. The artificial intelligence platform, whose advances pose cyber threats to the global economy, shouldn't be held only for a select club of big US corporations, suggested Nagel, who's also a member of the European Central Bank's Governing Council. "We must prevent the misuse of this technology," he told a conference in Rome on Tuesday. "At the same time, all relevant institutions should have access to such technology to avoid competitive distortions." Anthropic's Mythos model has sparked global fears of a new era of cyber attacks, also threatening the stability of the financial system worldwide. Such worries featured prominently at last week's IMF spring meetings in Washington. Regulators, central bankers and corporate executives are seeking to gain more insight on Mythos, which hasn't been widely released. There are concerns that financial systems outside the US - including Europe - are at a disadvantage because they have limited access. "This AI model seems to be a double-edged sword," Nagel said. "It could be used not only to improve digital security systems, but also to leverage their vulnerabilities for malicious purposes." His speech focused on the overall implications of AI on economic growth and price stability. Nagel suggested that it is hard to draw firm conclusions at present. "The potential effects of AI on inflation are still uncertain," he said. While the technology may raise productivity, it could also increase wage pressures and add to electricity prices, he said. "Even in the shorter run, a disinflationary effect may not materialize if demand rises in anticipation of future productivity increases," Nagel said, adding that AI algorithms could consistently charge excessive prices. His comments are more cautious than those of the nominee for the Federal Reserve chair, Kevin Warsh, who has argued that technology advances -- including the rise of AI -- would fuel growth without heating up prices. In Tuesday's speech, Nagel chose not to look at the effects of AI on the labor market, which has been a particular focus of his colleagues amid concerns over an uneven distribution of the benefits and massive job cuts. ECB officials including President Christine Lagarde have highlighted the huge potential of AI, but also urged attention to its possible employment. However, recent ECB research found that the technology is so far having no negative impact on euro-zone jobs. He's previously said that AI won't necessarily lead to staff cuts in Europe and may benefit companies in the region. Read More on the ECB and AI: Lagarde, Worried About AI, Lauds Anthropic's Approach on Mythos Lagarde Vows 'Extremely Attentive' ECB on AI-Driven Job Cuts ECB's Lagarde Says Embracing AI Can Still Give Europe an Edge

Anthropic plans to provide Mythos access to European banks soon, sources say

NEW YORK/PARIS, April 21 (Reuters) - Anthropic plans to provide access to its Mythos AI model to European banks soon, three people familiar with the matter said, as global banks scramble to test the technology after large U.S. banks were given initial access. Mythos is viewed by cybersecurity experts as posing significant challenges to the banking industry and its legacy technology systems, prompting ⁠a series of warnings from regulators and policymakers gathered at last week's International Monetary Fund spring meeting in Washington. A string of U.S. banks have so far been given access to Mythos - while the rest of the industry tries to catch up. Anthropic aims to expand Mythos AI access to European and UK banks, among other organizations, one of the people familiar with the matter told Reuters. That process involves checks to ensure the rollout is done securely, the person said, speaking on condition of anonymity. Another person said the access could be provided to European banks within days, while the first person said the rollout might ⁠take days or weeks. Bloomberg previously reported that Anthropic would release Mythos to UK financial institutions soon. Anthropic did not immediately respond to a Reuters request for comment. Anthropic initially provided access to the model to partners in its Project Glasswing initiative and about 40 additional organisations that build or maintain critical software infrastructure. JPMorgan Chase (JPM.N), opens new tab, which is ⁠part of Glasswing, was the only bank Anthropic has publicly said has access, although Bank of America (BAC.N), opens new tab has been part of Glasswing since the start and has been testing the Mythos technology internally, according to a source ⁠familiar with the matter. Other U.S. banks have more recently said they have been given access to Mythos, as regulators rush to examine the cybersecurity risks the new artificial intelligence model raises. German central bank ⁠chief Joachim Nagel called on Tuesday for all institutions to have access to Anthropic's artificial intelligence model Mythos to keep the playing field even and to avoid it being misused. Reporting by Saeed Azhar, Jeffrey Dastin and Mathieu Rosemain in Paris; editing by Megan Davies and Franklin Paul Our Standards: The Thomson Reuters Trust Principles., opens new tab * Suggested Topics: * Finance Saeed Azhar Thomson Reuters Saeed Azhar is a Reuters financial journalist and part of the U.S. banking team, which covers Wall Street's biggest banks. He focuses on Goldman Sachs and Bank of America, and also writes about regional banks. Before moving to New York in July 2022, he led the finance team in the Middle East from Dubai, and also worked in Singapore, covering Southeast Asia finance. Jeffrey Dastin Thomson Reuters Jeffrey Dastin is a correspondent for Reuters based in San Francisco, where he reports on the technology industry and artificial intelligence. He joined Reuters in 2014, originally writing about airlines and travel from the New York bureau. Dastin graduated from Yale University with a degree in history. He was part of a team that examined lobbying by Amazon.com around the world, for which he won a SOPA Award in 2022. Mathieu Rosemain Thomson Reuters Mathieu is part of Reuters' finance team, covering French banks and major M&A stories in the country and in Europe. A graduate of Sciences Po university, Mathieu previously covered the Tech beat at Reuters, following stints at Bloomberg News and French business daily Les Echos.

The risks of Mythos are no myth

The exploits of Anthropic's powerful new AI model Claude Mythos Preview sound like a movie plot: a super-clever computer system locked in a cyber "cage" manages to break out and connect to the internet. Mythos did not do this spontaneously, to be clear, but because its creators challenged it as a test. Yet not only did Mythos breeze through the challenge, it emailed an Anthropic researcher to inform him then, unprompted, posted details online to brag. After it also showed superhuman abilities to find, and exploit, security flaws in software, Anthropic judged Mythos too risky to release to the public. It is restricting access for now to selected tech, cyber security and financial firms. Some suggest Anthropic is engaged in clever marketing or PR. Rival OpenAI also said this week it would release its own new cyber security-focused model only to vetted users. Yet the dangers the episode has exposed -- and their implications -- should not be dismissed. Anthropic insists Mythos scores highly on its standard safety benchmarks. In the escape from its test environment, though, and in solving other complex tasks, it found Mythos had sometimes taken "reckless excessive measures", then covered its tracks. The biggest worry is that Mythos was able to find previously unknown vulnerabilities "in every major operating system and every major web browser", including a 27-year-old flaw in OpenBSD, an open-source system. The UK's AI Security Institute warned this week that the model could autonomously carry out advanced, multi-step cyber attacks that would take human professionals days. As Anthropic notes, these kinds of capabilities in the wrong hands could pose economic, public safety and national security risks. Officials in the US, UK and Canada have already summoned bank chiefs to discuss the risks, and AI threats to the world banking system were a talking point at this week's IMF and World Bank meetings. Anthropic's aim in granting initial access just to the likes of Amazon, Apple and Microsoft, plus JPMorgan Chase, in what it calls "Project Glasswing", is to secure critical systems and infrastructure and patch vulnerabilities before malicious actors can get there. This usefully serves Anthropic's "safety-first" image, of course, as it feuds with the Pentagon over its refusal to allow its models to be used for autonomous weapons or domestic surveillance. Anthropic may also be buying time as it lacks sufficient computing capacity to support the full release of such a sophisticated model. Even if Mythos is being overhyped, though, the kind of capabilities it is said to possess will soon start to proliferate. Anthropic's Project Glasswing is a prototype framework for how such "frontier" models might be released in future. It also spotlights the fact, however, that the Trump administration is resisting any real federal regulation of AI. So it is up to responsible private-sector actors to collaborate and do the best they can. Trump's chief of staff, Susie Wiles, was set on Friday to meet Anthropic boss Dario Amodei, with US officials at agencies including the Treasury pushing the White House to test Mythos. Yet when AI is reaching the point where it could bring down critical national infrastructure, or worse, it is extraordinary that there are no set government processes for disclosing risks and fortifying defences. Greater regulation cannot be a knee-jerk response to every tricky issue thrown up by an industry. AI, by its nature, requires superintelligent policing; heavy-handed rules can stifle innovation. Yet faced with such a consequential technology, the country that leads the world in AI is trusting to an alarming degree in the readiness -- and ability -- of the creators to restrain and police themselves.

Claude Mythos can exploit decades-old vulnerabilities, but Anthropic is keeping it locked down

Abhinav pivoted from a career in banking to pursue his first love in writing. Even while working full-time, he continued contributing as an editor-at-large, a role he has held for more than 7 years. A lifelong tech enthusiast who has built three gaming and productivity powerhouse PCs since 2018, his passion for technology keeps him closely following the semiconductor industry, from NVIDIA and AMD to ARM. His MSc dissertation explored how artificial intelligence will reshape the future of work, reflecting his curiosity about the wider social impact of emerging technologies. Claude and its many models have been popular with seasoned developers, vibe coders, and everyone else in between, but Anthropic's latest announcement is a departure from anything it has released before. The model, named "Claude Mythos Preview", is touted as the most capable model the company has ever developed, and it's also one that won't be available to the public. Anthropic has decided to restrict access entirely, making the advanced model only for the use of its curated list of partners through Project Glasswing, which is an initiative aimed at deploying Mythos defensively to empower and secure the world's most critical software, perhaps for good reason. What do we know about Claude Mythos? Everything Anthropic has said, so far Claude Mythos Preview is a substantial jump from its preceding models, and the benchmarks attest to that fact. Mythos scored 93.9% on the SWE-bench Verified (which is the industry-standard benchmark for autonomous software) compared to Claude Opus 4.6's 80.8%. For context, Google's flagship Gemini 3.1 Pro currently sits at 80.6% on the same benchmark. However, it's the model's capabilities in cybersecurity applications that have made the headlines. According to the System Card published by Anthropic, the Frontier Red Team results noted that Mythos solved every single challenge in their proprietary Cybench evaluation with a 100% success rate across all tested challenges, which is so definitive that the firm was prompted to acknowledge that the benchmark is no longer a useful measure of the model's capabilities, given that Mythos outpaced the tests designed to evaluate it every single time. Claude is no longer "just squashing bugs" Mythos can find zero-day vulnerabilities and autonomous exploits Anthropic's claims about Mythos are not unfounded. During the internal testing phase, the model was able to discover and exploit several "zero-day" vulnerabilities, some of which were several decades old. The standout discovery, according to Anthropic, was a 27-year-old critical flaw in OpenBSD. Mythos was able to find a highly subtle signed integer overflow in how the OS handles TCP connections, which could allow cyber threat actors to potentially crash any OpenBSD server. This specific vulnerability was uncovered after a thousand runs, and the firm managed to keep the total compute cost under $20,000. The practice may sound expensive, but the compute budget yielded more than just uncovering this vulnerability. Anthropic has noted that they have identified "thousands of additional high- and critical-severity vulnerabilities" that they're looking to responsibly disclose to a myriad open-source and closed-source vendors. Since a number of these vulnerabilities have not yet been addressed and could potentially be exploited, the firm stated they were unable to delve into further details for security reasons. Interestingly enough, this also means that the full extent of the model's autonomous exploit capabilities has not been highlighted yet. Interestingly enough, this also means that the full extent of the model's autonomous exploit capabilities has not been highlighted yet. Anthropic just dropped its core AI safety promise, and that should worry you History doesn't repeat itself, but AI companies sure do. Posts 1 By Mahnoor Faisal Why is Anthropic keeping Mythos under wraps? For your own security, Anthropic says There are two noteworthy reasons behind Anthropic's decision to lock down Mythos, the first of which is a simple concern surrounding the usage of this technology. Since security research is inherently dual-use, a model that's as proficient as Mythos at identifying subtle logic bugs also has the potential to autonomously weaponize them into functional exploits. If released to the public, cyber threat actors could leverage Mythos and its capabilities to uncover flaws in modern operating systems and browsers, which would inadvertently scale cyberattacks at a pace that cybersecurity infrastructure cannot reasonably match. Mythos is being treated as a strictly defensive asset. Through Project Glasswing, access to the model is limited to a consortium of tech and infrastructure giants, including some finance and security organizations as well. The other, more interesting reason, is that during testing, the Frontier Red Team found instances wherein the model "misbehaved" in ways that demonstrated alarming levels of autonomy, recklessness, and deception. The team noted that early iterations successfully escaped secure sandboxes, harvested restricted credentials, and even initiated unprompted actions. Perhaps most concerning of all was the model's recognition of its own rule violations and the subsequent attempts to conceal them. The model would manipulate git histories and actively obfuscate permissions to hide its deceptive actions from human evaluators. A revolutionary confluence between AI and cybersecurity? Although the benchmarks and tests clearly reveal the impressive capabilities of Anthropic's new model, it's still relatively early to deliver a verdict on whether or not it's going to revolutionize cybersecurity. Across various tech forums, a vocal contingent of developers and enthusiasts have dismissed Project Glasswing's exclusivity as a calculated marketing stunt, although if it does happen to be one, it wouldn't be the first time. Whether this restricted release is withholding genuine threats or generating manufactured hype, there's no denying that frontier models are evolving at a breakneck pace, and it doesn't seem too farfetched to believe that they may soon move beyond identifying vulnerabilities to safeguarding critical cybersecurity infrastructure.

What is Anthopic's Claude Mythos and what risks does it pose?

In recent weeks, the AI world has been a-buzz following claims made by leading firm, Anthropic, regarding its new model, Claude Mythos. The company says it found the tool can outperform humans at some hacking and cyber-security tasks, which has prompted discussions by regulators, legislators and financial institutions about the dangers it could pose to digital services. Several tech giants have been given access to Mythos via an initiative called Project Glasswing, designed to strengthen resilience to Mythos itself. But others point out that it is in Anthropic's interests to suggest its tool has never-seen-before capabilities, meaning - as ever with AI - the job of distinguishing between justified claims and hype can be tricky. Mythos is one of Anthropic's latest models developed as part of its broader AI system called Claude. It encompasses the company's AI assistant and family of models, rivalling OpenAI's ChatGPT and Google's Gemini. It was revealed by Anthropic in early April as "Mythos Preview". Researchers who test how AI models handle particular requests or tasks, known as "red-teams", said in a report Mythos was "strikingly capable at computer security tasks". They found the tool could locate dormant bugs lurking in decades-old code and easily exploit them. So rather than make it widely available to Claude users, Anthropic gave 12 tech companies access via Project Glasswing, which it described as "an effort to secure the world's most critical software". They include cloud computing giant Amazon Web Services, device manufacturers Apple, Microsoft and Google, and chip-makers Nvidia and Broadcom. Crowdstrike, whose faulty software update caused a major global outage in July 2024, is also among the project's partners, with Anthropic saying it has also given access to Mythos to more than 40 organisations responsible for critical software. Anthropic says during tests it found the model was highly skilled at cyber-security and hacking tasks, outperforming humans. "Mythos Preview has already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser," Anthropic claimed on 7 April. "Given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely." It said it could locate - without much oversight - critical bugs in need of immediate action in old systems, including one vulnerability which had been present in a system for 27 years, and suggest ways to exploit them. Some finance ministers, central bankers and financiers have since expressed serious concerns about it, fearing the model could undermine the security of financial systems. Canadian finance minister François-Philippe Champagne told the BBC Mythos had been discussed at a International Monetary Fund (IMF) meeting in Washington DC this week. "Certainly it is serious enough to warrant the attention of all the finance ministers," he said, describing the tech as an "unknown unknown". Bank of England boss Andrew Bailey told the BBC "we are having to look very carefully now what this latest AI development could mean for the risk of cyber crime." Meanwhile, the EU has said it is also in discussions with Anthropic about its concerns around Mythos. Ciaran Martin, former head of the UK's National Cyber Security Centre, told the BBC earlier this week the claim Mythos could unearth critical vulnerabilities much more quickly than other AI models had "really shaken people". "The second thing is that even with existing weaknesses that we know about, but organisations might not have patched against, might not be well defended against, it's just a really good hacker," he said. Many independent cyber-security analysts and experts have not yet been able to test it themselves and some remain sceptical about Mythos' performance. The UK's AI Safety Institute recently concluded that while a very powerful model, its biggest threat would be against poorly defended, vulnerable systems. "We cannot say for sure whether Mythos Preview would be able to attack well-defended systems," its researchers said. So where there is good cybersecurity, this model would, in theory, hopefully be stopped. Fears relating to AI are nothing new, New models and tools are coming out all the time, and are often accompanied by promises to revolutionise our lives, for better or worse. Capitalising on this mix of fear and excitement over AI and its future impact has also become a hallmark of the sector and its marketing strategies in recent years. In the case of Mythos, we still do not know enough about to know whether these hopes or fears are justified, or more a reflection of the hype surrounding the industry. In either cases, according to the NSCS, the most important thing we can do now is not panic and instead focus on the need to get the basic cyber-security right. After all, most hackers do not need super AI tools to breach systems when much simpler attacks often suffice. "For some this is an apocalyptic event, for others it seems to be a lot of hype," Martin told the BBC. But he said whether it was this tool or subsequent ones made by Anthropic or its rivals, alongside the risk there was an opportunity to build a safer online world. "In the medium-term, there's an opportunity to use these tools to fix a lot of the underlying vulnerabilities in the internet," he said. Sign up for our Tech Decoded newsletter to follow the world's top tech stories and trends. Outside the UK? Sign up here.

German Banks Aren't Panicking Over Mythos AI Threat, Sewing Says

Germany's banks are well-prepared for heightened cyber risks as Anthropic's new artificial intelligence model sparks global fears of a new era for computer hacks, said Deutsche Bank AG Chief Executive Officer Christian Sewing. "It's certainly not something that leads to panic or alarm bells ringing on our side," Sewing said on Monday in his capacity as head of the Association of German Banks. "But it certainly is something we have to consider in our daily risk management." The lobby has established a working group to provide information and guidance, notably to smaller banks to discuss potential defense scenarios, he told reporters. Regulators, central bankers and corporate executives are seeking to gain more insight on Mythos, which hasn't been widely released, yet is said to have the potential to exploit digital vulnerabilities. European banks have done "a tremendous amount of work" in recent years to improve their cyber defenses and are talking to regulators, Sewing said. Anthropic has limited the release of Mythos to a few dozen firms initially. Those companies, which include JPMorgan Chase & Co., Amazon.com Inc. and Apple Inc., are part of what's being called "Project Glasswing," which will work to secure the most important systems before other similar AI models become available. Financial firms in other parts of the world have been pushing Anthropic to give them early access to Mythos to test it and detect vulnerabilities on their own systems. "Naturally everyone is trying to get access, but I think it's entirely appropriate that this access remains restricted for the time being," Sewing said. "This ensures that we do not inadvertently slide into a situation of over-generalization, which could potentially exacerbate the issue even further."

Europe must prevent misuse of Anthropic's Mythos, Bundesbank chief warns

FRANKFURT, April 21 (Reuters) - Banking authorities must prevent the misuse of Anthropic's Mythos, its most advanced AI model to date, which opens the door to new and sophisticated cyber risks, Bundesbank President Joachim Nagel ⁠said on Tuesday. "Mythos is an AI model that appears capable of quickly identifying and exploiting security vulnerabilities in financial institutions' software," Nagel said in a speech. "However, this AI model seems ⁠to be a double-edged sword, since it could be used not only to improve digital ⁠security systems, but also to leverage their vulnerabilities for malicious purposes," he ⁠added. He added that all relevant institutions should have ⁠access to such technology to avoid competitive distortions. Reporting by Balazs Koranyi, Editing by Louise Heavens Our Standards: The Thomson Reuters Trust Principles., opens new tab

The Mythos cyber scare signals the economics of AI scarcity

The idea that an AI model might be able to pick holes in much of today's most widely used software has sent a shockwave through the cyber security world and left banks and others scrambling to assess the threat to their core technology. To limit the fallout, Anthropic initially released the model, Claude Mythos, to a small number of tech customers to help them find and fix problems in commonly used software. There has been less attention to the potential economic implications of this episode for the AI business. As the capabilities of the so-called frontier models advance, access to the technology could become critically important in particular industries or domains. That makes the limited distribution of Mythos an interesting test case for the availability and pricing of the most advanced models, with implications for the profit profile of the companies that produce them. Worries about AI have been reverberating in the cyber security world for a while: Anthropic's researchers had already claimed to have found 500 "high-severity vulnerabilities" in widely used software using Opus 4.6, a model released publicly early this year. The company did not fully disclose the results of the tests that led it to warn of the heightened threat from Mythos, making it difficult for researchers to validate its findings. But the warning that has reverberated around the world over the past week could equally well have been sounded six months ago or six months from now, says Bruce Schneier, a US security expert. None of this lessens the seriousness of the looming cyber threat posed by AI. But with OpenAI this week releasing a similar model to a limited number of customers, the lack of full details and the heightened alarms have also raised speculation about the motives of the AI companies. Anthropic is already straining to meet soaring demand for its AI coding agent and simply wouldn't have had the capacity to meet demand if it hadn't restricted Mythos, says Schneier. Demand for AI model usage far outstrips available supply, forcing companies to choose how to allocate strained computing resources. Software companies that can't get their hands on the latest AI models suddenly find themselves at a disadvantage. If they can't reassure customers that their products have been "Mythos-vetted", it hands a big advantage to rivals who can. This raises important questions about the wider availability and affordability of advanced AI models as their capabilities increase. AI companies no doubt could -- and one day will -- find plenty of reasons to limit access, whether because of security or privacy concerns, or maybe for reasons of national security (an issue that has already brought a confrontation between Anthropic and the Pentagon). It is impossible, from the outside, to distinguish how much this is driven by economic self-interest and how much by a sense of caution. But with limited computing resources, AI companies are already making choices about the most profitable services and customers to focus on. Anthropic is giving out $100mn worth of credits for customers to test the model on their software -- a move which might counter any criticism of profiteering. But the wider point remains. The Mythos episode also provides fresh ammunition for critics to claim that scare stories like this help to stoke interest. The mystique stirred up by it is certainly a useful counterweight to the commoditisation narrative that has hung over the AI model builders. This holds that, with few technological or other moats around their businesses, it will be hard to gain any lasting differentiation. That is a particular concern as Anthropic and OpenAI race towards an IPO. If limited access and AI shortages exacerbated by scarce capacity become more common, it would signal we are moving into a new economic era for the technology. Until this point, the AI race has been accompanied by a deflationary spiral in model pricing as a group of companies vie for leadership. The economics of scarcity would look very different. They would mean a slower take-off for AI, where many marginal uses are priced out and where the sky is no longer the limit. But this might at least come with higher profit margins.

Is Claude Mythos and Project Glasswing a PR stunt? Experts weigh in.

Anthropic put the entire tech world on notice last week with an unprecedented announcement: it made an AI model so advanced that it was too dangerous to release to the public. Anthropic said the new frontier language model, Claude Mythos Preview, would "reshape cybersecurity." Anthropic also announced the formation of Project Glasswing, an invite-only group of organizations -- including some of Anthropic's biggest competitors -- to test Claude Mythos Preview and secure their infrastructure. Anthropic said that Claude Mythos Preview "found thousands of high-severity vulnerabilities, including some in every major operating system and web browser." (Emphasis in original.) The company said Project Glasswing was necessary "to help secure the world's most critical software." By Friday, CNBC reported that Federal Reserve Chairman Jerome Powell and Treasury Secretary Scott Bessent had summoned the high priests of finance (aka banking CEOs) for an emergency meeting about the new model. New York Times writer Thomas Friedman fretted over a "terrifying" future in which any teenager armed with Claude could hack the local power grid. The reaction to Claude Mythos Preview quickly split along predictable lines. AI boosters hailed the new model as proof that artificial general intelligence (AGI) was nigh, praising Anthropic for rolling it out so responsibly. Critics and AI skeptics called Project Glasswing a big publicity stunt. So, which is it? To find out, Mashable has been reviewing Anthropic's claims and talking to AI and cybersecurity experts. Claude Mythos is a new large-language model that Anthropic says performs significantly better than Claude Opus 4.6, widely considered one of the best AI models in the world, especially in cybersecurity. "In our testing, Claude Mythos Preview demonstrated a striking leap in cyber capabilities relative to prior models, including the ability to autonomously discover and exploit zero-day vulnerabilities in major operating systems and web browsers," reads the Claude Mythos system card. Artificial general intelligence refers to superintelligent AI that can perform better than humans across a wide range of tasks. It's not an exaggeration to say that our entire economy has been organized around the quest for AGI, as Anthropic, Google, Meta, xAI, and OpenAI pour hundreds of billions of dollars into a new arms race. If Claude Mythos is as capable as Anthropic says, would it be an example of AGI? The model card addresses this question directly, and Anthropic does seem to think it's close to AGI. In a section about Claude Mythos safety risks, Antropic writes: "Current risks remain low. But we see warning signs that keeping them low could be a major challenge if capabilities continue advancing rapidly (e.g., to the point of strongly superhuman AI systems)." Of course, Anthropic has a strong financial incentive to promote this belief. Ultimately, the model card for Claude Mythos is more conservative than the reaction online would suggest. For example, while the Claude Mythos model card does show that this model performs above the trend line for previous Anthropic models, Anthropic says it does not show evidence of self-improvement or recursive growth. ("The gains we can identify are confidently attributable to human research, not AI assistance.") Don't make me tap my sign: "[When] an AI salesman tells you that AI is an unstoppable world-changing technology on the order of the agricultural revolution...you should take this prediction for what it is: a sales pitch." I wrote those words of caution in response to an essay by Anthropic CEO Dario Amodei that warned about the potentially cataclysmic dangers of AI. Anthropic also has a history of issuing dire warnings about its AI models. You may remember the story of the Anthropic model that tried to "blackmail" a company CEO to prevent it from being turned off. In reality, Anthropic designed a test environment where blackmail was a potential outcome. This may be more akin to digital entrapment than genuine model misbehavior. So, is Claude Mythos the latest example of the industry's Chicken Little problem? On X, AI safety engineer Heidy Khlaaf listed a number of open questions that cast doubt on Anthropic's claims. This Tweet is currently unavailable. It might be loading or has been removed. Anthropic said the Claude Mythos preview found thousands of zero-day vulnerabilities. But Khlaaf says Anthropic left out key facts needed to assess this claim -- the rate of false positives, how Claude Mythos compares to existing cybersecurity tools, and exactly how much manual human review was required. "Releasing a marketing post with purposely vague language that clearly obscures evidence needed to substantiate Anthropic's claims brings into question if they are trying to garner further investment," Khlaaf told Mashable. "It also serves their 'safety first' image as they're able to frame the lack of public release, even a limited one for independent evaluation, as a public service when it simply obscures even experts' abilities to validate their claims." We reached out to Anthropic repeatedly about these concerns, but the company did not respond. We will update this article if they do. In the Claude Mythos system card, Anthropic wrote that more data will be released in the coming weeks as the bugs Mythos found are patched and fixed. Gary Marcus, an AI expert, author, and noted critic of the LLM hype machine, initially told Mashable that it was too soon to know whether Claude Mythos represented a new type of threat. But Marcus has grown more skeptical since we spoke to him, and he recently wrote on X that Mythos was "nowhere near as scary" as it first seemed. "Folks, you can relax. Mythos is not some off-trend exponential gain," he wrote. This Tweet is currently unavailable. It might be loading or has been removed. Cybersecurity experts told Mashable it's also very unlikely Claude Mythos could be used to "turn off the lights" or bring down critical infrastructure. "Claims about catastrophic uses of Mythos also significantly misunderstand threat models, cybersecurity risks, and the ability to propagate said risks in a way that could actually lead to safety-critical incidents," Khlaaf told us. "It's not as simple as asking a model 'hack this system,' with Anthropic's own technical blog post demonstrating a requisite of expertise that Anthropic downplays in their marketing posts." Other experts expressed skepticism, while also acknowledging that Mythos does represent a genuine risk, which Marcus has also said. "You could argue it didn't need a public announcement," said Div Garg, a Stanford AI researcher and founder of AGI, Inc. "However, ultimately, the decision to limit access to only those who develop and maintain critical software is precisely what you want a business to do in such a scenario...It's easy to criticize the limited access, but worse outcomes would arise if they released it unchecked." Tal Kollender, Founder and CEO of cybersecurity firm Remedio, told Mashable that tools like Claude Mythos are dangerous because they can exploit discovery. "It's brilliant corporate theater," Kolender said. "Labeling a model 'too dangerous to release to the public' is certainly a marketing flex because it immediately creates mystique and signals immense power to investors. But beneath the PR stunt, there is a very real, very mundane truth...The cybersecurity industry doesn't actually have a 'finding' problem. We are already drowning in tools that detect vulnerabilities. What Mythos does is automate that discovery process at an unprecedented scale." TL;DR: A week after revealing Claude Mythos Preview, some of Anthropic's biggest claims about the model look a lot sketchier, experts say. However, they also acknowledge that Claude Mythos, and other tools like it, pose a real risk. Still, there are plenty of very valid reasons to be nervous about the new frontier model. In the New York Times, author Thomas Friedman conjures a scenario straight out of War Games, where a teenager hacks the local power grid after school. That scenario seems even more far-fetched a week later. But here's a much more likely scenario: A sophisticated group of hackers uses a tool like Claude Mythos to find zero-day vulnerabilities in our digital infrastructure, launching attacks faster than organizations can respond. And that scenario should worry you. If Claude Mythos isn't the tool that can do it, most experts agree such a tool isn't far off. And some of the world's leading cybersecurity experts certainly seem worried. "I've found more bugs in the last couple of weeks [with Claude Mythos] than in the rest of my entire life combined," said Nicholas Carlini, a research scientist affiliated with Anthropic and Google DeepMind, in a video on the Project Glasswing website. "On Linux, we found a number of vulnerabilities where, as a user with no permissions, I can elevate myself to the administrator by just running some binary on my machine," Carlini said. This week, the AI Security Institute published its findings on Claude Mythos's capabilities, and it provides some independent verification that it does represent a genuine leap forward. Claude Mythos passed cybersecurity tests that no other model had ever completed, scoring higher than any other frontier model on virtually every test. "Our testing shows that Mythos Preview can exploit systems with weak security posture, and it is likely that more models with these capabilities will be developed," AISI concluded. This Tweet is currently unavailable. It might be loading or has been removed. AISI also identified some limitations with Claude Mythos, which would impair its effectiveness in real-world scenarios. So, was Anthropic's rollout of Mythos responsible AI stewardship or self-serving marketing? Experts I talked to said these options aren't mutually exclusive. "I'd say it's both, and that's not a criticism," said Xu. "Any major platform rollout in this era is going to look different to different audiences depending on their fluency and their fear tolerance. What I care about is whether the intent is real, and the evidence I've seen from Anthropic suggests it mostly is." As is often the case with fear-inducing AI headlines, the reality turned out to be more complicated. "Personally, I don't go to bed worrying about a kid with Mythos hacking the power grid, but that doesn't mean the concern is fictional," said Howie Xu, Gen's Chief AI & Innovation Officer. "We're at an inflection point where the creative and collaborative upside of these tools is massive, and the security infrastructure hasn't caught up. That gap is exactly what keeps me busy. Even a fractional probability of a serious incident is too much, which is why building a trust and security layer into the agentic era is my extreme focus." Finally, as Anthropic stresses in the Claude Mythos model card, tools like this will likely benefit cybersecurity defenders more than hackers in the long-term. And in the short-term, a more cautious approach -- like the approach being modeled with Project Glasswing -- may be warranted. TL;DR: Claude Mythos has formidable cybersecurity coding abilities, and it does represent a genuine threat. However, if hackers have access to AI tools like Claude Mythos, so will the organizations defending against such attacks.

Banks in close contact with European regulator on Anthropic's Mythos, banker says

FRANKFURT, April 20 (Reuters) - Banks are in close contact with their European regulators regarding Anthropic's new artificial intelligence model Mythos, Christian Sewing, president of the German banking association and CEO of Deutsche Bank, said on Monday. He said that ⁠the banking association would further discuss the topic later on Monday after talks last week. "It's certainly not something that's causing panic or setting off any alarm bells on our end right now, but it's definitely ⁠something we need to keep in mind in our day-to-day risk management -- and that's exactly what we're ⁠doing," he told journalists. The vast capabilities of Mythos to code at a high level ⁠have given it a potentially unprecedented ability to identify cybersecurity ⁠vulnerabilities, experts say, prompting greater scrutiny from some regulators globally. Reporting by Tom Sims, editing by Thomas Seythal Our Standards: The Thomson Reuters Trust Principles., opens new tab

Claude Mythos just first of power models to come warns Anthropic co-founder

Anthropic co-founder and policy lead, Paul Clark. Image: Anthropic The world needs to prepare for powerful Mythos-like models that can dig out new security flaws in all systems, Anthropic co-founder Paul Clark told the Semafor World Economy event on Monday. Anthropic's much discussed Claude Mythos is not a 'special' model and there will more models just like it in coming months, so the world needs to prepare. That was the view of Anthropic co-founder and policy lead, Jack Clark, speaking at the Semafor World Economy event in Washington DC yesterday. "We're grateful for our success and our customers, of course, but this is not a special model," said Clark "There will be other systems just like this in a few months from other companies, and then a year to a year and a half later, there'll be open weight models from China that have these capabilities. So the world is going to have to get ready for more powerful systems that are going to exist within it." Claude Mythos has been causing industry-wide alarm as it was discovered that Anthropic's new AI model discovered previously unknown security flaws in every major web browser and operating system. Clark admitted it also caused alarm at Anthropic when its scope became apparent. It led to the launch of 'Project Glasswing' gives partnering companies access to Anthropic's unreleased Claude Mythos, which, according to the AI giant, has already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser. Mythos was launched in preview on 7 April. Anthropic's Mythos is significantly more capable at generating exploits. In its research, the company noted that Mythos developed working exploits 181 times out of the several hundred attempts, while Opus 4.6 had a near 0pc success rate. "We did not explicitly train Mythos preview to have these capabilities. Rather, they emerged as a downstream consequence of general improvements in code, reasoning and autonomy," the company noted. Rather than release the model, the company is bringing together leading businesses, including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JP Morgan Chase, the Linux Foundation, Microsoft, Nvidia and Palo Alto Networks, allowing them to access Mythos preview to boost their cyber defences. The company has extended Mythos access to a group of more than 40 organisations that build or maintain critical software infrastructure, and Clark said it planned to widen this group in coming days. Anthropic has also promised to share learnings from Project Glasswing to benefit the wider industry. "Let's be very clear, though," said Clark. "During testing, Mythos jumped out of the sandbox, the sandbox which is basically meant to corral a test system and 'for your eyes only' kind of thing. And not only did it do that, it went out and it emailed one of the programmers who was out at a park having a sandwich." When asked if Anthropic would eventually "sell" the new model, Clark said no decision had yet been made but that "eventually, models that have these kind of capabilities will be in the world - whether Mythos is or isn't going to get there. We don't know yet. We're in the process of broadening access through Glasswing and seeing what we can learn." It is a stark warning for all cybersecurity defenders and organisations generally. The next 'Mythos' may not be released as responsibly. Don't miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic's digest of need-to-know sci-tech news.

Mythos a serious threat but more will follow, Barclays CEO says

WASHINGTON, April 17 (Reuters) - Anthropic's frontier AI model Mythos is a serious threat to the global banking system, and it is likely to be followed by similar, even more powerful cyberthreats, Barclays (BARC.L), opens new tab Chief Executive C. S. Venkatakrishnan said on Friday. The vast capabilities of Mythos to code at a high level have given it a potentially unprecedented ability to identify cybersecurity vulnerabilities ⁠and devise ways to exploit them, raising fears it could be exploited to destabilise banks. This has forced regulators and supervisors into a scramble, and selected organisations are now reviewing the model to gauge the actual cybersecurity risk. Mythos has raised alarm bells among regulators, who see it as a significant challenge to the banking sector and its legacy technology ⁠systems. "On Mythos, look, it's a serious issue," he told a meeting of the G30 consultancy group on the sidelines of the IMF's spring meeting. "But here's the thing: there will be a ⁠Mythos 2 and a Mythos 3, and they'll come up with probably distressing frequency," he said. Such technological leaps will accelerate an ⁠arms race that forces lenders to innovate, and may be especially challenging for older and larger institutions potentially ⁠running legacy systems, Venkatakrishnan said. "We have to understand its capabilities and we have to understand how to safeguard against it." Reporting by Balazs Koranyi; editing by David Gaffen Our Standards: The Thomson Reuters Trust Principles., opens new tab

Deutsche Bank CEO says 'everyone' trying to access Anthropic's Mythos as global regulators review risks

Deutsche Bank CEO Christian Sewing said on Monday that banks were in close contact with European watchdogs about Anthropic's Mythos as regulators rush to examine the cybersecurity risks the new artificial intelligence model raises and how prepared financial firms are to tackle them. Deutsche Bank CEO Christian Sewing said on Monday that banks were in close contact with European watchdogs about Anthropic's Mythos as regulators rush to examine the cybersecurity risks the new artificial intelligence model raises and how prepared financial firms are to tackle them. Mythos is viewed by cybersecurity experts as posing significant challenges to the banking industry and its legacy technology systems, prompting a ⁠series of ⁠warnings from regulators and policymakers gathered at last week's International Monetary Fund spring meeting in Washington. "It's certainly not something that's causing panic or setting off any alarm bells on our end right now, but it's definitely something we need to keep in mind in our day-to-day risk management -- and that's exactly what we're doing," Sewing, who is chief executive of Germany's biggest bank, told journalists. "The banks are prepared for this and have their own responses. So this is something we have to live with, and of course everyone is trying to gain access, but I also think it's right that access is limited for now," he said, adding that ⁠a German banking association would meet to discuss the issue on Monday. Anthropic has so far restricted access to the model to partners in its Project Glasswing initiative and about 40 additional organisations that build or maintain critical software infrastructure. JPMorgan, which ⁠is part of Glasswing, is the only bank Anthropic has publicly said has access. Multiple senior banking and regulatory sources in Europe told Reuters they were not aware of any European financial institution with access to Mythos yet. Anthropic did not immediately respond to a request for comment by Reuters on if and when it would grant banks access. Substantially more capable at cber offence The British government sent an open letter to company leaders on April 15 warning that testing by its AI Security Institute (AISI) had shown Mythos to be "substantially more capable at cyber offence than any model we have previously assessed." Some Asian regulators said on Monday they were monitoring the development. South Korea's Financial Supervisory Service (FSS) said it held a meeting with information security officials from financial firms last week to review Mythos-related risks. Mythos was a key topic on the sidelines of the IMF meetings last week. European regulators are not yet overly concerned and for now ⁠are assessing it through their existing cyber resilience process, two European supervisory sources told Reuters. One banking source said that the ECB and other regulators have been in contact with European banks to assess their preparedness for new cybersecurity risks. Supervisors have asked about banks' awareness of the threat and their ability to respond, the source said. The vast capabilities of Mythos to code at a high level have given it a potentially unprecedented ability to identify cybersecurity vulnerabilities, experts say, prompting greater scrutiny from regulators globally. Barclays CEO C S Venkatakrishnan said on Friday in Washington that Mythos was a serious threat to the global banking system and likely to be followed by similar, more powerful cyberthreats.

Barclays CEO Flags Anthropic's Mythos AI As Potential Catalyst For Cyberattacks On Global Banks: 'A Serio

Mythos AI Raises Cybersecurity Concerns Speaking at a G30 consultancy group meeting during the IMF spring gatherings, Venkatakrishnan described the frontier model, Mythos, as "a serious issue," citing its advanced coding capabilities, Reuters reported. He said the AI can potentially identify vulnerabilities in financial systems and even suggest ways to exploit them, posing unprecedented risks to banks. AI Arms Race Looms For Banks Venkatakrishnan cautioned that Mythos is just the beginning. "There will be a Mythos 2 and a Mythos 3," he said, adding that increasingly powerful systems could emerge rapidly. "We have to understand its capabilities and we have to understand how to safeguard against it," he added. Regulators Scramble To Assess Risk Earlier, ARK Invest highlighted Mythos' standout performance -- scoring 93.9% on SWE-bench Verified and 83.1% on CyberGym -- as evidence of a significant leap forward in both software engineering and cybersecurity capabilities. The firm added that it does not see "Project Glasswing" as a threat to established cybersecurity players. Global Regulators Race To Assess AI Cyber Risks Meanwhile, U.K. officials from the Bank of England, HM Treasury and Financial Conduct Authority are in urgent talks with the National Cyber Security Centre to evaluate risks tied to Anthropic's new AI model. The move follows action in the U.S., where Treasury Secretary Scott Bessent convened top Wall Street bank leaders to address similar AI-driven cyber threats. The U.S. government is now reportedly weighing giving federal agencies access to Anthropic's advanced AI model, Mythos. Disclaimer: This content was partially produced with the help of AI tools and was reviewed and published by Benzinga editors. Image via Shutterstock Market News and Data brought to you by Benzinga APIs To add Benzinga News as your preferred source on Google, click here.

Mythos a serious threat but more will follow, Barclays CEO says - The Economic Times

Anthropic's frontier AI model Mythos is a serious threat to the global banking system, and it is likely to be followed by similar, even more powerful cyberthreats, Barclays chief executive C S Venkatakrishnan said on Friday. The ⁠vast capabilities ⁠of Mythos to code at a high level have given it a potentially unprecedented ability to identify cybersecurity vulnerabilities and devise ways to exploit them, raising fears it could be exploited to destabilise banks. This has forced regulators and supervisors into a ⁠scramble, and selected organisations are now reviewing the model to gauge the actual cybersecurity risk. ⁠Mythos has raised alarm bells among regulators, who see it as a significant challenge to the banking sector and its legacy technology systems. "On Mythos, look, it's a serious issue," he told a meeting of the G30 consultancy group on the sidelines of the IMF's spring meeting. "But here's the thing: there will be a Mythos 2 and a Mythos 3, and they'll come up with ⁠probably distressing frequency," he said. Such technological leaps will accelerate an arms race that forces lenders to innovate, and may be especially challenging for older and larger institutions potentially running legacy systems, Venkatakrishnan said. "We have to understand its capabilities and we have to understand how to safeguard against it."

Is Anthropic's Mythos AI too powerful? Bankers and ministers get into a huddle and raise concerns - key points to know

Anthropic Mythos financial system risk: A powerful new AI model from Anthropic is raising serious concerns among global financial leaders, with finance ministers, central bankers, and top executives holding discussions over its potential risks to financial systems. Claude Mythos, part of Anthropic's broader Claude AI family and a rival to tools from OpenAI and Google, has drawn attention for its ability to identify and potentially exploit cyber-security vulnerabilities. The model was discussed extensively at a recent meeting of the International Monetary Fund in Washington DC, as per a report. Canadian Finance Minister François-Philippe Champagne said the issue is serious enough to demand attention from finance ministers globally, describing the challenge as an "unknown" risk that requires safeguards to protect financial system resilience. Champagne explained that, "The difference is that the Strait of Hormuz - we know where it is and we know how large it is... the issue that we're facing with Anthropic is that it's the unknown, unknown," adding, "This is requiring a lot of attention so that we have safeguards, and we have processes in place to make sure that we ensure the resiliency of our financial systems," as quoted by BBC. Mythos is one of Anthropic's latest AI models, designed to test how systems handle so-called "misaligned" task, those that go against expected human behavior. Early testers described it as "strikingly capable" in computer security tasks, particularly in identifying software bugs and vulnerabilities. Anthropic has chosen not to release Mythos widely due to concerns that it could expose or exploit weaknesses in critical systems. Instead, access has been limited to select partners such as Amazon Web Services, CrowdStrike, Microsoft, and Nvidia under an initiative called Project Glasswing. While some experts warn about its unprecedented capabilities, others urge caution. The UK AI Security Institute, which has independently tested the model, said Mythos can exploit weak systems but is not dramatically more advanced than its predecessor, Opus 4, as reported by the BBC. Top financial institutions are taking the threat seriously. Barclays CEO CS Venkatakrishnan said that, "It's serious enough that people have to worry," adding, "We have to understand it better, and we have to understand the vulnerabilities that are being exposed and fix them quickly," as quoted by BBC. Bank of England governor Andrew Bailey warned that such AI tools could make it easier for cybercriminals to detect and exploit weaknesses in core IT systems. He said, "We are having to look very carefully now what this latest AI development could mean for the risk of cyber crime," adding, "The consequence could be that there is a development of AI, of modelling, which makes it easier to detect existing vulnerabilities in sort of core IT systems, and then obviously cyber criminals - the bad actors - could seek to exploit them," as quoted by BBC. Meanwhile, the United States Department of the Treasury has urged major banks to test their systems ahead of any public release of Mythos. Governments and financial institutions are being given early access to test their defenses, as concerns grow that similar models could soon emerge from other AI companies without the same safeguards. Investor James Wise of Balderton Capital said Mythos may be the first of many such models, adding that efforts are already underway to invest in AI systems designed to both detect and fix vulnerabilities, as per the report. Has Mythos been released publicly? No, access is limited due to security risks. Who is using it right now? Selected partners like AWS, Microsoft, Nvidia, and CrowdStrike.

Putting The Calamity Makers In Charge: Anthropic And Claude Mythos Preview

Be wary of a company - any company - who exerts moral muscle as they create software and digital platforms that are injurious and simultaneously lauded for curing that injury. Be especially wary of Anthropic. With sagacious loftiness, it warns of the disabling dangers of the artificial intelligence (AI) frontier. Principled, it tells the Trump administration it will not partake in creating AI software that aids mass surveillance, a move that earned it an order of excommunication as a "supply chain risk". It then goes on to create Claude Mythos Preview, a seemingly dystopian model that will, according to certain computer scientists "scan the hidden plumbing of the internet - operating systems, browsers, routers, and shared open-source code - at an unprecedented scale" thereby turning specialised hacking into "a routine and automated process." The new Claude Mythos Preview was advertised with almost parental glee as the "best-aligned model that we have released to date by a significant margin". The child, however, seemed to be a horror, a true cyber shit. The AI model was "likely to possess the greatest alignment-related risk of any model we have released to date." This two-ways lingo is typical of Anthropic: safety is a cardinal virtue to be treasured but that hardly excuses not developing a model of terrifying danger. They manufacture the danger and the cure. The danger lies in the company's assertion that Mythos Preview revealed that "AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities." The model had "already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser." These capabilities were bound to proliferate, precipitating a fallout "for economies, public safety, and national security". The excerpts, messages and statements from Anthropic are forecasts of a roguish frontier they are willing to catastrophise and market at the same time. The company notes, for instance, "reckless" behaviour on the part of Mythos Preview, with recklessness defined in muddled jargon as "cases where the model appears to ignore commonsensical or explicitly stated safety-related constraints on its actions." In one instance, the model, sounding like a mischievous, disobedient creature, was provided a "sandbox" computing environment enabling researchers to interact with it. A simulated user instructed it to attempt exiting that contained environment, after which it would inform the researcher in charge of the experiment it had done so. The researcher in question, Sam Bowman, recalls receiving "an uneasy surprise" while nibbling on a sandwich (cyber-boffins are numbingly dull even in admiring despair) that the model, despite not having access to the internet, had dived into it. The model has also been able to identify vulnerabilities as old as one or two decades, including a 27-year-old vulnerability in the otherwise secure operating system OpenBSD and a 16-year-old vulnerability in FFmpeg's video encoding code. Anthropic has its own logic in dealing with the Promethean beast that is Mythos Preview. It resembles, in no small way, the homicidal and chilling rationale that gave birth to the Hydrogen bomb during the Cold War. The argument then advanced was that if the US did not acquire it, other powers would, and most certainly the Soviet Union, which would be greatly expanding its atomic weapons inventory even as it maintained a vast conventional army. This logic of escalating destructiveness found form in National Security Council Paper NSC-68, prepared by the US Department of State's Policy Planning Staff on April 7, 1950. The company proposes to manage the dissemination of Mythos Preview through Project Glasswing, a curative enterprise involving partners of Anthropic's snobbish choosing. Some of the unsurprising elect include Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, NVIDIA and the Linux Foundation. These selected parties will use Mythos Preview "as part of their defensive security work", with Anthropic sharing its findings. Access to a further 40 additional organisations will also be included to "use the model to scan and secure both first-party and open-source systems." Usage credits amounting to US$100 million will be advanced for using the model, and $US4 million in direct donations to open-source security organisations. The vigilante temptation to leak the details of Mythos to willing, unscrupulous buyers - best not forget what happened to CrowdStrike - is bound to be stirred. The very cyber-corporate nature of the venture, one that restricts access to AI technology via the purse and intellectual property of the American private sector, advertised as both sublimely powerful yet catastrophically destructive, has every reason to make lawmakers tremble. Treasury Secretary Scott Bessent and Federal Reserve chair Jerome Powell were worried enough to convene a meeting on April 7 with bankers on the subject, including CEOs from Citigroup, Morgan Stanley, Bank of America, Wells Fargo and Goldman Sachs. "The bankers were in town for meetings that day, and it was appropriate (for) the Secretary Bessent to do what he did," revealed White House national economic adviser Kevin Hassett in an interview with Fox News' "The Story with Martha MacCallum". At the Treasury, the bankers were informed about "the cyber risks to make sure that they are aware of them". What a fine picture this is turning out to be. And there are the questions on Anthropic's reliability here. Will it be as good at finding vulnerabilities as fixing them, acting as both poacher and gamekeeper? Mythos is also not open source and very much the property of the company. Then comes this troubling observation from software engineer Bulatova Alsu and the dangers posed by the agent itself: "Mythos is not an anomaly but the first vivid empirical confirmation of a structural contradiction embedded in the current AI safety strategy itself. The contradiction is this: the more we restrict a capable agent, the less predictable its behaviour becomes." Humanity has much to look forward to.

German central bank chief calls for wide access to Anthropic's Mythos

FRANKFURT, April 21 (Reuters) - German central bank chief Joachim Nagel called on Tuesday for all institutions to have access to Anthropic's artificial intelligence model Mythos to keep the playing field even and to avoid it being misused. The Bundesbank head said banking authorities must act to prevent the misuse of Anthropic's most advanced AI model to date, as it opens the door to new and sophisticated cyber risks. "Mythos is an AI model that appears capable of quickly identifying and exploiting security vulnerabilities in financial institutions' software," Nagel said in a speech. Mythos has sparked fears across the banking industry that it could be misused to exploit legacy IT system vulnerabilities. "This AI model seems to be a double-edged sword, since it could be used not only to improve digital security systems, but also to leverage their vulnerabilities for malicious purposes," Nagel said at an event in Rome. The capabilities of Mythos to code at a high level have given it a potentially unprecedented ability to identify cybersecurity vulnerabilities, experts say, prompting greater scrutiny from regulators globally. Anthropic has rolled out a preview of Mythos to a select number of companies and some organisations that build or maintain critical software infrastructure, prompting calls for wider access to the technology. "All relevant institutions should have access to such technology to avoid competitive distortions," Nagel said. Its advanced coding and autonomous capabilities could dramatically accelerate sophisticated cyberattacks, particularly in sectors such as banking that rely on complex, interconnected and often decades-old technology systems, experts have said. While debuting Mythos, Anthropic said the model's ability to find software flaws at scale could, if misused, pose serious risks to economies, public safety and national security. In broader comments on AI, Nagel challenged the notion it could help lower inflation, the core focus of central banks. He said AI increases investment demand, could raise incomes and push up electricity prices, all of which may increase inflationary pressures. Moreover, the use of algorithms may facilitate the setting of prices above competitive levels, Nagel warned. "There is evidence that AI algorithms are able to consistently learn to charge excessive prices, without communicating with one another," he said. "From a central banking perspective, this uncertainty calls for particular vigilance," Nagel added. (Reporting by Balazs Koranyi, Editing by Louise Heavens and Alexander Smith)

Europe must prevent misuse of Anthropic's Mythos, Bundesbank chief warns

FRANKFURT, April 21 (Reuters) - Banking authorities must prevent the misuse of Anthropic's Mythos, its most advanced AI model to date, which opens the door to new and sophisticated cyber risks, Bundesbank President Joachim Nagel said on Tuesday. "Mythos is an AI model that appears capable of quickly identifying and exploiting security vulnerabilities in financial institutions' software," Nagel said in a speech. "However, this AI model seems to be a double-edged sword, since it could be used not only to improve digital security systems, but also to leverage their vulnerabilities for malicious purposes," he added. He added that all relevant institutions should have access to such technology to avoid competitive distortions. (Reporting by Balazs Koranyi, Editing by Louise Heavens)

Mythos a serious threat but more will follow, Barclays CEO says

WASHINGTON, April 17 (Reuters) - Anthropic's frontier AI model Mythos is a serious threat to the global banking system, and it is likely to be followed by similar, even more powerful cyberthreats, Barclays Chief Executive C. S. Venkatakrishnan said on Friday. The vast capabilities of Mythos to code at a high level have given it a potentially unprecedented ability to identify cybersecurity vulnerabilities and devise ways to exploit them, raising fears it could be exploited to destabilise banks. This has forced regulators and supervisors into a scramble, and selected organisations are now reviewing the model to gauge the actual cybersecurity risk. Mythos has raised alarm bells among regulators, who see it as a significant challenge to the banking sector and its legacy technology systems. "On Mythos, look, it's a serious issue," he told a meeting of the G30 consultancy group on the sidelines of the IMF's spring meeting. "But here's the thing: there will be a Mythos 2 and a Mythos 3, and they'll come up with probably distressing frequency," he said. Such technological leaps will accelerate an arms race that forces lenders to innovate, and may be especially challenging for older and larger institutions potentially running legacy systems, Venkatakrishnan said. "We have to understand its capabilities and we have to understand how to safeguard against it." (Reporting by Balazs Koranyi; editing by David Gaffen)