Anthropic's Mythos AI model triggers global alarm over cybersecurity and banking threats

Anthropic's Mythos AI model sparks fears of turbocharged hacking

Anthropic's new Mythos AI model is raising concern among governments and companies that it could outpace current cyber security defenses, turbocharge hacking, and expose weaknesses faster than they can be fixed. The San Francisco-based startup released a cyber-focused model this month, which has shown the ability to detect software flaws faster than humans but also demonstrated it can generate exploits needed to take advantage of them. In one alarming case, the Mythos model showed it could break out of a secure digital environment to contact an Anthropic worker and publicly reveal software glitches, overriding the intention of its human makers. This week, OpenAI also released its own advanced cyber model with similar capabilities. The developments have led senior international financial officials and government ministers around the world scrambling to understand the dangers, in some cases seeking access to the new models that have only been given to a small number of vetted partners. "This feels like the discovery of fire: a force that can profoundly improve our lives or, if mishandled, cause real harm across the digital world," said Rafe Pilling, director of threat intelligence at cyber firm Sophos. Last week, US Treasury Secretary Scott Bessent and Federal Reserve Chair Jay Powell summoned some of the largest US banks to discuss the cyber threats the AI model posed. The UK's AI minister, Kanishka Narayan, told the FT "we should be worried" about the capabilities of the model. These risks are well known within Anthropic. Logan Graham, who leads Anthropic's frontier "red team," which tests the lab's models, said: "Somebody could use [Mythos] to basically exploit en masse very fast in an automated way, and most of the organizations around the world... including the most technically sophisticated ones, would not be able to patch things in time." AI tools have already significantly boosted the multibillion-dollar cyber crime industry. They have provided amateur hackers with cheap tools to write harmful software, as well as enabling professional criminals to better automate and scale their operations. "Attacks are already increasing in frequency and sophistication, thanks to AI," said Christina Cacioppo, chief executive at security and compliance firm Vanta. "Most companies aren't prepared to handle the risk because they're still managing security through dated methods that are no match for the speed of AI-enabled attacks," she added. AI-enabled cyber attacks were up 89 percent in 2025 compared with a year earlier, according to data from security group CrowdStrike. Meanwhile, the average time between an attacker first gaining access to a system and acting maliciously fell to 29 minutes last year, a 65 percent acceleration from 2024. "The game is asymmetric; it is easier to identify and exploit than to patch everything in time," said one person close to a frontier AI lab. Anthropic's Graham said there were also internal concerns that companies would use Mythos to find "more vulnerabilities than they could hope to deal with in the near future." The heightened fears about AI and cyber security come amid signs that agents, which act autonomously on users' behalf to conduct tasks, could also fuel a further rise in AI-enabled hacking. Last September, Anthropic detected the first reported AI cyber-espionage campaign believed to be coordinated by a Chinese state-sponsored group. It manipulated its coding product, Claude Code, to attempt to infiltrate about 30 global targets, including large tech firms, financial institutions, chemical manufacturers, and government agencies. It was successful in a small number of cases and executed without extensive human intervention. Software researcher Simon Willison has warned there is a "lethal trifecta" of capabilities that arise with agents: access to private data; exposure to untrusted content, such as the Internet; and the ability to communicate externally. Security professionals argue that the safest way to protect against cyber attacks when using an AI agent is to grant it access to only two of these areas. However, AI experts believe that much of the value from agents comes from granting access to all three. "The bad news is that there is no good solution as of today," said one person close to an AI lab. "The good news is [AI agents aren't] yet in mission-critical settings like the stock exchange, bank ledger, or the airport." Stanislav Fort, a former Anthropic and Google DeepMind researcher who has founded AISLE, an AI security platform, said he was optimistic that AI could help to identify and fix a "finite repository" of historical security flaws. To date, AI models have identified thousands of "zero-day" vulnerabilities -- unknown weaknesses in commonly used software -- some of which have been undetected for decades. "We are gradually finding fewer and fewer zero days, of the worst kinds we can imagine," said Fort. Once these weaknesses were eliminated, the technology could be used to "proactively make sure nothing bad comes in [and] meaningfully increase the security level of the whole world as a result." Additional reporting by Kieran Smith in London.

Global Financial Watchdog to Share Insights on Anthropic's Mythos

New AI capabilities are increasing the speed at which vulnerabilities could be found and exploited, making it important for financial systems to have a mature and effective cyber program. The Financial Stability Board is gathering information from members about potential risks posed by Anthropic's Mythos model as it look to share such insights more broadly among its network of regulators and central bankers to help them judge the risks of autonomous cyber attacks. Bank of Canada Governor Tiff Macklem, who heads the FSB's key committee for monitoring risks, said officials have "work to do" as they assess the severity of the risks posed by the artificial intelligence model relative to other budding dangers like private credit and the global energy crisis. The topic has featured heavily in conversations at this week's International Monetary Fund and World Bank meetings. It was discussed at a meeting of FSB representatives on Wednesday amid concerns that financial systems beyond the US are disadvantaged because they have little access to the model created by San Francisco-based Anthropic. "The FSB is going to share the information that's available so that everybody is working with the right information," Macklem said, adding that the issue was still "developing." "New AI capabilities increase the speed at which vulnerabilities could be found and exploited," said Macklem. "That puts a real premium on having a really mature effective cyber program. There is no immediate cyber attack, there is no immediate crisis, but AI is changing the landscape and we got to get on top of that." The FSB is also closely monitoring risks from private credit and leveraged bets on sovereign bond markets. "Private credit is not suitable for everybody," Macklem added, pointing to the potential need for additional "guardrails" to ensure retail investors properly understand constraints on accessing their cash. Macklem said an upcoming FSB report on private credit vulnerabilities would be an "important step" though it will not be a magic bullet for dealing with a sector that officials judge too small to imperil financial stability, despite rising threatsBloomberg Terminal flagged by Bank of England Governor and FSB chair Andrew Bailey this week. "I think it's a bit early to start to start to get super prescriptive about solutions," Macklem said. "It's not going to answer all the questions." The FSB prioritized leveraged bets on sovereign bond markets in its first targeted attempt to deliver better data on the non-banking world, and has promised an update on that work by the middle of the year.

What do we know about Anthropic's Mythos amid rising concerns?

April 20 (Reuters) - Anthropic earlier this month debuted Mythos, its most advanced AI model to date, equipped with sophisticated capabilities and designed for defensive cybersecurity tasks. Mythos' vast capabilities have sparked fears about the threat to traditional software security after the AI startup said the preview had uncovered "thousands" of major vulnerabilities in "every major operating system and web browser." HOW WAS THE MODEL LAUNCHED AND WHO HAD ACCESS TO IT? Anthropic has rolled out Claude Mythos Preview through a controlled initiative called "Project Glasswing", granting access to tech majors including Amazon (AMZN.O), opens new tab, Microsoft (MSFT.O), opens new tab, Nvidia (NVDA.O), opens new tab and Apple (AAPL.O), opens new tab. The company also extended access to a group of more than 40 ⁠additional organizations that build or maintain critical software infrastructure. WHAT ARE THE CONCERNS AROUND MYTHOS? Experts warned that the model can identify and exploit previously unknown vulnerabilities faster than companies can repair them. Its advanced coding and autonomous capabilities could dramatically accelerate sophisticated cyberattacks, particularly in sectors such as banking that rely on complex, interconnected and often decades-old technology systems, they have said. While debuting Mythos, Anthropic said the model's ability to find software flaws at scale could, if misused, pose serious risks to economies, public safety and national security. U.S. software stocks tumbled on April 9 after the Mythos launch ⁠on April 7 reignited fears that advances in AI could disrupt traditional firms. WHAT HAS THE WHITE HOUSE AND REGULATORS SAID ABOUT MYTHOS? The White House has held discussions with Anthropic CEO Dario Amodei about Mythos, with officials saying they talked about collaboration, cybersecurity and balancing AI innovation with safety. The talks were held ⁠despite the Pentagon slapping a formal supply-chain risk designation on Anthropic. The U.S. government is planning to make a version of Mythos available to major federal agencies, Bloomberg News has reported. Reuters reported that U.S. Treasury Secretary Scott Bessent ⁠and Federal Reserve Chair Jerome Powell held a meeting with CEOs of major U.S. banks to brief them on the potential risks from the model. The model also raised alarm bells in ⁠Britain, with authorities holding talks with major banks and cybersecurity officials to assess possible risks. Banks are in close contact with their European regulators regarding Mythos, Christian Sewing, president of the German banking association and CEO of Deutsche Bank, said. Reporting by Harshita Mary Varghese in Bengaluru Our Standards: The Thomson Reuters Trust Principles., opens new tab

Latest AI models could threaten world banking system, financial officials warn

Senior international financial officials have warned the latest AI models from US tech companies could threaten the world banking system by exposing weaknesses in lenders' cyber defence. As finance ministers, central bankers and regulators met this week in Washington for the IMF and World Bank spring meetings, their discussions were dominated by concern over the latest AI model developed by San Francisco-based start-up Anthropic. "It is a very serious challenge for all of us," said Andrew Bailey, governor of the Bank of England, who chairs the Financial Stability Board of global regulators. "It reminds us how fast the AI world moves." Bailey added that global regulators would need to rapidly evaluate the potential cyber security threat to the financial system from Anthropic's new Claude Mythos Preview model. Until just over a week ago, most policymakers had expected the IMF and World Bank meetings to focus on the conflict in the Middle East, tensions in the private credit market and elevated levels of government debt. Instead, the ability of new AI models to wreak havoc in the world's banking system was all many people wanted to talk about. "The evolution of digital technology is posing immense risks from a cyber security perspective," said Dan Katz, deputy head of the IMF and former chief of staff for US Treasury secretary Scott Bessent. "This is really going to be absolutely essential on the international agenda for the next few months." European Central Bank president Christine Lagarde said: "The development we've seen with Anthropic and Mythos is a good example of a responsible company that is suddenly thinking, 'ah, that could be really good' -- but if it falls in the wrong hands, it could be really bad." Some officials called for a co-ordinated international response to the threat from Mythos, which Anthropic said earlier this month had "found thousands of high-severity vulnerabilities, including some in every major operating system and web browser". The company warned it would "not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely". It added: "The fallout -- for economies, public safety and national security -- could be severe." "Everybody is keen to have a framework within which to operate," Lagarde told Bloomberg TV. But she added: "I don't think there is a governance framework that is there to actually mind those things. We need to work on that." So far, Anthropic has only shared Mythos with a group of about 40 companies, including Amazon, Apple and JPMorgan Chase, giving them a chance to experiment with it and start fixing any vulnerabilities it finds in their systems. Bessent last week convened leaders of some of the largest Wall Street banks and Jay Powell, the chair of the Federal Reserve, to discuss the weaknesses revealed by Mythos, which some US authorities are believed to have access to. Officials in Washington said the technology represented a fundamental change in the playing field between attackers and defenders of information systems because of its ability to autonomously string together multiple software vulnerabilities at a scale beyond human capacity. They have been both impressed and alarmed by Mythos's ability to decide autonomously how to approach problems, but are worried about the lack of regulation for AI companies. The officials say they are looking at collaborating with tech companies, including Anthropic. However, some European regulators and executives say they have been left in the dark about the potential vulnerabilities revealed by the latest AI technology as most of them have not been able to test the new model and determine the level of threat it could pose. When asked how the European Banking Authority was responding to concerns around Mythos, François-Louis Michaud, its new head, said: "It is a process that is starting and we are now contemplating what is the right answer." Michaud and other European regulators said that for several years they have been focused on cyber security threats to the banking system, which intensified after Russia's full-scale invasion of Ukraine in 2022, including assessing the new potential risks from quantum computing. Michaud pointed out the EBA had been hiring more cyber security specialists after being given the power to supervise key IT suppliers to EU banks. "I am not saying everything is fine and perfect but I am saying we are not starting from scratch," he said. Senior Europe-based executives at a big bank and at a large financial infrastructure group told the FT on the sidelines of meetings in Washington that they had not yet had a chance to test Mythos. The banking executive said: "If what they say is true then it is obviously serious. But it is too early to know. We are speaking to Anthropic to get a look at this model." OpenAI, the maker of ChatGPT, announced on Thursday that it was sharing its latest model specifically designed for cyber security with a limited number of "vetted security vendors, organisations and researchers" for testing. It said the new model, GPT-5.4-Cyber, was "purposely fine-tuned for additional cyber capabilities and with fewer capability restrictions". Chief executives of large US banks confirmed this week that they were working with a beta version of Anthropic's Mythos model. JPMorgan chief executive Jamie Dimon said the new AI model "shows a lot of vulnerabilities that need to be fixed". But executives also played up the productivity gains they were anticipating from AI. "AI is our friend. It is just the latest generation of technology that is going to be part of the ecosystem," said Morgan Stanley boss Ted Pick. "We're working with Claude Mythos, the beta version, and we are looking at different places inside of infrastructure where we will just [see] continuous improvement." Robin Vince, chief executive of BNY, the oldest US bank, told the FT it was also testing Anthropic's model, while Citigroup chief financial officer Gonzalo Luchetti told reporters on Tuesday that the bank was approaching the technological breakthrough with the "degree of urgency that it requires". Some regulators are sceptical that there will be a co-ordinated global response to the threat of AI given current geopolitical tensions, which are being exacerbated by the Middle East conflict. Policymakers are also reluctant to hamper the development of a technology that could bring big economic benefits. "What is the optimum moment to frame the rules of the road?" Bailey asked. "If you go too early you a) risk missing the target and b) you risk distorting the evolution, and if you go too late things can get out of control."

Claude Mythos AI can be 'net positive' to UK says cyber official

AI tools have the opportunity to be a major boost for cyber-security defences if they are secured, according to the UK's top cyber official. The threat of AI such as Claude Mythos has made headlines around the world after its maker Anthropic revealed it to be extremely good at hacking. The company is restricting access to the model to help governments, tech giants and banks secure their systems as the cyber-security world braces for its general release. But head of the National Cyber Security Centre (NCSC) Richard Horne says advanced AI tools can be a "net positive" to public cyber-security if the technology is secured from misuse. It comes as the UK's security minister is urging AI companies to "work with the government on national cyber-defence capabilities". Anthropic, the maker of the popular chatbot Claude, has not said when it will release its newest model Mythos. But the company sparked widespread concerns when it claimed the bot was an expert hacker as good as, if not better than, the best humans. The fear is that if Mythos gets into the wrong hands or goes rogue it might lead to major data breaches or debilitating cyber-attacks. In a speech to the NCSC's annual conference CyberUK on Wednesday, Horne will make a more positive case arguing AI tools can make things safer and more secure. He is urging companies and organisations not to fear new AI attacks but to make sure they are doing the basics of cyber-security right. "As we have seen in the media in recent days, frontier AI is rapidly enabling discovery and exploitation of existing vulnerabilities at scale, illustrating how quickly it will expose where fundamentals of cyber-security are still to be addressed," he will say. Horne's warnings echo similar messages from recent years - for example the urgency for people to ensure they update the software on their systems and upgrade legacy IT. He is also urging AI companies to make sure their models are secure by following newly-created European safety guidelines. At the same event, Security Minister Dan Jarvis will implore AI firms to work with the government on the "generational endeavour" to make sure AI is used to protect critical networks from attackers. All the most powerful and advanced AI models - known as frontier AI - are developed outside of the UK, with the top-tier companies based in the US or China. That means the UK relies on companies like Anthropic to give it access to Mythos and has no control over how it is built, trained or released. Open AI also has a cyber-security model it says is very capable called GPT 5.4 Cyber. The speeches at CyberUK will also press home the ongoing threat of nation state and hacktivist attacks, particularly from Russia and China. The NCSC warns that cyber is now "the home front" of defence in the UK with recent events such as the Iran attacks showing that cyber plays an increasingly important role in all modern conflicts. Sign up for our Tech Decoded newsletter to follow the world's top tech stories and trends. Outside the UK? Sign up here.

Nervous Indian Fintechs Push Anthropic for Access to Mythos

Regulators, central bankers and executives are on high alert due to fears that Mythos can discover cybersecurity vulnerabilities that have gone undetected for years, and could potentially enable mass looting of bank accounts or paralyze international payment systems. India's major financial technology firms are pushing Anthropic PBC to give them early access to Mythos, the artificial intelligence model that has sparked global fears about a new era of cyberattacks. One97 Communications Ltd., Razorpay Software Ltd. and Pine Labs Ltd. are among the Indian companies that have pushed the San Francisco-based AI developer to let them test Mythos and detect vulnerabilities on their own systems. Their requests came after Anthropic announced a limited roll-out of its latest large-language model, which it considers too dangerous to release more widely. "We had an urgent call with Anthropic to check when they're creating a second list of companies that will get access to Mythos," said Vijay Shekhar Sharma, founder and chief executive of One97. Sharma said Anthropic representatives asked him what One97 would do with Mythos, and how it could help the company. The questions, he suggested, reflect just how seriously Anthropic is weighing who gets near this technology -- and why. "Is this the beginning of the end?" said Sharma, adding that the anxiety over such models is existential not just for businesses but for financial systems. "A country's technology networks and financial systems could be infiltrated from any node anywhere. You don't need to fire missiles to go to war anymore." The push among Indian firms to win access to Mythos reflects fears across the world. Regulators, central bankers and executives have been on high alert after it emerged that Mythos can discover cybersecurity vulnerabilities that have gone undetected for years. Anthropic first stress-tested Mythos internally before raising the alarm and extending access to a select group of a dozen companies, including Amazon Web Services Inc., Apple Inc., and JPMorgan Chase & Co. The AI company is looking to cautiously expand that access through a program it calls Project Glasswing. The move sent tremors through global financial circles, with US Treasury Secretary Scott Bessent calling the model "a step function change in abilities" -- meaning a sharp jump. European Central Bank President Christine Lagarde warned this week about the risk if Mythos fell into the wrong hands. Get the Tech Newsletter bundle. Get the Tech Newsletter bundle. Get the Tech Newsletter bundle. Bloomberg's subscriber-only tech newsletters, and full access to all the articles they feature. Bloomberg's subscriber-only tech newsletters, and full access to all the articles they feature. Bloomberg's subscriber-only tech newsletters, and full access to all the articles they feature. Plus Signed UpPlus Sign UpPlus Sign Up By continuing, I agree to the Privacy Policy and Terms of Service. The question now haunting boardrooms and government ministries alike is whether Mythos could enable the mass looting of bank accounts, paralyze international payment systems or even trigger a full-blown crisis in the global financial system. The Reserve Bank of India didn't immediately respond to an email on whether the banking regulator or India's banks and insurers were taking any steps to assess the risks from Mythos. Read More About Mythos Mythos AI Sparks Fear and Confusion Among Global Finance Elite Bessent Calls Anthropic's Mythos a Breakthrough in China AI Race Inside Anthropic's Race to Assess the Dangers of Mythos Security teams are already working overtime at Razorpay, a company whose platform businesses use to collect payments through credit and debit cards, online banking and electronic wallets. "It's a race against time for startups like us," said Razorpay's cofounder and chief executive officer Harshil Mathur. "We've asked for Mythos access as we want to test the weaknesses on our platform and strengthen our defenses." Mathur said that in the startup groups he's part of, Mythos has been the hot topic of discussion for the past 10 days. Anthropic may expand the roll-out with stringent contracts on limited use to test companies' own infrastructure, disallowing commercial use, he said. India is home to millions of engineers who write code for Wall Street banks, insurers and credit card giants. The country has become the second-largest market for Anthropic's Claude model, with coders mainly using it for building apps, debugging software and modernizing IT systems. "Regulators will push for more stringent security norms owing to the threat of increased attacks," said Pine Labs' Chief Executive Officer Amrish Rau. "Security can't be a compliance checkbox anymore."

ASIC joins global regulators monitoring Anthropic's Mythos AI

Australia's markets regulator has publicly confirmed it is watching the development of Anthropic's Mythos model alongside peer regulators worldwide, adding to a rapidly expanding international regulatory response that began with the Bank of England, the US Federal Reserve, and the Treasury Department. ECB President Lagarde has warned no governance framework is yet in place. The Australian Securities and Investments Commission (ASIC) confirmed on Monday that it is monitoring the development of Anthropic's frontier AI model Mythos and its potential implications for the Australian financial market, Reuters reported. "ASIC is closely monitoring these developments along with peer regulators to assess possible implications for the Australian market," an ASIC spokesperson said. "ASIC engages closely with other regulators, government agencies and the financial sector to understand and respond to changing technologies." The regulator added that it expected financial services licensees to "be on the front foot" to safeguard their customers and clients. The ASIC statement is the latest in a cascade of global regulatory responses to Mythos, the advanced AI model that Anthropic launched on 7 April 2026 under a restricted access programme called Project Glasswing. Anthropic claimed the model successfully identified and exploited zero-day vulnerabilities in every major operating system and web browser, a capability the company says is intended to accelerate defensive security work but which regulators have identified as a potential systemic risk if threat actors accessed the model's capabilities. The response from financial regulators has been rapid and unusually coordinated for a technology event. Bank of England Governor Andrew Bailey, speaking at Columbia University in New York, warned that Mythos could "crack the whole cyber risk world open" and called on regulators to urgently assess the extent to which the model can identify and exploit vulnerabilities in financial infrastructure. The Bank of England's Cross Market Operational Resilience Group (CMORG) and its AI Taskforce subsequently scheduled meetings to discuss Mythos within weeks. European Central Bank President Christine Lagarde told Bloomberg TV that there is currently no governance framework "to actually mind those things", a frank admission that the regulatory infrastructure has not kept pace with the technology. In the United States, Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened an urgent meeting of major bank CEOs to discuss Mythos's cyber risk implications. The meeting, held while bank chiefs were already in Washington for a Financial Services Forum board meeting, was confirmed by CNBC. JPMorgan Chase CEO Jamie Dimon was the only major bank CEO who could not attend. A Treasury spokesperson subsequently confirmed the meeting and said Treasury plans to lead further sessions with regulators and institutions on an ongoing basis. On the commercial side, major US banks have begun internal testing of Mythos for defensive purposes. Goldman Sachs CEO David Solomon told analysts on a quarterly earnings call that the bank has access to the model and has "hypersensitivity" to the enhanced capabilities of new AI systems. JPMorgan Chase was named as an initial Project Glasswing partner, alongside approximately 40 companies including Amazon, Apple, Google, Microsoft, and Nvidia. Anthropic has committed $100 million in credits to these partners and $4 million to open-source security organisations, with the explicit goal of building defensive capacity ahead of any public capability release. The core risk that regulators are assessing is structural rather than individual. Financial institutions run technology stacks that layer decades-old legacy systems with modern cloud infrastructure, creating accumulated technical debt and undiscovered vulnerabilities. The banking sector's heavy reliance on a small number of consolidated cloud providers means that a sufficiently capable AI model exploiting vulnerabilities in those providers' systems could cascade across the entire financial system. IBM Senior Vice President Rob Thomas has publicly criticised Anthropic's restricted-access approach, arguing that "security improves more often through scrutiny than through concealment." Anthropic's CEO Dario Amodei has defended the restricted rollout, writing that "the dangers of getting this wrong are obvious, but if we get it right, there is a real opportunity to create a fundamentally more secure internet and world." Anthropic's relationship with the US government remains complicated by a separate dispute. The Department of Defense designated Anthropic a supply chain risk to national security, a classification the company has contested in court.

Regulators monitor Anthropic's Mythos for banking risks

SYDNEY, April 20 (Reuters) - Regulators said on Monday they are monitoring the development of Anthropic's frontier AI model Mythos, which experts say could have the capability to be used to destabilise banking systems. The vast capabilities of Mythos to code at a high level have given it a potentially unprecedented ability to identify cybersecurity vulnerabilities, experts say, prompting greater scrutiny from some regulators globally. "ASIC is closely monitoring these developments along ⁠with peer regulators to assess possible implications for the Australian market," a spokesperson for the Australian Securities and Investments Commission (ASIC) said on Monday. "ASIC engages closely with other regulators, government agencies and the financial sector to understand and respond to changing technologies." ASIC said it expected financial services licencees to "be on the front foot" to safeguard their customers and clients. The country's banking regulator, the Australian Prudential Regulation ⁠Authority (APRA) said it would "continue to assess the implications of these technological advancements to ensure the ongoing safety and resilience of the financial system." South Korea's Financial Supervisory Service (FSS) said on Monday it held a meeting ⁠with information security officials from financial firms last Monday to review Mythos-related risks. South Korea's Yonhap news agency reported that the country's Financial Services Commission (FSC) ⁠held an emergency meeting last Wednesday with chief information security officers from the FSS, banks and insurers to review the ⁠risks, citing unnamed industry sources. The FSC was not immediately available for comment when contacted by Reuters. Reporting by Scott Murdoch in Sydney and Heekyong Yang in Seoul; Editing by Jacqueline Wong Our Standards: The Thomson Reuters Trust Principles., opens new tab

Anthropic's Mythos moment: how frontier AI is redefining cybersecurity

This moment highlights the need for clearer guidance and coordination to support the secure adoption of advanced AI. On 7 April, Anthropic announced Claude Mythos Preview, a frontier AI model so powerful (or risky) that the company decided not to release it to the public. This decision signals a critical shift in AI landscape: constraints on deployment are no longer commercial, but security-driven. According to Anthropic, Mythos can autonomously identify previously unknown vulnerabilities, generate working exploits and carry out complex cyber operations with minimal human input. Testing identified a large number of related weaknesses across widely used systems, though these results remain subject to further validation and vary in terms of severity and real-world exploitability. This reflects a broader turning point; frontier AI systems are becoming more autonomous and powerful, but also harder to control once deployed. The cautious way forward is to treat these models less as consumer products and more as strategic assets. Ultimately, it underscores a new reality: AI capability is advancing faster than our ability to safely govern it, making security the primary gatekeeper for release. This is less about one model, and more about a new reality for cybersecurity and societies alike. The implications are already being felt by governments, regulators and companies worldwide. A new concern is emerging: Companies can build advanced AI systems but are not yet confident they can deploy them safely, without unintended consequences. Tasks that once required highly specialized teams working for weeks or months can now be performed in hours. This has two immediate consequences. First, it could significantly strengthen defences by accelerating the discovery of vulnerabilities. Second, it could lower the barrier for launching sophisticated cyberattacks, enabling a wider range of actors to operate at a higher level. This is not just a cybersecurity issue. It is a resilience issue for global stability. Critical infrastructure, financial systems and supply chains all depend on digital systems that could be exposed to faster, more scalable forms of attack. The market reaction has been equally striking. Reports suggest that fears linked to Mythos and similar frontier AI systems have contributed to significant volatility in global technology stocks, highlighting investor concern about disruption to cybersecurity, business models and the stability of the digital economy. Recent developments underscore how quickly this issue is moving from theory to practice. Reports indicate that US officials have begun urging major financial institutions to actively test advanced AI systems like Mythos in controlled environments, reflecting growing concern at the highest levels about both the risks and defensive potential of such tools. This moment reinforces warnings already highlighted in the World Economic Forum's Global Cybersecurity Outlook 2026, which points to a growing gap between the pace of cyberthreats and organizations' ability to respond. Frontier AI could widen that gap further - at least in the short term. Against this backdrop, these questions are expected to be central to discussions at the World Economic Forum's Annual Meeting on Cybersecurity in May 2026, where leaders will assess how AI is reshaping global cyber risk and what coordinated responses are needed. For non-specialists, the Mythos episode raises three practical and urgent questions: Yes - but unevenly. By automating complex technical tasks, systems like Mythos can lower the barrier to entry for attacks on simpler systems, which can be carried out with limited human input. For more complex, well-secured systems, attacks likely still requiring steering from experienced attackers. This could increase the frequency of cyber incidents, while enabling more sophisticated attacks primarily in the hands of skilled actors. In most cases, not yet; for many, not even close. Even today, organizations struggle to keep up with the fast-evolving sector, with 87% of leaders identifying AI-related vulnerabilities as the fastest-growing cyber risk. If AI systems dramatically increase the number of vulnerabilities identified, the challenge will shift from discovering problems to fixing them fast enough. Patch cycles measured in weeks may no longer be sufficient in a world where vulnerabilities can be identified and exploited within hours. This remains an open question. Anthropic has chosen to restrict access and work with a small group of trusted partners, rather than releasing the model broadly. But there are no globally agreed rules for who should have access to such powerful systems or how their use should be governed. One of the less obvious implications of systems like Mythos is that they could create a new kind of bottleneck. For years, cybersecurity has struggled with limited visibility in that organizations did not know where their vulnerabilities were. AI changes that, enabling rapid, large-scale discovery of weaknesses across systems. This, however, creates a different problem: overload. If thousands of vulnerabilities can be identified quickly, organizations may not have the capacity to address them all. Prioritization becomes critical, and errors become more costly. In this environment, more visibility does not automatically mean more secure. As offensive capabilities become more automated, defensive systems must match that speed and sophistication. Static, rule-based approaches will not keep pace. Instead, organizations will need adaptive systems that continuously monitor and respond in real time. Cybersecurity is shifting from defending fixed perimeters to managing dynamic, intelligent systems, fundamentally reshaping how risk is understood and controlled. Anthropic's response has been to limit access and emphasize collaboration, working with a small group of trusted organizations to secure critical systems before such capabilities spread more widely. But this approach alone is not enough. These capabilities are unlikely to remain confined to a single organization. Similar systems are expected to emerge across the industry, increasing the urgency for action. For business and policy leaders, four priorities stand out: Cybersecurity is no longer just a technical function. It is a core component of economic resilience, trust and stability. Anthropic's Mythos offers a preview of a near future in which AI both strengthens and destabilizes the digital systems that underpin the global economy. The transition may not be smooth. Defensive capabilities are improving, but unevenly. At the same time, offensive capabilities may spread more quickly, creating a period of heightened risk before a new equilibrium is established. As the speed of AI development continuously outpaces governance, coordination and security practices, the key challenge is not just technological. It is institutional and increasingly geopolitical. As countries and companies race to develop and deploy frontier AI capabilities, there is a risk that approaches to access, control and security diverge. Without coordination, this could lead to fragmented standards, uneven levels of protection and greater systemic vulnerability. The World Economic Forum's Centre for Cybersecurity is advancing this effort by fostering holistic collaboration through its Cyber Frontiers: AI and Cybersecurity initiative. Its upcoming report, to be released in May 2026, explores how AI can strengthen cyber defence and resilience. The insights from this work and the discussions it informs will be critical in shaping how leaders respond to this next phase of cyber risk. The next phase of the initiative will explore cyber risks introduced by agentic systems and develop guidance on how to secure the agentic AI economy. The question is no longer whether such capabilities will emerge, but whether institutions can adapt quickly enough to manage them. The answer will shape not only the future of cybersecurity, but the resilience of the digital systems on which societies and economies increasingly depend.

Finance ministers and top bankers raise serious concerns about Mythos AI model

Finance ministers, central bankers and financiers have expressed serious concerns about a powerful new artificial intelligence (AI) model that could undermine the security of financial systems. The development of the Claude Mythos model by Anthropic has led to crisis meetings, after it found vulnerabilities in every major operating system and browser. Experts have warned that the model potentially has an unprecedented ability to identify and exploit cybersecurity weaknesses. The Canadian finance minister Phillipe Francois Champagne told the BBC that Mythos had been discussed extensively by his peers at the key International Monetary Fund (IMF) meeting in Washington DC this week. "Certainly it is serious enough to warrant the attention of all the finance ministers... The difference with the Strait of Hormuz is that we know where it is and we know how large it is. The issue that we're facing with Anthropic is that it's an unknown, unknown. It requires a lot of attention so that we have safeguards, and we have processes in place to make sure that we ensure the resiliency of our financial system". Top bankers are to be given access to the model in advance to test out their systems. The chief executive of Barclays CS Venkatakrishnan told the BBC: "it's serious enough that people have to worry. We have to understand it better, and we have to understand the vulnerabilities that are being exposed and fix them quickly". He added that "this is what the new world is going to be" referencing a much more connected financial system, with both opportunities and vulnerabilities. While developer Anthropic has said the model has already exposed multiple security vulnerabilities in some critical operating systems, financial systems and web browsers, governments and banks are being offered access in advance of its public release to help protect their own systems. Bank of England Governor Andrew Bailey also told the BBC the development had to be taken very seriously: "we are having to look very carefully now what this latest AI development could mean for the risk of cyber crime. There is a development of AI, of modelling, which makes it easier to detect existing vulnerabilities in, sort of core IT systems, and then obviously cyber criminals that the bad actors could seek to exploit them." The US Treasury confirmed it had raised the issue with its major banks encouraging them to test out their systems, before any public release of Mythos by Anthropic. Financial industry sources indicated that another prominent US AI company could soon release a similarly powerful model but without the same safeguards.

UK banks get their Mythos briefing within days

The Bank of England's Cross Market Operational Resilience Group will convene within days to brief major UK banks, insurers, and exchanges about Anthropic's Claude Mythos Preview. This unreleased AI model regulators say can autonomously identify and exploit vulnerabilities across every major operating system and web browser. The US Treasury, the Federal Reserve, and the Bank of Canada have already held emergency sessions. Within days, senior executives from major UK banks, insurers, and financial exchanges will be briefed by the Bank of England, the Financial Conduct Authority, HM Treasury, and the National Cyber Security Centre about the cybersecurity implications of a new AI model that has already prompted emergency meetings at the highest levels of financial regulation in the United States and Canada. The model is Claude Mythos Preview, built by Anthropic. It is not publicly available. According to Bloomberg, Anthropic's Mythos model is on the agenda for the Bank of England's next Cross Market Operational Resilience Group and CMORG AI Taskforce meetings, scheduled within the next fortnight. CMORG is a high-level body whose members include the CEOs of the UK's eight largest banks, four financial infrastructure providers, two insurers, and representatives from the Treasury, BoE, FCA, and NCSC. The regulatory response in the UK follows an emergency meeting in Washington last week at which US Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened the heads of systemically important US banks, including Jane Fraser of Citigroup, Brian Moynihan of Bank of America, Ted Pick of Morgan Stanley, Charlie Scharf of Wells Fargo, and David Solomon of Goldman Sachs, to discuss Mythos's implications. CNBC confirmed the meeting, which Bloomberg first reported. The presence of Powell was described by people familiar with the matter as significant: the Fed chair typically preserves a clear separation from the Treasury, and his attendance signalled the issue was being treated as a systemic financial stability concern rather than a technology policy matter. JPMorgan Chase CEO Jamie Dimon was unable to attend but JPMorgan is listed as a launch partner for Anthropic's associated initiative, Project Glasswing. The Bank of Canada separately held its own meeting with Canadian banks and financial institutions on the same topic. Mythos Preview is described by Anthropic as a general-purpose frontier model with exceptional capabilities in computer security tasks. In its own documentation and in Anthropic's public Project Glasswing announcement, the company says the model has already identified thousands of zero-day vulnerabilities, previously unknown security flaws, across every major operating system and web browser. In one case cited by Anthropic's security team, the model identified a method of breaching a web browser in a way that would allow a malicious website to read data from another site, including, as Anthropic put it, "the victim's bank." Testing also uncovered a 27-year-old weakness in OpenBSD. Anthropic has said the model can identify and exploit such vulnerabilities autonomously when instructed to do so, and that it withheld public release specifically because of these capabilities. The UK's AI Security Institute evaluated Mythos and described it as broadly comparable to peer models on single cyber tasks but stronger at chaining multiple steps into complete intrusions -- and as the first model to complete a full cyber-range attack end-to-end, according to Resultsense. Project Glasswing, Anthropic's response to the risks its own model poses, gives approximately 40-50 organisations early controlled access to Mythos Preview. Named partners include Amazon Web Services, Apple, Google, Microsoft, Nvidia, Cisco, and JPMorgan Chase. Anthropic has committed up to $100 million in Mythos usage credits across these efforts plus $4 million in direct donations to open-source security organisations. The premise is that defenders should have time to find and patch vulnerabilities before the model, or similar models from competitors, which Anthropic says are not far behind, reaches broader or malicious access. Not everyone has accepted Anthropic's framing at face value. Security technologist Bruce Schneier wrote that the episode "is very much a PR play by Anthropic, and it worked," noting that "lots of reporters are breathlessly repeating Anthropic's talking points without engaging with them critically." Schneier observed that the security firm Aisle had been able to replicate some of the vulnerabilities Anthropic found using older, cheaper public models, though he acknowledged a meaningful distinction exists between finding a vulnerability and weaponising it into a full exploit. Former UK NCSC head Ciaran Martin offered a more measured read: the collapse of the vulnerability discovery timeline from months to seconds or hours "is challenging," he told AFP, but also creates "a real opportunity here to fix a lot of the internet's hidden bugs." David Sacks, who recently departed his White House AI and cryptocurrency role, posted scepticism about Anthropic's claims repeatedly over the weekend. The regulatory response is unfolding against a complicated political backdrop. Anthropic is currently in a dispute with the US Department of Defense, which designated the company as a supply-chain risk to national security earlier this year, prompting Anthropic to push back with legal action. President Trump and Defence Secretary Hegseth have publicly criticised Anthropic over its insistence on limits to military uses of its AI. The Mythos episode has created an unusual situation in which a company at odds with the administration over AI governance is simultaneously being treated by the Treasury and Federal Reserve as a key partner in protecting systemic financial infrastructure. BoE Governor Andrew Bailey named Mythos explicitly by name in a speech at Columbia University on 15 April, describing it as a major cybersecurity concern and saying that cyber had climbed regulators' risk rankings "faster than any other category in recent years." With all of this, Anthropic plans to make its new Mythos model available to financial institutions in the UK next week, according to Pip White, the company's head of UK, Ireland, and Northern Europe.

Mythos AI Sparks Fear and Confusion Among Global Finance Elite

War and an historic energy shock are tough financial stability risks to compete with. Yet Anthropic's as-yet unreleased AI model Mythos added a layer of dread to conversations among policymakers gathered in Washington at two institutions created eight decades ago to help foster global economic harmony. At the spring meetings of the International Monetary Fund and the World Bank, the military conflict in the Middle East dominated the talks and forced governments to dust off crisis response plans, pledge cooperation where possible, and bolster consumption with fiscal and monetary tools. With Mythos, there were far more questions than answers. "If it falls in the wrong hands, it could be really bad," European Central Bank President Christine Lagarde told Bloomberg Television on Tuesday. She was referring to Mythos' destructive potential, echoing other central bankers, finance ministers, regulators and investment chiefs hunting for information on potential threats and safeguards. The broad outlines of the issue were thrust into the public domain by a Bloomberg News report revealing that Treasury Secretary Scott Bessent had gathered Wall Street leaders to warn on an imminent AI model that could herald a new era of cyber attacks launched autonomously by bots. "I feel confident that everyone is now on board, rowing in the same direction to build up resiliency," Bessent told CNBC on Wednesday. Outside the US, though, the seeming urgency of that meeting helped fuel a state of high alert among senior officials and bankers. Some of them fretted over a technology that could breach traditional cyber defenses, leaving the financial system open to untold threats. "It would be reasonable to think that the events in the Gulf are the most recent challenge to us in this world," Bank of England Governor Andrew Bailey said at an event at Columbia University in New York earlier this week. That is, until "you wake up to find that Anthropic may have found a way to crack the whole cyber risk world open and you think, what did I do wrong in a past life." Main Questions The challenge facing Bailey and other leading financial stability experts is that they don't know enough about the threats to understand how big an advance Mythos really is on the escalating cyber security risks they have been warning about for years now. Could Mythos lead to the mass looting of bank accounts, paralysis in international payment systems or spark a crisis of confidence that shatters the bedrock of the financial system -- trust? Is this akin to the risks from quantum computing, a known threat which regulators are already studying in detail, or will it require a new play book? Such questions circulated through the corridors and conference rooms of Washington's Willard Hotel, where Abraham Lincoln lived before his inauguration and where the Institute of International Finance this week hosted senior officials and executives. Many remain unanswered. The extent to which San Francisco-based Anthropic is sharing details of and access to Mythos with non-US officials and banks wasn't immediately clear. One American leader of a European bank said they'd been promised a briefing. The limited access may leave some of the world's financial system incapable of following the International Monetary Fund's advice to stay "at the frontier" of developments in cyber threats. Canada's Finance Minister Francois-Philippe Champagne said Mythos "requires our full attention" and that he wants to raise the issue with his counterparts. "We have a common interest to ensure the resiliency of our financial system," he said in an interview Wednesday. The US Treasury Department's technology team is seeking to gain access to Anthropic PBC's Mythos AI model so it can begin hunting for vulnerabilities, a person familiar with the situation told Bloomberg this week. John Williams, president of the Federal Reserve Bank of New York, said on Thursday that recent advances "have demonstrated the power of these AI tools, both at identifying vulnerabilities or potentially exploiting these vulnerabilities, has moved a lot faster than many expected." The New York Fed is a key nerve center for global financial transactions and oversight of stability risks. FSB's Role Financial stability threats are traditionally co-ordinated through the Financial Stability Board, currently chaired by the BOE's Bailey. But the FSB has mostly taken a back seat on cyber risks, because some members are reluctant to be transparent in a broad group that includes countries like China. That leaves cyber largely in the hands of narrower groups like the Group of Seven industrial economies. At a G-7 finance chiefs meeting Wednesday, the need for an international institutional framework to oversee the governance of AI was discussed, on the basis that no country could address the Mythos risks alone, according to two people familiar with those talks. There was support for exploring the topic, given the exponential growth of the risks and their potentially severe consequences, one of the people added, though the route forward is unclear. Adding to the worries is the heightened geopolitical risks that accompany the doomsday AI scenario, where the technology flips from transforming the financial sector's efficiency to obliterating its technology infrastructure. The Middle East conflict increases the perceived threat of state-sponsored hacks. 'Real Urgency' Officials and bankers alike are also mindful that if such destructive AI technology can be created by a US company, it could likely be created by one in a more hostile nation, which would not give Wall Street a heads up on the looming threat. "Frontier AI capabilities are advancing faster than governance frameworks are being designed to control them," said Laila Khawaja, research director of Gavekal Technologies, who covers US-China tech. "There is real urgency to build guardrails before these models become deeply embedded in critical systems like finance." This week's quest for answers also highlights the gulf between AI's haves and have-nots, and the splintering of the global financial stability ecosystem. Europe is increasingly concerned about its over-reliance on foreign tech companies. Officials also privately lament the "every man for himself" approach that is increasingly creeping into global conversations on finance, and could hinder the effective sharing of information on risks globally. Several European officials said they would use this week's meetings to encourage their US peers to share what they can. Elisabeth Svantesson, Sweden's finance minister, told Bloomberg News that there's an "an early-warning meeting" later Thursday with central bankers and ministers, and AI will be a topic. "My message will be that AI is fantastic but unpredictable leadership together with AI is dangerous," she said, adding that the US and Israel's war and uncertainty are the predominant themes, along with cyber threats.

Mythos and friends could be a 'net positive' for UK cyber security defenses but only if they're secured, says top cyber official

* NCSC's Richard Horne says hacking AI tools like Mythos Preview can strengthen defenses if guardrails are in place * Anthropic's Mythos Preview, part of Project Glasswing, finds zero‑days at scale * Horne argues frontier AI exposes weak fundamentals quickly, giving defenders a chance to decisively outpace cybercriminals With proper guardrails and safety regulations, hacking AI tools such as Mythos Preview can be net positive for cybersecurity defenses everywhere, says Richard Horne, head of the National Cyber Security Centre (NCSC). According to the BBC, Horne echoed these statements in a speech to the NCSC's annual conference CyberUK, on Wednesday. "As we have seen in the media in recent days, frontier AI is rapidly enabling discovery and exploitation of existing vulnerabilities at scale, illustrating how quickly it will expose where fundamentals of cyber-security are still to be addressed," he said. This time is different Earlier this month, Anthropic announced a new security initiative called Project Glasswing, and at its heart, the newest AI model, Mythos Preview. This model was apparently so good at discovering and exploiting zero-day vulnerabilities, that Anthropic decided to only give it to a handful of large software companies. That way, these companies can get a head start against bad actors, before the model is released to the general public at a (yet undetermined) later date. There is also plenty of chatter online about this being just a PR stunt, with some people stating that OpenAI did the same for GPT-2 which later turned out to be a lot more benign. However, this time it really might be different. The Mozilla Foundation said that with the help of Mythos it managed to find 271 vulnerabilities in Firefox 150, the famed browser's latest build. When it tried a similar thing with an earlier model - Opus 4.6 against Firefox 148 - it found "just" 22 bugs. Announcing the results, Mozilla CTO Bobby Holley couldn't hide his excitement, hinting that the cat-and-mouse fight against cybercriminals might finally come to an end. "Our work isn't finished, but we've turned the corner and can glimpse a future much better than just keeping up," he wrote. "Defenders finally have a chance to win, decisively. " Via BBC Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Faster attacks, quicker exploits: Early testers of new AI models warn of their new abilities

Why it matters: The models may only represent one big step forward today, rather than a leap into the unknown. But if their current trajectory holds, they may still outstrip defenses designed for human-scale attacks. Driving the news: OpenAI last week joined Anthropic in rolling out a cyber-focused model, GPT-5.4-Cyber, with access limited to vetted partners. * Early adopters say the models aren't radically more capable than previous generations, but their speed and ability to generate proof-of-concept exploits are changing the equation. Threat level: "When the attackers move at machine speed, and the defenders move at human speed, we don't lose the game -- it's game over," Illumio CEO and founder Andrew Rubin told Axios, based on his company's access. * Rubin argued that many current defenses aren't built for that shift: "A security strategy that relies on occasional patching and keeping threats outside the perimeter is a recipe for disaster." * Executives at Cisco and Zscaler said the biggest gains show up in how the models handle complexity, including analyzing large codebases, identifying vulnerabilities and linking them together for full attack plans. * Cisco, which is testing both models, found they can "chain together vulnerabilities to build an exploit chain," said Anthony Grieco, the company's chief security and trust officer. * Dhawal Sharma, executive vice president of AI security at Zscaler, said that the models are already uncovering issues "humans have not found for years, decades" and that "AI can facilitate lateral movement at lightning speed." Between the lines: New research and early user testing suggest the models are at the tipping point in their ability to not just find flaws, but validate and exploit them. * Anthropic's Mythos Preview completed 73% of all expert-level cybersecurity tasks in testing by the U.K.'s AI Security Institute and was the first model to complete a 32-step simulated attack, from initial reconnaissance to full network takeover in some runs. * OpenAI's model stands out not just for finding bugs, but for quickly testing and generating working exploits, said Isaac Evans, CEO of Semgrep, which received an OpenAI grant to evaluate the system. * "The model can cut through its own hallucinations in a way previous generations couldn't," Evans said while describing an internal case where it proved a supposed false positive was actually a real vulnerability. * Socket, another grant recipient, said in a blog post that OpenAI's model identified a malicious package tied to the Axios JavaScript library hack in six seconds. Zoom in: Cisco and Zscaler are already using the models internally to scan products and systems for vulnerabilities, with plans to integrate them into customer-facing tools like threat intelligence and red teaming. * But the tools still depend on experienced operators. At Cisco, the models work best when "you marry them with a mature organization, mature red teamers and a harness," Grieco said. Yes, but: Running these models requires a lofty token budget that not all companies -- or even attackers -- have. In some tests, the U.K. AI Security Institute used a 100-million-token budget. What to watch: Anthropic CEO Dario Amodei told the Financial Times he expects open-source models and Chinese developers to be able to replicate Mythos' cyber capabilities within six to 12 months.

Mythos: are fears over new AI model panic or PR? - podcast

Earlier this month the AI company Anthropic said it had created a model so powerful that, out of a sense of responsibility, it was not going to release it to the public. Anthropic says the model, Mythos Preview, excels at spotting and exploiting vulnerabilities in software, and could pose a severe risk to economies, public safety and national security. But is this the whole story? Some experts have expressed scepticism about the extent of the model's capabilities. Ian Sample hears from Aisha Down, a reporter covering artificial intelligence for the Guardian, to find what the decision to limit access to Mythos reveals about Anthropic's strategy, and whether the model might finally spur more regulation of the industry.

German banks examine risks of Anthropic's Mythos with authorities

FRANKFURT, April 16 (Reuters) - German banks and national authorities are examining risks around Anthropic's new artificial intelligence model, an official said on Thursday, amid concerns that it could fuel cyberattacks. Kolja Gabriel, a member of the executive board at the German Banking Association, told Reuters that the group was consulting with cyber experts at its member banks as well as Germany's finance ministry and other authorities. Anthropic's Mythos is seen by cybersecurity experts as posing significant challenges to the banking ⁠sector and its legacy technology systems, raising alarm bells among regulators in Britain and the United States. "Mythos is being used in a controlled manner by IT security firms to close potential vulnerabilities as quickly as possible. We expect a series of software updates shortly and are closely monitoring developments," Gabriel, who is responsible for technology and innovation, said in an emailed statement. The talks also involve the Bundesbank and Germany's financial watchdog BaFin. The finance ministry declined to comment, ⁠while the central bank did not immediately respond to a request for comment. BaFin said that there are regular exchanges with relevant national, European and international stakeholders. "Financial firms must be prepared for the possibility that vulnerabilities could be discovered in the ⁠near future, which would then need to be addressed promptly and quickly," BaFin said in a statement. Reuters reported on Thursday that European Central Bank supervisors are set to ⁠quiz bankers about the risks of Mythos. Anthropic has said its current iteration, Claude Mythos Preview, will not be made generally available and has instead ⁠announced Project Glasswing. It invited major tech companies, cybersecurity vendors and JPMorgan Chase (JPM.N), opens new tab, along with several dozen other organizations, to privately evaluate this model and prepare defences accordingly. Reporting by Tom Sims; Editing by Alexander Smith Our Standards: The Thomson Reuters Trust Principles., opens new tab * Suggested Topics: * Cybersecurity * Data Privacy * Regulatory Oversight Tom Sims Thomson Reuters Covers German finance with a focus on big banks, insurance companies, regulation and financial crime, previous experience at the Wall Street Journal and New York Times in Europe and Asia.

Business - Mythos shock - is AI taking cybersecurity risks to new levels?

One of your browser extensions seems to be blocking the video player from loading. To watch this content, you may need to disable it on this site. Governments and regulators are assessing potential implications and urging critical sectors to beef up their defences after a powerful new AI model sent shockwaves around the world. Mythos showed the ability to find previously undetected bugs and to exploit the vulnerabilities by itself, prompting its developer Anthropic to decide not to release it to the general public. Aleksandr Yampolskiy, Co-founder and CEO of SecurityScorecard, explains the inflection point the new AI model brings.

Finance leaders warn over Mythos as UK banks prepare to use powerful Anthropic AI tool

Release of new Claude model, so far limited to US firms, will expand to British institutions in coming days British banks will be given access in the next week to a powerful AI tool that was deemed too dangerous to be released to the public, as a series of senior finance figures warned over its impact. Anthropic, which has so far limited the release of the new model to a small clutch of primarily US businesses, including Amazon, Apple and Microsoft, said it would expand that to UK financial institutions in the coming days. "That is in the very near term, in the next week," Pip White, Anthropic's head of UK, Ireland and northern Europe operations, said in a Bloomberg TV interview. "As you would expect, the engagement I have had from UK CEOs in the last week has been significant." Anthropic, which is the company behind the Claude family of AI tools, has said that its latest model, Mythos, poses an unprecedented risk because of its ability to expose flaws in IT systems. "AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities," Anthropic said in a blogpost earlier this month. "The fallout - for economies, public safety, and national security - could be severe." Finance ministers, executives and regulators have discussed the potential threats as they gathered in Washington this week for the IMF and World Bank spring meetings, while also handling concerns over the global ramifications spilling over from the US-Israeli war with Iran. The Canadian finance minister, François-Philippe Champagne, told the BBC: "Certainly it is serious enough to warrant the attention of all the finance ministers ... The difference with the strait of Hormuz is that we know where it is and we know how large it is. "The issue that we're facing with Anthropic is that it's an unknown unknown. It requires a lot of attention so that we have safeguards, and we have processes in place to make sure that we ensure the resiliency of our financial system." Andrew Bailey, the governor of the Bank of England who also chairs the Financial Stability Board of global regulators, said: "It is a very serious challenge for all of us. It reminds us how fast the AI world moves." However, he said regulators were having to consider whether, and how hard, to clamp down on the technology, as governments seek to reap AI's economic rewards. "What is the optimum moment to frame the rules of the road?" Bailey asked. "If you go too early you a) risk missing the target and b) you risk distorting the evolution, and if you go too late things can get out of control." The European Central Bank's president, Christine Lagarde, said: "The development we've seen with Anthropic and Mythos is a good example of a responsible company that is suddenly thinking: 'Ah, that could be really good' - but if it falls in the wrong hands, it could be really bad. "Everybody is keen to have a framework within which to operate," Lagarde told Bloomberg TV. But she added: "I don't think there is a governance framework that is there to actually mind those things. We need to work on that."

ECB to Scrutinize Anthropic's Mythos on Call With Executives

The European Central Bank is convening a call with the chief risk officers of eurozone lenders to discuss the potential threats from Anthropic's new artificial intelligence model, as officials look to understand the technology's potential to exploit vulnerabilities in financial systems. The ECB will host a call with banks later this week to canvass them on their assessment of the risks from the Mythos model, according to people familiar with the matter. Treasury Secretary Scott Bessent last week called Wall Street bosses to a meeting on the potential threats from the as-yet-unreleased product, which could herald a new era of cyber attacks. Anthropic's Mythos to Be Available to UK Banks Within 'Next Week' Video Player is loading. Mute Current Time 0:00 Loaded: 0% 1x Playback Rate * captions off, selected Share Sorry, something went wrong Check your internet connection or refresh the page. Try Again Ad0:00 Authorities in the US have been given access to Mythos so they can interrogate its capabilities, as have some companies including banks such as Goldman Sachs Group Inc., which said it is "working closely" with Anthropic and "supplementing" its existing cyber defences to deal with potential threats. Anthropic is planning to release its closely watched Mythos artificial intelligence model to some UK financial institutions in the coming week, Pip White, Anthropic's head for the UK, Ireland and northern Europe, said in an interview Thursday on Bloomberg Television. European banks and officials are awaiting similar access, though several told Bloomberg they were hopeful of gaining insights into Mythos' capabilities informally from discussions at this week's meetings of the World Bank and International Monetary Fund. One person said the call could be an opportunity to share such intelligence. The ECB declined to comment. In an interview with Bloomberg Television on Tuesday, ECB president Christine Lagarde this week praised Anthropic for restricting the release of Mythos until safeguards can be considered. "The development we've seen with Anthropic and Mythos is a good example of a responsible company that is suddenly thinking, ah, that could be really good -- but if it falls in the wrong hands, it could be really bad," she said.

Anthropic's Mythos to bolster cybersecurity at UK banks

SiliconRepublic.com has asked Anthropic whether Irish financial institutions will take part in Project Glasswing. Anthropic will release Mythos to UK financial institutions within the next week, said the company's UK, Ireland and Northern Europe head Pip White. White, in an interview with Bloomberg, said that Project Glasswing is coming to the UK "in the next week". "The engagement I have had from UK CEOs in the last week has been significant," she said. White was appointed to the role last November. Anthropic's newest model Mythos vastly outperforms others in vulnerability detection and exploitation. The model was launched as part of a limited release earlier this month, with access granted to big businesses and financial organisations to bolster their security. The company's approach to launch Mythos in a controlled fashion has been called "responsible" by the Irish National Cyber Security Centre (NCSC). Involved parties include Amazon Web Services, Apple, Google, Microsoft, Nvidia, JP Morgan Chase, Goldman Sachs and Morgan Stanley among others. SiliconRepublic.com has reached out to Anthropic, AIB and the Bank of Ireland to query a potential Mythos deployment within financial institutions in Ireland. Soon after the model's launch, US authorities warned Wall Street leaders to take Mythos seriously, while top Canadian financial institutions and state agencies gathered to discuss cybersecurity risks raised by it. Similar discussions commenced in the UK and Germany. Meanwhile, an Oireachtas Joint Committee on AI earlier this week heard on the dangers that Mythos poses for the future of cybersecurity. "In five months - six months - it'll be in the hands of an active state [actor]," Richard Browne, the director of the NCSC said. "Governance is great, very important, but it doesn't stop criminal actors." "The issue is not that Anthropic has created this. The issue is that Anthropic has demonstrated that this is possible," he said. The Claude-maker will be creating 200 new jobs in Dublin by 2027 as its premises in the city expands. Following Mythos, OpenAI, this week, has said that it will only allow select verified users access to its latest AI model for cybersecurity operations. The cyber-specific version of GPT-5.4 lowers the refusal boundary for "legitimate" cybersecurity work, the company said. Don't miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic's digest of need-to-know sci-tech news.

ECB to warn bankers about new Anthropic model risks, source says

FRANKFURT, April 15 (Reuters) - European Central Bank supervisors are set to warn bankers about the risks posed by Anthropic's new artificial intelligence model that might supercharge cyberattacks, one source familiar with the situation told Reuters. Anthropic's Mythos is seen by cybersecurity experts as ⁠posing significant challenges to the banking industry and its legacy technology systems, raising alarm bells among regulators in Britain and the United States. ECB supervisors are gathering information about the model, with a view to discussing this new possible source of risk ⁠with banks on their watch, said the source who spoke on condition of anonymity because they are not authorised ⁠to comment publicly on the matter. Unlike in the U.S., this will be done via the ⁠ECB's regular dialogue with bank staff and no ad-hoc meeting with ⁠top management has been scheduled yet. An ECB spokesperson declined to comment. Reporting by Francesco Canepa; Editing by Emelia Sithole-Matarise Our Standards: The Thomson Reuters Trust Principles., opens new tab

Anthropic says will put AI risks 'on the table' with Mythos model

Paris (France) (AFP) - American AI developer Anthropic plans to "lay the risks out on the table" even as it restricts deployment of a new model dubbed Mythos, whose powerful cybersecurity capabilities raise stark questions for companies and governments. "We have a model that's beginning to outstrip human capabilities in the cyber world," Anthropic's Paris-based chief of relations with startups and tech firms Guillaume Princen told AFP in an interview. Mythos is "capable of spotting security holes that have existed for decades, in systems tested by both human experts and automated tools, that have never been discovered before," he added. Anthropic has delayed a general release of Mythos, sharing it first with a few dozen key American tech and financial services players -- such as Nvidia, Amazon, Apple and JP Morgan Chase -- to allow them to test and improve their security infrastructure. But the company has also been accused of overhyping the powers of a technology which is its stock in trade -- and the subject of fierce competition with rival OpenAI. The Mythos news broke as rumours grow that Anthropic will list on the stock market this year. Safety first? "We prefer to be transparent and lay these risks out on the table," Princen said, adding that AI safety concerns are "central to Anthropic's DNA". "We don't have all the answers, this has to be a conversation between tech actors like us who have the data, the academic world, the political world and the world of economists," he added. Mythos' reported capabilities have unsettled the American financial sector and the European Union, which requested more information from Anthropic. In an open letter to businesses, the British government said that Mythos "highlights the speed at which AI capabilities are increasing and the threats they potentially pose". No European company is part of Anthropic's "Project Glasswing" consortium for shoring up cyber defences using Mythos' findings. That has raised questions about how prepared the rest of the world will be for the offensive capabilities of US-owned AI. Mythos is "certainly not a model that will soon be opened to the public at large, for obvious reasons," Princen said. Anthropic is nevertheless "thinking about the next waves of opening up," he added. European growth Europe is the region where Anthropic sees the fastest growth. Its Claude Code software development tool generates around $2.5 billion in annualised revenue -- a figure based on extrapolating from a few recent weeks of sales. Much of that expansion comes from "European firms riding the wave" of AI, Princen said. The company has opened offices in Dublin, London, Paris and Munich, and wants to keep investing across the continent. "We go where the demand is," Princen said, pointing to partnerships with European firms like Swedish coding startup Lovable or Danish pharma company Novo Nordisk. Relatively unknown to the wider public until recently, Anthropic was founded in 2021 by former OpenAI staff and makes around 80 percent of its revenue from business-to-business sales. The company and its Claude chatbot surged in prominence in late February, when bosses refused to allow its AI tools to be used by the Pentagon for mass surveillance of American citizens or fully autonomous weapons. The Trump administration responded by designating Anthropic a so-called "supply chain risk" to national security -- a decision being contested in multiple legal cases. In legal documents seen by AFP, Anthropic finance chief Krishna Rao warned that Washington's move could cost the firm multiple billions in revenue this year. On the other hand, "there are a lot of people who started using Claude precisely because of the position we took on that question," Princen said. Anthropic said in early April that it had tripled its annualised revenues quarter-on-quarter to over $30 billion -- outpacing OpenAI for the first time.

Explainer-What Do We Know About Anthropic's Mythos Amid Rising Concerns?

April 20 (Reuters) - Anthropic earlier this month debuted Mythos, ⁠its ⁠most advanced AI model to date, ⁠equipped with sophisticated capabilities and designed for defensive cybersecurity tasks. Mythos' vast capabilities have sparked fears about the threat to traditional software security after the AI startup said the preview had uncovered "thousands" of major vulnerabilities in "every major operating system and web browser." HOW WAS THE MODEL LAUNCHED AND WHO HAD ⁠ACCESS TO IT? Anthropic ⁠has rolled out Claude Mythos Preview through a controlled initiative called "Project Glasswing", granting access to tech majors including Amazon, Microsoft, Nvidia and Apple. The company also extended access to a group of more than 40 additional organizations that build or maintain critical software infrastructure. WHAT ARE THE CONCERNS AROUND MYTHOS? Experts warned that the model can identify and exploit previously unknown vulnerabilities faster than ⁠companies ⁠can repair them. Its advanced coding ⁠and autonomous capabilities could dramatically accelerate sophisticated cyberattacks, particularly in sectors such as banking that rely on complex, interconnected and often decades-old ⁠technology systems, they have said. While debuting Mythos, Anthropic said the model's ability to find software flaws at scale could, if misused, pose serious risks to economies, public safety and national security. U.S. software stocks tumbled on April 9 after the Mythos launch on April 7 reignited fears that ⁠advances in AI could disrupt traditional firms. WHAT HAS THE WHITE HOUSE AND REGULATORS SAID ⁠ABOUT MYTHOS? The White House has held discussions with Anthropic CEO Dario Amodei about Mythos, with officials saying they talked about collaboration, cybersecurity and balancing AI innovation with safety. The talks were held despite the Pentagon slapping a formal supply-chain risk designation on Anthropic. The U.S. government is planning to make a version of Mythos available to major federal agencies, Bloomberg News has reported. Reuters reported that U.S. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell held a meeting with CEOs of major U.S. banks ⁠to brief them on the potential risks from the model. The model also raised alarm bells in Britain, with authorities holding talks with major banks and cybersecurity officials to assess possible risks. Banks are in close contact with their European regulators regarding Mythos, Christian Sewing, president of the German banking association and CEO of Deutsche Bank, said. (Reporting by Harshita Mary Varghese in Bengaluru)

Anthropic Plans to Bring Mythos to UK Banks Within the Next Week

Anthropic PBC is planning to release its closely watched Mythos artificial intelligence model to UK financial institutions in the coming week. The tech company is gradually expanding "Project Glasswing," a program to give select organizations early access to the AI, after discovering that the model is a powerful tool for spotting and potentially exploiting cybersecurity vulnerabilities. "That is in the very near term, in the next week," said Pip White, Anthropic's head for the UK, Ireland and northern Europe, in an interview on Bloomberg Television. "As you would expect, the engagement I have had from UK CEOs in the last week has been significant." Anthropic said earlier this month that it would limit the release of the AI model to give cybersecurity professionals a chance to test it against their own defences. According to Anthropic, Mythos testing has already found thousands of "zero-day" vulnerabilities during testing, including in every major operating system and every major web browser. The initial group in the Glasswing program included large tech companies: Amazon.com Inc., Apple Inc., Microsoft Corp., Cisco Systems Inc. Soon after Glasswing was announced, US Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell summoned Wall Street leaders for an urgent discussion about Anthropic's Mythos and similar AI models. The lack of access and limited knowledge about the capabilities of the model has sparked concerns among banks and government agencies. Bank of England Governor Andrew Bailey said on Tuesday that global regulators need to rapidly evaluate the threat posed by Anthropic's model. "We are putting our own safeguards and our own limitations around this product because we know how powerful it can be," White said. The UK's AI Security Institute said on Wednesday that it had access. The government-backed institution in charge of evaluating AI risks found that the model was "a step up over previous frontier models" in simulating multistep cyber attacks. White also said Anthropic plans to open a London office in the first quarter of next year. The company, which has around 200 employees in London, said the new office will give them the capacity for 800.

What do we know about Anthropic's Mythos amid rising concerns?

Anthropic unveiled Mythos, a powerful AI for cybersecurity. This advanced model can find thousands of software flaws. Concerns are rising that it could speed up cyberattacks. Governments and banks are discussing potential risks. The US plans to make a version available to federal agencies. Authorities in Britain and Europe are also assessing the impact. Anthropic earlier this month debuted Mythos, its most advanced AI model to date, equipped with sophisticated capabilities and designed for defensive cybersecurity tasks. Mythos' vast capabilities have sparked fears about the threat to traditional software security after the AI startup said the preview had uncovered "thousands" of major vulnerabilities in "every major operating system and web browser." How was the model launched and who had access to it? Anthropic ⁠has ⁠rolled out Claude Mythos Preview through a controlled initiative called "Project Glasswing", granting access to tech majors including Amazon, Microsoft, Nvidia and Apple. The company also extended access to a group of more than 40 additional organizations that build or maintain critical software infrastructure. What are the concerns around Mythos? Experts warned that the model can identify and exploit previously unknown vulnerabilities faster than companies can repair them. Its advanced coding and autonomous capabilities could ⁠dramatically accelerate sophisticated cyberattacks, particularly in sectors such as banking that rely on complex, interconnected and often decades-old technology systems, they have said. While debuting Mythos, Anthropic ⁠said the model's ability to find software flaws at scale could, if misused, pose serious risks to economies, public safety and national security. U.S. software stocks tumbled on April 9 after the Mythos launch on April 7 reignited fears that advances in AI could disrupt traditional firms. What has the White House and regulators said about Mythos? The White House has held discussions with Anthropic CEO Dario Amodei about Mythos, with officials saying they talked about collaboration, cybersecurity and balancing AI innovation with safety. The talks were held despite the Pentagon slapping a formal supply-chain risk designation on Anthropic. The U.S. government is planning to make a version of ⁠Mythos available to major federal agencies, Bloomberg News has reported. Reuters reported that U.S. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell held a meeting with CEOs of major U.S. banks to brief them on the potential risks from the model. The model also raised alarm bells in Britain, with authorities holding talks with major banks and cybersecurity officials to assess possible risks. Banks are in close contact with their European regulators regarding Mythos, Christian Sewing, president of the German banking association and CEO of Deutsche Bank, said.

UK banks to to gain access to Anthropic cybersecurity model within the nex week

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community. The release by Anthropic of its AI model Mythos has sparked panic among banks and financial regulators after the company claimed to have found severe zero-day vulnerabilities in every in every major operating system and web browser. The firm has already begun to release the code to some of Wall Street's elite firms after interventions by the US Treasury and Federal Reserve. In the UK, the FCA, HM Treasury, and the National Cyber Security Centre have held talks with banks over the potential danger to critical infrastructure exposed by Mythos. In an interview with Bloomberg, Pip White, Anthropic's head of Emea, says: "The engagement that I've had from CEOs in the past week in the UK has been significant," confirming that UK banks will be able to get their hands on the product in a controlled manner within the coming week.

German banks examine risks of Anthropic's Mythos with authorities - The Economic Times

German banks and authorities are scrutinizing Anthropic's new AI model, Mythos. Experts warn it could boost cyberattacks, posing challenges to banking systems. Regulators in Britain and the United States are also concerned. Anthropic is working with tech firms and banks to prepare defenses for future vulnerabilities. Updates are expected soon.German banks and national authorities are examining risks around Anthropic's new artificial intelligence model, an official said on Thursday, amid concerns that it could fuel cyberattacks. Kolja Gabriel, a member of the executive board at the German Banking Association, told Reuters that the group was consulting with cyber ⁠experts ⁠at its member banks as well as Germany's finance ministry and other authorities. Anthropic's Mythos is seen by cybersecurity experts as posing significant challenges to the banking sector and its legacy technology systems, raising alarm bells among regulators in Britain and the United States. "Mythos is being used in a controlled manner by IT security firms ⁠to close potential vulnerabilities as quickly as possible. We expect a series of software updates shortly and are closely monitoring ⁠developments," Gabriel, who is responsible for technology and innovation, said in an emailed statement. The talks also involve the Bundesbank and Germany's financial watchdog BaFin. The finance ministry declined to comment, while the central bank did not immediately respond to a request for comment. BaFin said that there are regular exchanges with relevant national, European and international stakeholders. "Financial firms must be prepared for the possibility that vulnerabilities could be discovered in the near future, which would then need to be addressed promptly and quickly," BaFin said ⁠in a statement. Reuters reported on Thursday that European Central Bank supervisors are set to quiz bankers about the risks of Mythos. Anthropic has said its current iteration, Claude Mythos Preview, will not be made generally available and has instead announced Project Glasswing. It invited major tech companies, cybersecurity vendors and JPMorgan Chase, along with several dozen other organisations, to privately evaluate this model and prepare defences accordingly.

Anthropic's Mythos Leads Global Bank Regulators to Call For Increased Vigilance | PYMNTS.com

By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions. The latest concerns come from the Asia-Pacific region, Reuters reported Monday (April 20), where regulators said they were tracking the development and potential implications of Mythos. Anthropic said earlier this month that Mythos had uncovered thousands of high-severity vulnerabilities, including flaws in major operating systems and web browsers. Initially, the startup limited access to about 40 companies, including Amazon, Apple and J.P. Morgan Chase, so they can experiment with the model and address weaknesses in their systems. As Reuters noted, the model's capabilities for high-level coding could grant it a potentially unprecedented ability to spot cybersecurity vulnerabilities. A spokesperson for the Australian Securities and Investments Commission (ASIC) told Reuters that it was closely monitoring the use of Mythos along with other regulators to determine possible implications for the Australian market. "ASIC engages closely with other regulators, government agencies and the financial sector to understand and respond to changing technologies," the spokesperson said. The commission added that it expects financial services licensees to "be on the front foot" to protect customers and clients. The Australian Prudential Regulation Authority (APRA), which regulates the country's banks, said it would "continue to assess the implications of these technological advancements to ensure the ongoing safety and resilience of the financial system." Meanwhile, South Korea's Financial Supervisory Service (FSS) said it met with information security officials from financial companies last week to discuss Mythos-related risks. Elsewhere in Asia, Singapore's central bank, the Monetary Authority of Singapore (MAS), said advances in AI could accelerate the discovery and exploitation of software vulnerabilities in information technology systems. "Financial institutions need to redouble efforts to strengthen their security defences, proactively identify and close vulnerabilities, and raise vigilance on cyber hygiene, including timely security patching," it said. MAS added that it was coordinating with the Cyber Security Agency of Singapore to protect critical infrastructure operators. These statements follow similar warnings in Europe, Great Britain and the U.S., where the Treasury Department has sought access to Mythos. As PYMNTS wrote last week, statements such as these show the "split-screen reality" around Anthropic in the wake of Mythos' release. "The company is gaining traction fast in the enterprise market even as regulators and banks scramble to understand the risks that come with more powerful AI tools," that report said.

Korean financial firms brace for AI-driven cyber risks from Mithos - The Korea Times

The Anthropic logo is seen in this illustration from March 1. Reuters-Yonhap Financial authorities and industry players have stepped up vigilance following reports that Mithos, a next-generation artificial intelligence (AI) model developed by U.S. firm Anthropic, can independently detect and exploit security flaws, officials said Friday. While the reports have prompted swift responses from governments and corportations worldwide, concerns are particularly acute in the financial sector, where highly interconnected systems handling payments, transfers and asset management could be severely disrupted if compromised. Experts warn that the risk is amplified by the structure of financial IT environments, in which advanced technologies coexist with decades-old legacy systems, leaving potential gaps in security. "The risks span the entire IT stack, as vulnerabilities could emerge not only in installed applications but also at the operating system level," a financial industry official said. "Despite differences in network environments, Korea cannot be considered immune, given its heavy reliance on foreign-developed software." Anthropic recently unveiled Claude Mithos Preview, an autonomous agent-based model believed to be capable of dissecting complex software structures, pinpointing security weaknesses and charting its own paths for infiltration. It has reportedly identified a design flaw in security-focused operating system OpenBSD that had remained undiscovered for 27 years, and used it to execute a denial-of-service attack. This suggests the model has evolved beyond a supportive coding tool into one capable of independently carrying out cyberattacks. Amid escalating cyber threats, Korea's financial sector is moving to strengthen its defenses by advancing AI-driven threat detection, conducting comprehensive vulnerability assessments and upgrading real-time monitoring systems. The Financial Services Commission (FSC), the country's top financial regulator, held an emergency review meeting Wednesday led by Vice Chairman Kwon Dae-young, bringing together senior officials from the Financial Supervisory Service and Financial Security Institute, along with chief information security officers from major banking and insurance institutions, to coordinate a unified response. "Korea is actively engaging in international discussions to align regulatory standards and is formulating comprehensive countermeasures," an FSC official said. The Ministry of Science and ICT has also stepped up its response, launching a comprehensive review of AI cybersecurity preparedness earlier this week. The ministry has held a series of emergency meetings involving the country's three major telecommunications carriers -- SK Telecom, KT and LG Uplus -- as well as leading platform companies such as Naver and Kakao, and key players in the information security sector. ICT Minister Bae Kyung-hoon stressed the need to reinforce national cyber defenses, warning that both corporate systems and critical infrastructure must be protected from emerging threats. "Advancing the domestic cybersecurity ecosystem will require close coordination between the public and private sectors," he said. The sense of urgency is mirrored globally. In the United States, the U.S. Department of the Treasury and the Federal Reserve have recently convened top executives from major banks to discuss response strategies. Leading financial institutions, including Goldman Sachs, Citigroup, Bank of America and Morgan Stanley, are reportedly seeking early access to the Mithos model to better understand its capabilities and strengthen their defenses. Authorities in Canada and the United Kingdom have also begun assessing the potential risks to their financial systems. Amid mounting concerns over misuse, Anthropic has decided against a full public release of Mithos. Instead, the company plans to limit access to a select group of major technology firms and vetted organizations, aiming to reduce the risk of the technology being exploited for malicious purposes.

Anthropic Briefs EU Regulators on Mythos Cybersecurity Concerns | PYMNTS.com

European Commission spokesman Thomas Regnier shared this news with reporters, saying the AI model comes with risks, and the EU needs information about those risks, according to the report. "We're reaching out to the platform, to Anthropic," Regnier said, per the report. "We have received certain information." Reuters reported Friday (April 17) that Regnier said the European Commission and Anthropic are discussing the company's AI models, including its cybersecurity ones, and that Anthropic has committed to the EU's general purpose AI code of practice. "In this framework, there is an obligation to assess and mitigate risks that could come from a service that may or may not be offered in Europe," Regnier told reporters, per the report. It was reported April 7 that Anthropic unveiled a program called Project Glasswing that will allow select partners to gain early access to Claude Mythos Preview. Mythos is being positioned specifically for defensive cybersecurity work, and the initiative is meant to allow partners to identify vulnerabilities and strengthen systems before threats can be exploited. In its announcement of Project Glasswing, Anthropic said the company "has also been in ongoing discussions with US government officials about Claude Mythos Preview and its offensive and defensive cyber capabilities." Thursday's report from Agence France-Presse said that no non-U.S. entities were included among the 40 major tech companies to which Anthropic offered early access to Mythos. It was reported Thursday that government officials and bankers outside the U.S. are concerned that they may not receive the same information sharing as their American counterparts when it comes to Mythos. Canada's Finance Minister Francois-Philippe Champagne told Bloomberg Wednesday that he wants to raise the issue of Mythos with his counterparts and that: "We have a common interest to ensure the resiliency of our financial system." It was reported Wednesday that Anthropic is ready to begin offering Mythos to British banks, expanding Project Glasswing to provide more organizations with early access to the AI model.

EU in talks with Anthropic over risks of AI model Mythos - The Economic Times

The EU said Thursday it is in discussions with US AI firm Anthropic over concerns about the capabilities of its latest model, which the company itself worries could be a boon for hackers. But no foreign entities were included, raising concerns about the world's preparedness for a model whose offensive capabilities would not stop at US borders.The EU said Thursday it is in discussions with US AI firm Anthropic over concerns about the capabilities of its latest model, which the company itself worries could be a boon for hackers. Anthropic's new model, Claude Mythos, has proven keenly adept at exposing software weaknesses, pushing the company to postpone full release. "We have a new AI model that is being released. It comes with a certain number of risks. We need information when it comes to these risks," European Commission spokesman Thomas Regnier told reporters. "We're reaching out to the platform, to Anthropic. We have received certain information," Regnier added, confirming that a first meeting took place Wednesday and more would follow. Anthropic said earlier this month it restricted the release of Mythos to just 40 major tech players to give firms a head start in fixing vulnerabilities before they could be exploited by attackers. But no foreign entities were included, raising concerns about the world's preparedness for a model whose offensive capabilities would not stop at US borders. According to Anthropic and partners, Mythos can autonomously scan vast amounts of code to find and chain together previously unknown security vulnerabilities in all kinds of software, from operating systems to web browsers. Crucially, they warn, this can be done at a speed and scale no human could match, meaning it could be used to bring down banks, hospitals or national infrastructure within hours. Anthropic's announcement has encountered a mix of alarm and scepticism, with some pointing out the firm -- one of several contenders in a fierce artificial intelligence race -- stood to gain from the hype. But the heads of America's biggest banks reportedly met this month with Federal Reserve Chairman Jerome Powell and Treasury Secretary Scott Bessent to weigh the security implications of the yet-to-be released model.

What do we know about Anthropic's Mythos amid rising concerns?

Anthropic earlier this month debuted Mythos, its most advanced AI model to date, equipped with sophisticated capabilities and designed for defensive cybersecurity tasks. Mythos' vast capabilities have sparked fears about the threat to traditional software security after the AI startup said the preview had uncovered "thousands" of major vulnerabilities in "every major operating system and web browser." Anthropic has rolled out Claude Mythos Preview through a controlled initiative called "Project Glasswing," granting access to tech majors including Amazon, Microsoft, Nvidia and Apple. The company also extended access to a group of more than 40 additional organizations that build or maintain critical software infrastructure. Experts warned that the model can identify and exploit previously unknown vulnerabilities faster than companies can repair them. Its advanced coding and autonomous capabilities could dramatically accelerate sophisticated cyberattacks, particularly in sectors such as banking that rely on complex, interconnected and often decades-old technology systems, they have said. While debuting Mythos, Anthropic said the model's ability to find software flaws at scale could, if misused, pose serious risks to economies, public safety and national security. U.S. software stocks tumbled on April 9 after the Mythos launch on April 7 reignited fears that advances in AI could disrupt traditional firms. The White House has held discussions with Anthropic CEO Dario Amodei about Mythos, with officials saying they talked about collaboration, cybersecurity and balancing AI innovation with safety. The talks were held despite the Pentagon slapping a formal supply-chain risk designation on Anthropic. The U.S. government is planning to make a version of Mythos available to major federal agencies, Bloomberg News has reported. Reuters reported that U.S. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell held a meeting with CEOs of major U.S. banks to brief them on the potential risks from the model. The model also raised alarm bells in Britain, with authorities holding talks with major banks and cybersecurity officials to assess possible risks. Banks are in close contact with their European regulators regarding Mythos, Christian Sewing, president of the German banking association and CEO of Deutsche Bank, said.

Financial Officials Sound Alarm About Anthropic's Banking Risk | PYMNTS.com

By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions. The FT reports that Bank of England Governor Andrew Bailey, who chairs the Financial Stability Board, called the issue "a very serious challenge for all of us" and said regulators need to move quickly to assess the threat. The core fear is that models such as Mythos may be able to identify and chain together software vulnerabilities at a speed and scale beyond human capability, shifting the balance between attackers and defenders. Anthropic said earlier this month that Mythos had found thousands of high-severity vulnerabilities, including flaws in major operating systems and web browsers. So far, the company has reportedly limited access to about 40 companies, including Amazon, Apple and J.P. Morgan Chase, so they can test the model and address weaknesses in their systems. The FT's broader take is that this is becoming a governance story as much as a technology story. Christine Lagarde, president of the European Central Bank, told Bloomberg TV, as quoted by the FT, that there is no framework in place "to actually mind those things." That captures the tension running through the article. Policymakers do not want to slow a technology with major economic upside, but they also do not want regulation to arrive only after the damage is done. The FT also notes that some officials doubt a coordinated global response will come easily, given geopolitical strains and uneven access to the new model outside the U.S. Recent PYMNTS coverage of Anthropic has tracked that same push and pull. PYMNTS reported that the Treasury Department wants access to Anthropic's Mythos, a sign that U.S. officials want a closer look at how the model works and what vulnerabilities it can uncover. PYMNTS also reported that Anthropic is ready to offer Mythos to British banks and that the Bank of England is probing AI threats to U.K. financial stability. At the same time, PYMNTS has covered Anthropic's commercial momentum, including how the company hit a $30 billion run rate as enterprise demand accelerated. Together, those stories show the split-screen reality around Anthropic right now. The company is gaining traction fast in the enterprise market even as regulators and banks scramble to understand the risks that come with more powerful AI tools.

Anthropic's Mythos shows need to 'come to grips' with AI risks: BoC governor

Bank of Canada Governor Tiff Macklem says global financial systems need to "come to grips" with the risks posed by rapid advances in artificial intelligence models like Anthropic's Mythos. Developer Anthropic claims the upcoming Mythos model of its Claude AI is capable of quickly detecting long-hidden cybersecurity vulnerabilities, news which has made major financial market players and regulators anxious about the technology's disruptive potential. The Bank of Canada gathered representatives from big banks and financial agencies last week to discuss the risks Mythos poses for the Canadian financial system. Macklem says while there's been a fair amount of discussion about Mythos on the sidelines of the International Monetary Fund's spring meetings in Washington, no one knows yet the full implications of this latest AI advance. He says Mythos is not a one-off event and the nature of AI development means firms, regulators and policy-makers need to grapple with how these rapidly evolving technologies will affect the integrity of financial systems in Canada and around the world. Finance Minister Francois-Philippe Champagne was also in Washington for the IMF meetings and told reporters earlier in the day that Mythos has become a "test case" for how governments prepare for and react to new technologies.

Global Finance Chiefs Call for Mythos Information Sharing | PYMNTS.com

It is not known how much detail Anthropic is sharing about the unreleased AI model with people outside the U.S., according to the report. One American leader of a European bank told Bloomberg that they had been promised a briefing on Mythos. Canada's Finance Minister Francois-Philippe Champagne told Bloomberg Wednesday (April 15) that he wants to raise the issue of Mythos with his counterparts and that: "We have a common interest to ensure the resiliency of our financial system." Two unnamed sources told Bloomberg that at a Wednesday meeting of Group of Seven (G7) finance chiefs, officials discussed the need for an international institutional framework for the governance of AI, though the next steps are unclear. Several European officials said they are encouraging their U.S. peers to share information, per the report. Sweden's Finance Minister Elisabeth Svantesson told Bloomberg that AI will be a topic at an "early-warning meeting" that is bringing together center bankers and ministers Thursday. European Central Bank President Christine Lagarde told Bloomberg Television Tuesday (April 14), speaking of Mythos: "If it falls in the wrong hands, it could be really bad." It was reported April 7 that Anthropic unveiled a program called Project Glasswing that will allow select partners to gain early access to "Claude Mythos Preview" so that they can identify vulnerabilities and strengthen systems before threats can be exploited. When announcing the initiative, the company said it has also been in discussions with U.S. government officials about the AI model and its cyber capabilities. "We are hopeful the Project Glasswing can seed a larger effort across industry and the private sector, with all parties helping to address the biggest questions around the impact of powerful models on security," Anthropic said in the announcement. It was reported Thursday that Anthropic is ready to expand Project Glasswing by beginning to offer Mythos to British banks so that they can test the AI model ahead of its release.

Is Anthropic's new AI tool too dangerous?

STORY: Tech firm Anthropic says its new AI model Mythos could be too dangerous to be released to the public. Designed for defensive cybersecurity tasks, the company says the unreleased model can find and exploit serious software vulnerabilities at a level approaching and even, in some cases, exceeding human experts. That's sparked fears that the same AI capabilities that could help defenders could also help attackers find new ways into critical systems. :: What are the concerns around Mythos? "This particular tool seems to be more powerful than anything else we've seen before and is able to identify vulnerabilities that others, including humans, have overlooked for decades." Pia Hüsch is a research fellow at the Royal United Services Institute in England. "So if the tool is as good as it seems, then maybe attackers could use it to layer several different layers of vulnerabilities or exploit several sectors in parallel, for example, power and water infrastructure, and then really launch an attack that is more powerful than anything we've seen before." Cybersecurity involves a constant race between those trying to find and fix weaknesses and those trying to exploit them. Mythos signals a significant step forward in that cyber arms race. Industries already feeling vulnerable may now have more cause for alarm. "I think the financial market has been particularly vocal about the fear of what this means to the banking sector, the potential to disrupt banking and processes in financial services. There's also a concern that this could be used by attackers to exploit vulnerabilities and critical infrastructure, which already relies on pretty outdated infrastructure in many cases already." :: How has Anthropic reduced the potential risks? To limit access, Anthropic placed the Mythos in a restricted initiative called Project Glasswing. Project Glasswing brings together companies including Amazon Web Services, Apple, Cisco, CrowdStrike, Google, JPMorgan Chase, Microsoft, NVIDIA, and Palo Alto Networks, as well as more than 40 additional organizations that build or maintain critical software infrastructure. Anthropic says that the purpose of Project Glasswing is to use Mythos to help secure critical software before others weaponize similar capabilities. "The fact that this is one company that has the power to decide now which of its selected partners has access to this really illustrates how powerful these tech companies are. And at the moment it's really unclear who has access to this; and are there any European companies, for example, that have access to the tool. So I think there's many questions that are left unanswered at the moment that add to this hype and this perception of it being an absolute game changer." :: What is next for cybersecurity? The bigger issue may be less whether Mythos alone changes cybersecurity than whether it signals a broader shift. Anthropic says it sees no reason to think Mythos represents a plateau, and says frontier capabilities are likely to advance substantially over the next few months. CEO Dario Amodei in February suggested we may be on the cusp of a new era, where computer thinking surpasses the human intellect. "We're increasingly close to what I've called a country of geniuses in a data center, a set of AI agents that are more capable than most humans at most things and can coordinate at superhuman speed."

Anthropic Ready to Offer Mythos to British Banks | PYMNTS.com

By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions. The artificial intelligence (AI) startup is expanding "Project Glasswing," which offers select organizations early access to the AI, Bloomberg News reported Thursday (April 16). This came after Anthropic learned of Mythos' ability to spot -- and possibly exploit -- weaknesses in cyber defenses, the report added. "That is in the very near term, in the next week," said Pip White, Anthropic's head for the U.K., Ireland and northern Europe, told Bloomberg Television. "As you would expect, the engagement I have had from UK CEOs in the last week has been significant." Earlier this month, Anthropic said it would hold off on releasing Mythos to give cybersecurity experts the opportunity to test it. The company says testing by Mythos has uncovered thousands of "zero-day" vulnerabilities, including within every major web browser and operating system. The Glasswing program, the report added, initially included Big Tech companies like Amazon and Microsoft. After the program was announced, U.S. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened a meeting with Wall Street banks to discuss Mythos and similar AI models. As Bloomberg notes, the lack of knowledge about Mythos has banks and government agencies worried. Bank of England Governor Andrew Bailey said this week that regulators need to rapidly evaluate the threat the model might present. "We are putting our own safeguards and our own limitations around this product because we know how powerful it can be," White said. PYMNTS wrote earlier this week about the contrast between Mythos and OpenAI's newly released GPT-5.4-Cyber. "Both models can find and exploit software vulnerabilities at a scale no human team can match," that report said. "What divides them is a fundamental disagreement about what to do with that power." Rather than assisting security teams, the report continued, Mythos works independently. Assigned a target and given a prompt asking it to spot a vulnerability, the model reads code, forms hypotheses, tests them against a running environment and produces a complete exploit with no additional human input. "Anthropic confirmed that these capabilities weren't explicitly trained into the model," the report said. "They emerged as a downstream consequence of general improvements in code, reasoning and autonomy. The same improvements that make the model more effective at patching vulnerabilities also make it more effective at exploiting them." GPT-5.4-Cyber is designed around a different premise, PYMNTS added. Instead of autonomous operation, it's built to remove the friction that security professionals encounter when employing standard AI tools.

Asia regulators monitor Anthropic's Mythos for potential banking risks

SYDNEY/SINGAPORE, April 20 (Reuters) - Some Asian regulators said on Monday they were monitoring the development and possible implications of Anthropic's frontier AI model Mythos, which has triggered concerns in the U.S. and Europe over its potential use to destabilise banking systems. The vast capabilities of Mythos to code at a high level have given it a potentially unprecedented ability to identify cybersecurity vulnerabilities, prompting global scrutiny. A spokesperson for the Australian Securities and Investments Commission (ASIC) said that it was closely monitoring the usage of Mythos along with other regulators to assess possible implications for the Australian market. "ASIC engages closely with other regulators, government agencies and the financial sector to understand and respond to changing technologies," the spokesperson said. ASIC expects financial services licensees to "be on the front foot" to safeguard customers and clients, they added. The Australian Prudential Regulation Authority (APRA), the country's banking regulator, said it would "continue to assess the implications of these technological advancements to ensure the ongoing safety and resilience of the financial system." South Korea's Financial Supervisory Service (FSS) said it held a meeting with information security officials from financial firms last week to review Mythos-related risks. South Korea's Yonhap news agency reported the Financial Services Commission (FSC) held an emergency meeting on Wednesday with chief information security officers from the FSS, banks and insurers to review the risks, citing unnamed industry sources. The FSC was not immediately available for comment. Separately, Singapore's central bank, the Monetary Authority of Singapore (MAS), said on Monday that advances in artificial intelligence could speed up the discovery and exploitation of software vulnerabilities in information technology systems. "Financial institutions need to redouble efforts to strengthen their security defences, proactively identify and close vulnerabilities, and raise vigilance on cyber hygiene, including timely security patching," it said. MAS said it was coordinating with the Cyber Security Agency of Singapore to support critical infrastructure operators. (Reporting by Scott Murdoch in Sydney, Heekyong Yang in Seoul; Xinghui Kok and Yantoultra Ngui in Singapore; Editing by Jacqueline Wong and Alexander Smith)

ECB to quiz bankers about new Anthropic model risks, source says

FRANKFURT, April 15 (Reuters) - European Central Bank supervisors are set to quiz bankers about the risks posed by Anthropic's new artificial intelligence model that might supercharge cyberattacks, one source familiar with the situation told Reuters on Wednesday. Anthropic's Mythos is seen by cybersecurity experts as posing significant challenges to the banking industry and its legacy technology systems, raising alarm bells among regulators in Britain and the United States. ECB supervisors are gathering information about the model, with a view to asking banks on their watch about their preparedness for this new possible source of risk, said the source who spoke on condition of anonymity because they are not authorised to comment publicly on the matter. Unlike in the U.S., this will be done via the ECB's regular dialogue with bank staff and no ad-hoc meeting with top management has been scheduled yet. An ECB spokesperson declined to comment. Mythos' capabilities to code at a high level have given it a potentially unprecedented ability to identify cybersecurity vulnerabilities and devise ways to exploit them, experts told Reuters. This is why Anthropic has said the current iteration, Claude Mythos Preview, will not be made generally available. Instead, the company announced Project Glasswing, in which it invited major tech companies, cybersecurity vendors and JPMorgan Chase, along with several dozen other organizations, to privately evaluate the model and prepare defences accordingly. TRUMP BACKS AI SAFEGUARDS IN BANKING SYSTEM U.S. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened an urgent meeting with bank chief executives last week to warn them about the risks, which President Donald Trump acknowledged on Wednesday and backed government safeguards. Britain's Technology Secretary Liz Kendall and Security Minister Dan Jarvis sounded a similar warning to businesses on Wednesday, saying Mythos was "substantially more capable at cyber offence" than any model previously tested by the government's AI Security Institute. "A new generation of AI models are becoming capable of doing work that previously required rare expertise: finding weaknesses in software, writing the code to exploit them, and doing so at a speed and scale that would have been impossible even a year ago," they said in an open letter to businesses. Bank of England Governor Andrew Bailey said this week central banks and financial regulators must quickly understand the implications of the new model. The ECB had already listed tech risk as one of its top priorities for 2026-28. (Reporting by Francesco Canepa; Additiional reporting by Paul Sandle in London; Editing by Emelia Sithole-Matarise)