Central banks worldwide engage regulators to assess Mythos cybersecurity risks

India's central bank in talks with global regulators, banks to review Mythos risks, sources say

MUMBAI, April 22 (Reuters) - India's central bank is in talks with global regulators, Indian lenders and government officials to understand the potential risks posed by Anthropic's new artificial intelligence model Mythos, three sources said. The Reserve Bank of India's preliminary assessment - just like that of global regulators - suggests Mythos could pose cybersecurity risks by accelerating the discovery and exploitation of software vulnerabilities, the sources, all familiar with the central bank's thinking, said. Regulators in Asia, Europe and the United States have warned banks to review defences and preparedness. In Japan, the financial watchdog will meet banks this week, while the Australian central bank said it is monitoring Mythos-related developments. RBI officials have over the past ⁠fortnight held consultations on Mythos-related risks with counterparts at the U.S. Federal Reserve and the Bank of England in particular, according to one of the sources. The RBI may seek direct engagement with Anthropic, the sources said. "Globally, we are discussing with other countries and other regulators on what are the developments and what safeguards need to be taken," one of the sources said. India's payment authority, the National Payments Corporation of India (NPCI), is trying to secure early access to Mythos alongside a small number of banks, to identify vulnerabilities and "day‑zero" cyber risks ahead of any broader rollout, this source said. However, such access may not be forthcoming as Anthropic's Mythos systems is ⁠hosted on strictly-controlled servers in the U.S. and running tests on local data in foreign jurisdictions could prove challenging, said a fourth source aware of the matter. Access to Mythos has been limited to a small number of organisations involved in maintaining key digital infrastructure in the U.S. Anthropic plans to provide Mythos access to European banks soon, Reuters reported ⁠earlier this week. Email requests for comment sent to RBI and NPCI were not immediately answered. The RBI is preparing broader guidelines for banks entering enterprise partnerships with advanced AI models, including Mythos and Anthropic's Claude family, as part of a ⁠longer‑term strategy on AI adoption, according to two of the sources. The discussions are at an early stage but the central bank will insist that all analytics based on data of Indian customers complies with RBI's ⁠domestic data localisation, the sources said. The RBI data localization rule, issued in 2018, requires all payment system providers in India to store end-to-end transaction data, including user information and payment messages, exclusively on servers located within India. Reporting by Ashwin Manikandan and Gopika Gopakumar in Mumbai; Editing by Kim Coghill Our Standards: The Thomson Reuters Trust Principles., opens new tab

Australia and New Zealand central banks monitoring Anthropic's Mythos release

SYDNEY, April 22 (Reuters) - The central banks of Australia and New Zealand said on Wednesday they were monitoring the release of Anthropic's advanced Mythos artificial intelligence model, joining authorities around the world in expressing concerns about the new cybersecurity risks it poses. Designed for defensive cybersecurity tasks, Mythos' vast capabilities have sparked fears about the threat to traditional software security, after Anthropic said a preview had uncovered "thousands" of major vulnerabilities in "every major operating system ⁠and web browser." Experts have also warned that the model can identify and exploit previously unknown vulnerabilities faster than companies can fix them. The Reserve Bank of Australia said in a statement it was closely monitoring the development and was "engaging with peer regulators, government and regulated entities." The Reserve Bank of New Zealand said it was also in contact with other regulators both domestically and in Australia over what it called the "developing risk" ⁠from Mythos. On Tuesday, Bundesbank President Joachim Nagel called the model a double-edged sword, saying: "it could be used not only to improve digital security systems, but also to leverage their vulnerabilities for malicious purposes." Anthropic has introduced Claude Mythos ⁠Preview through a tightly controlled program called Project Glasswing. Access has been granted to major technology companies including Amazon (AMZN.O), opens new tab, Microsoft (MSFT.O), opens new tab, Nvidia (NVDA.O), opens new tab, and Apple (AAPL.O), opens new tab. The company has also ⁠expanded access to more than 40 additional organisations that build or maintain critical software infrastructure. Experts say Mythos' advanced coding and autonomous capabilities ⁠could significantly accelerate sophisticated cyberattacks, especially in sectors like banking, where complex, interconnected, and often decades-old systems remain common. Reporting by Stella Qiu in Sydney; Writing by Alasdair Pal; Editing by Edwina Gibbs Our Standards: The Thomson Reuters Trust Principles., opens new tab

RBI in talks with global regulators, banks to review Mythos risks, sources say

MUMBAI: India's central bank is in talks with global regulators, Indian lenders and government officials to understand the potential risks posed by Anthropic's new artificial intelligence model Mythos, three sources said. The Reserve Bank of India's preliminary assessment - just like that of global regulators - suggests Mythos could pose cybersecurity risks by accelerating the discovery and exploitation of software vulnerabilities, the sources, all familiar with the central bank's thinking, ⁠said. Also Read: Japan's financial watchdog to meet top banks to discuss Mythos AI model Regulators in ⁠Asia, Europe and the United States have warned banks to review defences and preparedness. In Japan, the financial watchdog will meet banks this week, while the Australian central bank said it is monitoring Mythos-related developments. RBI officials have over the past fortnight held consultations on Mythos-related risks with counterparts at the U.S. Federal Reserve and the Bank of England in particular, according to one of the sources. The RBI may seek direct engagement with Anthropic, the sources said. "Globally, we are discussing ⁠with other countries and other regulators on what are the developments and what safeguards need to be taken," one of the sources said. Also Read: Mythos a serious threat but more will follow, Barclays CEO says India's payment authority, the National Payments Corporation ⁠of India (NPCI), is trying to secure early access to Mythos alongside a small number of banks, to identify vulnerabilities and "day‑zero" cyber risks ahead of any broader rollout, this source said. However, such access may not be forthcoming as Anthropic's Mythos systems is hosted on strictly-controlled servers in the U.S. and running tests on local data in foreign jurisdictions could prove challenging, said a fourth source aware of the matter. Access to Mythos has been limited to a small number of organisations involved in maintaining key digital infrastructure in the U.S. Anthropic plans to provide Mythos access to European banks soon, Reuters reported earlier this week. Email requests for comment sent to RBI and NPCI were not immediately answered. The RBI is preparing ⁠broader guidelines for banks entering enterprise partnerships with advanced AI models, including Mythos and Anthropic's Claude family, as part of a longer‑term strategy on AI adoption, according to two of the sources. The discussions are at an early stage but the central bank will insist that all analytics based on data of Indian customers complies with RBI's domestic data localisation, the sources said. The RBI data localization rule, issued in 2018, requires all payment system providers in India to store end-to-end transaction data, including user information and payment messages, exclusively on servers located within India.

Reserve Bank of Australia monitoring Anthropic's Mythos AI over cyberattack fears

The Reserve Bank of Australia is closely monitoring developments around Anthropic PBC's new Mythos AI model, which the company says is powerful enough to enable sophisticated cyberattacks. The central bank is "engaging with peer regulators, government and regulated entities," it said in a statement. "The RBA, along with peer regulators and government agencies will continue to assess the implications of these technological advancements to ensure the ongoing safety and resilience of the financial system." The RBA chairs Australia's Council of Financial Regulators, which includes the corporate watchdog, the prudential regulator and the Treasury. Its engagement comes as regulators around the world step up discussions with financial firms on how they are managing cybersecurity risks linked to Mythos. It was reported on Wednesday that a small group of unauthorized users in a private online forum gained access to Mythos on the same day Anthropic announced plans to release the model to a limited number of companies for testing. Anthropic has said Mythos can identify and exploit vulnerabilities "in every major operating system and every major web browser when directed by a user." The company has restricted access to a select group of software providers under an initiative called Project Glasswing, aimed at helping firms test and strengthen their defenses against potential cyberattacks. In recent days, a growing number of financial institutions and government agencies on both sides of the Atlantic have been seeking to be added to the list of early testers to safeguard their own systems against malicious actors.

Are RBI and NCPI Seeking Access to Claude Mythos?

For now, the report is highly speculative and only tells us that RBI is aware of how the Mythos story is playing out in the US Driven by the surround sound that has steadily grown around Anthropic's latest foundation model Claude Mythos and its possible impact in the hands of cybercriminals, India's monetary regulators led by the RBI are discussing possible fallouts with their global peers and might well seek early access to the frontier AI model. Per a report by wire agency Reuters quoting three unnamed sources, the apex bank is discussing ⁠the challenges and the safeguards of data protection with other regulators. Claude Mythos has been pitched as their smartest yet and designed to conduct multi-step cybersecurity tasks that includes discovering zero-day vulnerabilities in legacy computer codes. The report also claimed that the National Payments Corporation ⁠of India (NPCI) might be trying to secure early access to Mythos, which has only been previewed to about 40 customers including big tech giants such as Google and Microsoft, as part of an effort by Anthropic to identify vulnerabilities within their systems. However, access could be a tough ask as Anthropic has hosted Mythos in controlled environments in the United States for now. In fact, the frontier AI model made headlines after the White House first urged US banks to test it out and thereafter held a meeting with Anthropic co-founder Dario Amodei, in spite of the two fighting a lawsuit. Of course, experts are divided on the veracity of the claims made by Anthropic with arch rival OpenAI openly calling it as fear-based marketing. Appearing on a podcast, OpenAI CEO Sam Altman called out Anthropic's recent shenanigans around its "smartest" model Mythos as a case of using fear to make the new product sound more impressive than it actually is. The wire agency also noted that regulators in Asia, Europe and the US had already warned banks to review their cybersecurity as well as preparedness for possible zero-day vulnerabilities. It said authorities in Japan would be meeting banks this week while in Australia the central bank is monitoring developments around Mythos. The report also claimed that RBI officials had discussions around Mythos-related risks with their counterparts in the U.S. Federal Reserve and the Bank of England. They may even seek direct engagement with Anthropic, given that Amodei had been in India for the AI Summit two months ago and had met Prime Minister Narendra Modi and senior government officials. At this point, there are no regulations for banks to engage with AI providers as the RBI is currently working on guidelines for such enterprise-level partnerships. For now, it is learnt that the apex bank would have banks treat analytics based data of customers in India in conjunction with existing regulations around data localisation issued in 2018.

India's central bank in talks with global regulators, banks to review Mythos risks, sources say

MUMBAI, April 22 (Reuters) - India's central bank is in talks with global regulators, Indian lenders and government officials to understand the potential risks posed by Anthropic's new artificial intelligence model Mythos, three sources said. The Reserve Bank of India's preliminary assessment - just like that of global regulators - suggests Mythos could pose cybersecurity risks by accelerating the discovery and exploitation of software vulnerabilities, the sources, all familiar with the central bank's thinking, said. Regulators in Asia, Europe and the United States have warned banks to review defences and preparedness. In Japan, the financial watchdog will meet banks this week, while the Australian central bank said it is monitoring Mythos-related developments. RBI officials have over the past fortnight held consultations on Mythos-related risks with counterparts at the U.S. Federal Reserve and the Bank of England in particular, according to one of the sources. The RBI may seek direct engagement with Anthropic, the sources said. "Globally, we are discussing with other countries and other regulators on what are the developments and what safeguards need to be taken," one of the sources said. India's payment authority, the National Payments Corporation of India (NPCI), is trying to secure early access to Mythos alongside a small number of banks, to identify vulnerabilities and "day-zero" cyber risks ahead of any broader rollout, this source said. However, such access may not be forthcoming as Anthropic's Mythos systems is hosted on strictly-controlled servers in the U.S. and running tests on local data in foreign jurisdictions could prove challenging, said a fourth source aware of the matter. Access to Mythos has been limited to a small number of organisations involved in maintaining key digital infrastructure in the U.S. Anthropic plans to provide Mythos access to European banks soon, Reuters reported earlier this week. Email requests for comment sent to RBI and NPCI were not immediately answered. The RBI is preparing broader guidelines for banks entering enterprise partnerships with advanced AI models, including Mythos and Anthropic's Claude family, as part of a longer-term strategy on AI adoption, according to two of the sources. The discussions are at an early stage but the central bank will insist that all analytics based on data of Indian customers complies with RBI's domestic data localisation, the sources said. The RBI data localization rule, issued in 2018, requires all payment system providers in India to store end-to-end transaction data, including user information and payment messages, exclusively on servers located within India. (Reporting by Ashwin Manikandan and Gopika Gopakumar in Mumbai; Editing by Kim Coghill)

RBA Says It Is Vigilant Against Growing AI Threats

SYDNEY--The Reserve Bank of Australia has signaled its growing concerns about the risks posed by the rapid advancement of artificial intelligence and the potential for cyber attacks on the financial system, saying that it is monitoring developments associated with Anthropic and its developing capabilities. "The RBA has noted the recent announcement by Anthropic regarding its Claude Mythos release's coding and vulnerability identification capabilities and the community's response," an RBA spokesperson said Wednesday. "The RBA is closely monitoring this development including engaging with peer regulators, government and regulated entities," the statement added. "RBA, along with peer regulators and government agencies will continue to assess the implications of these technological advancements to ensure the ongoing safety and resilience of the financial system." The RBA chairs Australia's Council of Financial Regulators, which has oversight of the financial system and its regulation. Anthropic has claimed that Mythos can identify vulnerabilities in every major operating system, prompting calls for its use to be regulated and contained.