Finance chiefs warn of cyber-security risks from Anthropic's Mythos AI model
Finance ministers and central bankers have raised serious concerns about Mythos, a new AI model developed by Anthropic that can identify vulnerabilities in operating systems, financial platforms and web browsers. The model has triggered crisis meetings among financial regulators globally.
Canadian Finance Minister François-Philippe Champagne told the BBC the issue was discussed extensively at the International Monetary Fund meeting in Washington this week. He described the threat as an "unknown, unknown" - a vulnerability without clear boundaries or scope.
"This is requiring a lot of attention so that we have safeguards and process in place to make sure that we ensure the resiliency of our financial systems," Champagne said.
What the testing shows
The UK's AI Security Institute has published the only independent report on Mythos's cyber-security capabilities after testing a preview version. Researchers found it can exploit systems with weak security posture but noted it was not dramatically more capable than Claude's predecessor, Opus 4.
Anthropic has confirmed the model has already exposed multiple security vulnerabilities in critical operating systems, financial systems and web browsers.
Banks preparing defenses
Top bankers will receive early access to test their own systems before Mythos is released publicly. The US Treasury has encouraged major banks to conduct similar testing.
Barclays chief executive CS Venkatakrishnan said understanding the vulnerabilities and fixing them quickly was essential. "This is what the new world is going to be," he said, referring to increasingly connected financial infrastructure.
Bank of England governor Andrew Bailey said the development had to be taken seriously. "The consequence could be that there is a development of AI which makes it easier to detect existing vulnerabilities in core IT systems, and then cyber criminals could seek to exploit them," he said.
Broader industry concerns
Financial industry sources indicate another major US AI company could release a similarly powerful model without the same safeguards. James Wise, chair of the Sovereign AI unit backed by Β£500 million in UK government funding, called Mythos "the first of what will be many more powerful models" that expose system vulnerabilities.
The unit is investing in AI security companies that can both identify and fix vulnerabilities. "We hope the models that expose vulnerabilities are also the models which will fix them," Wise said.
Some cyber-security experts have questioned the severity of concerns, noting that Mythos has not been tested by the wider industry to establish its actual capabilities. Further independent testing will clarify whether the risks justify the level of alarm among financial authorities.
For finance professionals, understanding these vulnerabilities matters. AI for Finance resources can help your organization navigate emerging AI security risks, while AI Learning Path for CFOs covers how financial leaders should approach AI governance and security.
Your membership also unlocks:
