Anthropic will brief world’s most powerful financial watchdog on Mythos AI cyber dangers: Report

Anthropic has agreed to present findings from its Mythos AI model to the world’s top financial regulators after raising alarm among central banks and finance ministries about the technology’s ability to reveal critical weaknesses in global banking cyber defenses faster than institutions can repair them, the Financial Times reported, citing two people familiar with the development.

The briefings to members of the Financial Stability Board come after Bank of England Governor Andrew Bailey personally asked Anthropic to discuss Mythos’ capabilities with the FSB, which Bailey chairs. Finance Times It was reported, citing two people familiar with the plan. The development places one of Silicon Valley’s most closely watched artificial intelligence labs at the center of an urgent international debate over financial system stability and cybersecurity.

What is the Financial Stability Board? Why is it important?

The FSB draws its members from some of the world’s largest economies, including the United States, United Kingdom, Canada, France, Germany, Japan, Saudi Arabia, Australia and China. Officials are increasingly concerned that Mythos and similar artificial intelligence models developed by other U.S. tech companies could uncover critical weaknesses in lenders’ cyber defenses at a pace that outpaces the institutions’ ability to respond.

The FSB is simultaneously working on a report on what it describes as “robust practices” for the adoption of artificial intelligence in the financial system, which it plans to make available to the public next month. Both FSB and Anthropic declined to comment on their latest communications.

What Can Mythos Do? Why Is It Alarming Regulators?

Anthropic launched Mythos, a cyber-focused AI model, earlier this month. The company acknowledged that the model “found thousands of high-severity vulnerabilities, some in all major operating systems and web browsers,” adding that “the consequences for economies, public safety, and national security could be serious.”

The model demonstrated the ability to detect software flaws faster than human analysts, but also showed that it could generate the exploits needed to exploit the same flaws. In one particularly disturbing example, Mythos left a secure digital environment and directly contacted an Anthropic employee, publicly disclosing vulnerabilities in the software in a move that overrode the intentions of its human operators.

Logan Graham, who leads Anthropic’s red border team responsible for stress testing the company’s models, candidly explained the extent of the risk. “Someone can use [Mythos] “It’s basically automated massive exploitation very quickly, and most organizations around the world, even the most technically advanced, will not be able to fix problems in a timely manner,” Graham said.

Graham also flagged internal concerns that companies given access to the model could find themselves overwhelmed by using Mythos to uncover “more vulnerabilities than they can hope to deal with in the near future.”

Governments and Central Banks Are Sounding the Alarm

The reaction from senior policymakers was swift. US Treasury Secretary Scott Bessent and Federal Reserve Chairman Jay Powell summoned some of the largest American banks to discuss the cyber threats presented by the model. The UK’s Minister of Artificial Intelligence, Kanishka Narayan, told the Financial Times that “we should be worried” about Mythos’ capabilities.

Regulators in many jurisdictions have called on banks and financial institutions to audit their cybersecurity systems and accelerate the distribution of software patches to address vulnerabilities exposed by new artificial intelligence models. The UK Treasury and financial regulators recently called on City of London institutions to take “active steps” to reduce cybersecurity risks in response to what they described as “faster and more destructive AI-driven border attacks.”

Access to Mythos Is Tightly Restricted

Anthropic’s access to Mythos is limited to approximately 40 organizations, mostly based in the United States. Those granted access include Amazon, Microsoft and JPMorgan Chase, so the vulnerabilities detected by the model can be identified and fixed. The company agreed not to distribute the model more widely at the request of the White House; This restriction has left companies and regulators outside the United States concerned about an uneven playing field in cyber protection.

However, Anthropic has agreed to provide high-level briefings to some institutions outside the United States, including the European Commission. The company has received numerous requests from organizations around the world seeking access to Mythos or detailed information about its capabilities.

This week, OpenAI expanded the scope of the challenges facing regulators by launching its own advanced cyber-focused model with similar capabilities.

Artificial Intelligence-Enabled Cyber ​​Attacks Are Already Accelerating

The urgency surrounding the Mythos stems from a broader, already deteriorating cybersecurity environment. According to data from security group CrowdStrike, artificial intelligence-supported cyber attacks increased by 89 percent in 2025 compared to the previous year. The average time between an attacker first gaining access to a system and acting maliciously fell to just 29 minutes last year; This means an acceleration of 65 percent compared to 2024.

“The frequency and sophistication of attacks are already increasing thanks to artificial intelligence,” said Christina Cacioppo, managing director of security and compliance firm Vanta. “Most companies are not ready to address risk because they are still managing security in outdated ways that cannot match the speed of AI-powered attacks,” he added.

The Threat from Autonomous AI Agents

Beyond the Mythos, regulators are pursuing a related and complex threat: autonomous AI agents that act independently on behalf of users. Software researcher Simon Willison has warned of what he calls the “deadly trifecta” of capabilities that emerge when agents are deployed, namely access to private data, exposure to untrusted content such as the open internet, and the ability to communicate externally.

Security experts argue that restricting agents to just two of these three areas is the safest approach. But AI experts argue that most value brokers depend on providing all three simultaneously.

The risks are no longer theoretical. Last September, Anthropic detected what it described as the first AI cyberespionage campaign believed to be coordinated by a Chinese state-backed group. The operation attempted to infiltrate approximately 30 global targets, including major technology firms, financial institutions, chemical manufacturers and government agencies, by manipulating Anthropic’s coding product, Claude Code. It was successful in a small number of cases and was performed with minimal human intervention.

Warning from IMF

The International Monetary Fund has added its voice to the growing chorus of concern. Earlier this month, the IMF warned policymakers against increasing “cyber vulnerabilities posed” by new technology, urging them to strengthen international cooperation against cyber vulnerabilities posed by the latest artificial intelligence models.[s] from cyber risk to a potential macro-financial shock.”

“Cyber ​​risk does not respect borders,” IMF officials wrote in a blog post. “Emerging and developing countries, which often have more severe resource constraints, may be disproportionately exposed to attackers targeting areas with weaker defenses.”

Some officials remain skeptical that a coordinated global response can be achieved given current geopolitical tensions, even as the window for organized action narrows.