Central Banks Race to Contain Risks From Anthropic's Mythos AI Model
Global finance leaders sound alarm over unprecedented cybersecurity threat as AI model capable of executing multi-stage attacks sparks closed-door meetings among regulators worldwide
Auf einen Blick
- Finance Minister Nirmala Sitharaman chaired a high-level meeting with Indian banks to assess cybersecurity risks from Anthropic's new AI model Mythos, which can identify and exploit vulnerabilities across systems.
- The model has triggered unprecedented global concern among central bankers and finance ministers, with the UK AI Security Institute finding it could execute multi-stage attacks on vulnerable networks autonomously.
- The ECB President and Bank of England Governor have warned the model could crack cyber risk wide open if it falls into wrong hands.
KI-generierte Zusammenfassung
Warum es wichtig ist
Anthropic's Mythos represents a significant advancement in AI cybersecurity capabilities, moving from theoretical risks to demonstrated autonomous attack execution. The UK AI Security Institute's evaluation found the model could complete a 32-step corporate network attack simulation, succeeding in 3 out of 10 attempts - a task that would take human experts roughly 20 hours. This marks a transition from beginner-level AI cyber capabilities two years ago to near-professional level autonomous attacks.
For a sector used to stress-testing everything from oil shocks to geopolitical conflicts, it's not often that a piece of software becomes the biggest unknown in the room. But that's exactly what's happening with Claude Mythos, a new artificial intelligence model from Anthropic that has triggered closed-door meetings among central bankers, finance ministers and top banking executives across the world.
At a high-level meeting chaired by Finance Minister Nirmala Sitharaman on Thursday, the government met with Scheduled Commercial Banks and other key stakeholders to assess potential cybersecurity risks linked to emerging AI models. The Finance Ministry, in a statement on X, said banks would need to coordinate closely with agencies like CERT-In to identify and respond to emerging risks without delay.
The warning was unusually direct: Sitharaman said, "... the nature of the emerging threat from the latest AI Model is unprecedented and requires a very high degree of vigilance, preparedness and better coordination across financial institutions and banks."
According to Bloomberg, recent global gatherings, including the IMF–World Bank Spring Meetings, saw conversations that, while expected to revolve around war and inflation, kept circling back to one question: what if cyber risk is no longer human-scale?
Mythos is part of Anthropic's Claude family of AI models, designed to perform complex reasoning and coding tasks. What sets it apart is its ability to operate across the cybersecurity spectrum from identifying vulnerabilities to actively exploiting them. In an April 7 note, Anthropic described the model as a watershed moment for cybersecurity, saying it had already found thousands of high-severity vulnerabilities across major operating systems and web browsers.
The company has also claimed that the model can outperform humans in certain hacking and cybersecurity tasks — a capability that has raised alarms across the financial sector. Which is why, instead of releasing it to the general public, Anthropic is providing early access to Mythos Preview to select technology companies such as Microsoft, Nvidia and Cisco to help strengthen cyber defences.
The effort, called Project Glasswing, will see Anthropic extend access to more than 50 organisations, alongside over $100 million in usage credits, to test and secure critical systems ahead of any wider rollout.
What's striking is how quickly these capabilities have advanced. Just weeks earlier, Anthropic had said its previous model struggled to convert vulnerabilities into exploits. But in internal benchmarks, Mythos showed a sharp jump producing working exploits at a significantly higher rate.
The sharpest independent validation comes from the UK's AI Security Institute, which evaluated Mythos shortly after its announcement on April 7. In its report, the institute said Mythos represents a step up over previous frontier models in a landscape where cyber performance was already rapidly improving.
The context matters: just two years ago, the best AI systems could barely complete beginner-level cyber tasks. Now, in controlled settings where the model was given network access and explicit instructions, AISI found Mythos could execute multi-stage attacks on vulnerable networks and discover and exploit vulnerabilities autonomously — tasks that would take human professionals days.
The institute's more complex test, a 32-step corporate network simulation called The Last Ones, offered an even clearer signal. Mythos became the first model to complete the entire attack chain, succeeding in 3 out of 10 attempts and averaging 22 steps overall. AISI estimated the same task would take a human expert roughly 20 hours.
Crucially, the report also flagged the model's ability to chain together multiple actions into sustained attack sequences — a shift towards what researchers describe as agentic behaviour.
Banks have been among the first to react, and not without reason. Modern financial systems are built on deeply interconnected and often ageing infrastructure. As Reuters reported on April 24, regulators are worried that AI systems like Mythos could identify and exploit vulnerabilities faster than companies can repair them, particularly in sectors like banking that rely on complex, legacy technology.
This creates three immediate risks: First, systemic spillovers. A breach in one institution can cascade across payment systems and markets. Reuters noted that in finance, cyber incidents can immediately spill over into market disruptions and undermine confidence. Second, legacy exposure. Anthropic has said Mythos uncovered vulnerabilities that had persisted for decades. For banks still running older systems, that is a flashing red signal. Third, speed. Officials cited by the Financial Times described the model as a fundamental change in the playing field, warning that it could chain together vulnerabilities at a scale and speed beyond human capability. Simply put, the traditional advantage defenders had — time — may be shrinking.
The policy response has been swift and unusually coordinated. The concern, echoed in closed-door meetings among high-ranking officials in India, is being felt globally. At the IMF–World Bank Spring Meetings, Bloomberg reported that Mythos became a central topic of discussion with policymakers openly questioning whether it could enable large-scale cyberattacks on financial infrastructure.
President of the European Central Bank Christine Lagarde warned in an interview with Bloomberg Television that if it falls in the wrong hands, it could be really bad, while Governor of the Bank of England Andrew Bailey remarked that the development could crack the whole cyber risk world open.
According to the Financial Times, even the US Federal Reserve and US Treasury have held closed-door discussions with major banks to assess the risks.
Despite the urgency, much about Mythos remains unclear — and that uncertainty is driving much of the anxiety. Officials and bankers are grappling with questions that are still largely theoretical: Could such systems enable mass theft from bank accounts? Can they disrupt global payment rails? Could they trigger a crisis of confidence in the financial system?
As Canada's finance minister Francois-Philippe Champagne told the BBC, the challenge with Mythos is that it represents an unknown unknown unlike traditional risks that can be mapped and modelled.
Anthropic itself has acknowledged the dual nature of what it has built. In its note, the company said that while models like Mythos could accelerate exploit development, they could also dramatically improve defence by identifying and patching vulnerabilities faster than humans.
Worauf zu achten ist
KI-Ausblick — Möglichkeiten, keine Fakten
More central banks will hold emergency meetings on AI cyber risks within the next 30 days
Sehr wahrscheinlich · Innerhalb von Wochen
Banks will accelerate legacy system upgrades following CERT-In coordination requirements
Wahrscheinlich · Innerhalb von Monaten
Project Glasswing will expand to include more financial institutions beyond technology companies
Wahrscheinlich · Innerhalb von Monaten
Offene Fragen
- Could AI models like Mythos enable mass theft from bank accounts?
- Can they disrupt global payment rails?
- Could they trigger a crisis of confidence in the financial system?
- What safeguards are sufficient to prevent misuse?