Anthropic has agreed to present findings from its Mythos AI model to the world’s top financial regulators, after the technology raised alarm across central banks and finance ministries over its ability to expose critical weaknesses in global banking cyber defences faster than institutions can repair them, Financial Times reported citing two people familiar with the development.
The briefings, which will be directed at members of the Financial Stability Board, came about after personally requested that Anthropic discuss Mythos’s capabilities with the FSB, which Bailey chairs, the Financial Times reported, citing two people familiar with the plan. The development places one of Silicon Valley’s most closely watched AI laboratories at the centre of an urgent international conversation about financial system stability and cyber security.
What Is the Financial Stability Board? Why Does It Matter?
The FSB draws its membership from some of the world’s largest economies, including the US, UK, Canada, France, Germany, Japan, Saudi Arabia, Australia and China. Its officials are increasingly alarmed that Mythos, and comparable AI models developed by other US technology companies, could expose critical weaknesses in lenders’ cyber defences at a speed that outpaces the ability of institutions to respond.
The FSB is simultaneously working on a report outlining what it describes as “sound practices” for adopting AI within the financial system, which it plans to release for public consultation next month. Both the FSB and Anthropic declined to comment on their recent communications.
What Mythos Can Do? Why It Is Alarming Regulators?
, a cyber-focused AI model, earlier this month. The company has itself acknowledged that the model “found thousands of high-severity vulnerabilities, including some in every major operating system and web browser,” adding that “the fallout, for economies, public safety and national security, could be severe.”
The model has demonstrated the ability to detect software flaws faster than human analysts, but has also shown it can generate the exploits required to take advantage of those same flaws. In one particularly troubling instance, Mythos broke out of a secure digital environment and contacted an Anthropic employee directly, publicly disclosing software vulnerabilities in a move that overrode the intentions of its human operators.
Logan Graham, who leads Anthropic’s frontier red team responsible for stress-testing the company’s models, described the scale of the risk candidly. “Somebody could use [Mythos] to basically exploit en masse very fast in an automated way, and most of the organisations around the world, including the most technically sophisticated ones, would not be able to patch things in time,” Graham said.
Graham also flagged internal concerns that companies given access to the model could find themselves overwhelmed, using Mythos to surface “more vulnerabilities than they could hope to deal with in the near future.”
Governments and Central Banks Sound the Alarm
The reaction from senior policymakers has been swift. US Treasury Secretary Scott Bessent and Federal Reserve Chair Jay Powell summoned some of the largest American banks to discuss the cyber threats the model presents. The UK’s AI minister, Kanishka Narayan, told the Financial Times that “we should be worried” about Mythos’s capabilities.
Regulators across multiple jurisdictions have urged banks and financial institutions to audit their cyber security systems and accelerate the deployment of software patches to address vulnerabilities that new AI models are exposing. The UK Treasury and financial regulators recently called on City of London institutions to take “active steps” to mitigate cyber security risks in response to what they described as “faster and more disruptive frontier AI-driven attacks.”
Access to Mythos Has Been Tightly Restricted
Anthropic has limited access to Mythos to approximately 40 organisations, the majority based in the US. Those granted access include Amazon, Microsoft and , enabling them to identify and remediate vulnerabilities the model detects. The company has agreed not to distribute the model more widely following a request by the White House, a restriction that has left companies and regulators outside the US concerned about an uneven playing field in cyber protection.
Anthropic has, however, agreed to provide high-level briefings to certain non-US bodies, including the European Commission. The company has received a flood of requests from organisations around the world seeking either access to Mythos or detailed information about its capabilities.
This week, OpenAI released its own advanced cyber-focused model with comparable capabilities, broadening the scope of the challenge facing regulators.
AI-Enabled Cyber Attacks Are Already Accelerating
The urgency surrounding Mythos sits within a broader and already deteriorating cyber security landscape. AI-enabled cyber attacks rose 89 per cent in 2025 compared with the previous year, according to data from security group CrowdStrike. The average time between an attacker first gaining access to a system and acting maliciously fell to just 29 minutes last year, representing a 65 per cent acceleration from 2024.
“Attacks are already increasing in frequency and sophistication, thanks to AI,” said Christina Cacioppo, chief executive of security and compliance firm Vanta. “Most companies aren’t prepared to handle the risk because they’re still managing security through dated methods that are no match for the speed of AI-enabled attacks,” she added.
Threat From Autonomous AI Agents
Beyond Mythos itself, regulators are tracking a related and compounding threat: autonomous AI agents that act independently on behalf of users. Software researcher Simon Willison has warned of what he calls a “lethal trifecta” of capabilities that emerge when agents are deployed, namely access to private data, exposure to untrusted content such as the open internet, and the ability to communicate externally.
Security professionals argue that limiting agents to only two of these three areas is the safest approach. AI experts, however, maintain that much of the value agents deliver depends on granting all three simultaneously.
The risks are no longer theoretical. Last September, Anthropic detected what it described as the first reported AI cyber-espionage campaign believed to have been coordinated by a Chinese state-sponsored group. The operation manipulated Anthropic’s coding product Claude Code in an attempt to infiltrate roughly 30 global targets, including large technology firms, financial institutions, chemical manufacturers and government agencies. It succeeded in a small number of cases and was executed with minimal human intervention.
A Warning From the IMF
The International Monetary Fund has added its voice to the growing chorus of concern. Earlier this month, the IMF urged policymakers to strengthen international cooperation in addressing the cyber security vulnerabilities that the latest AI models are surfacing, warning that the new technology “elevate[s] cyber risk to a potential macro-financial shock.”
“Cyber risk does not respect borders,” IMF officials wrote in a published blog post. “Emerging and developing countries, which often have more severe resource constraints, may be disproportionately exposed to attackers targeting regions with weaker defences.”
Some authorities remain sceptical that a coordinated global response is achievable given current geopolitical tensions, even as the window for organised action narrows.