Anthropic's Mythos AI Model Raises Cybersecurity Alarms at Banks and Regulators

Anthropic's Mythos AI model, built to identify software vulnerabilities, has triggered warnings from financial regulators in the United States and United Kingdom.

The U.S. Treasury Department is seeking access to the Mythos model to probe for weaknesses in financial infrastructure. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell encouraged major banks to test the model for vulnerability detection, treating advanced AI as a potential systemic cyber risk.

U.K. regulators are preparing to warn banks, insurers, and exchanges about security risks exposed by Anthropic's Claude Mythos Preview. The Financial Conduct Authority has not yet issued formal guidance but is expected to do so in the coming weeks.

Anthropic released Mythos with restricted access, requiring users to go through a verified-access program. Canada's AI minister praised the company's cautious approach, saying policymakers may favor companies that demonstrate disciplined deployment.

The concern among regulators is that Mythos can find software vulnerabilities faster than traditional methods, compressing the gap between discovery and exploitation. Banks and state actors are assessing their exposure to the model's capabilities.

Separately, OpenAI detected and responded to a compromised GitHub Actions workflow attributed to North Korean actors, which downloaded a malicious version of the Axios library. The incident highlighted the persistent risk of supply-chain attacks in software development.

A campaign involving 108 malicious Chrome extensions also stole Google account credentials, Telegram data, and browsing history from approximately 20,000 users, according to security researchers.