Banking industry scrambles for Anthropic’s Mythos as global regulators review risks

FRANKFURT/NEW YORK — The emergence of Anthropic’s Mythos is setting up a scramble from the banking industry to gain access and test the technology as regulators rush to examine the cybersecurity risks the new artificial intelligence model raises and how prepared financial firms are to tackle them.

Mythos is viewed by cybersecurity experts as posing significant challenges to the banking industry and its legacy technology systems, prompting a series of warnings from regulators and policymakers gathered at last week’s International Monetary Fund spring meeting in Washington. A string of US banks have so far been given access to Mythos — while the rest of the industry tries to catch up.

“It’s certainly not something that’s causing panic or setting off any alarm bells on our end right now, but it’s definitely something we need to keep in mind in our day-to-day risk management — and that’s exactly what we’re doing,” Deutsche Bank CEO Christian Sewing, who leads Germany’s biggest bank, told journalists. Mr. Sewing said banks were in close contact with European watchdogs about Mythos.

“The banks are prepared for this and have their own responses. So this is something we have to live with, and of course everyone is trying to gain access, but I also think it’s right that access is limited for now,” he said, adding that a German banking association would discuss the issue on Monday.

Anthropic has so far restricted access to the model to partners in its Project Glasswing initiative and about 40 additional organizations that build or maintain critical software infrastructure. JPMorgan, which is part of Glasswing, was the only bank Anthropic has publicly said has access, although Bank of America has been part of Glasswing since the start and has been testing the Mythos technology internally, according to a source familiar with the matter.

Other US banks have more recently said they have been given access to Mythos.

Morgan Stanley CEO Ted Pick told analysts during the bank’s earnings call last week that the bank has been discussing cyber risks within the Financial Services Forum. “And yes, we are permissioned on Claude Mythos Preview,” he said, adding that cyber risk is an increasing threat. “So we will, I imagine, collectively get better via that, and then there will be other competitive products.”

Goldman Sachs CEO David Solomon also confirmed during the bank’s earnings last week that it had access.

“We’re aware of Mythos and its capabilities,” Mr. Solomon said on the call. “We have the model. We’re working closely with Anthropic and all of our security vendors to kind of harness frontier capabilities wherever it’s possible.”

Citigroup also has access to Mythos and is using it for internal tests, one person with knowledge of the matter said.

Some banks without access have questioned whether there should be broader access to Mythos and whether JPM received an advantage, a topic that is likely to be raised with the US Treasury, a source familiar with the matter said. JPM declined comment. The Treasury and Anthropic did not immediately respond to requests for comment.

Multiple senior banking and regulatory sources in Europe told Reuters they were not aware of any European financial institution with access to Mythos yet.

‘SUBSTANTIALLY MORE CAPABLE AT CYBER OFFENSE’
The British government wrote an open letter to Anthropic leaders on April 15 saying that testing by its AI Security Institute had shown Mythos to be “substantially more capable at cyber offense than any model we have previously assessed.”

Some Asian regulators said on Monday they were also monitoring the development. South Korea’s Financial Supervisory Service said it met with information security officials from financial firms last week to review Mythos-related risks.

Mythos was a key topic on the sidelines of the IMF meetings last week. European supervisors are not yet overly concerned and for now are assessing it through their existing cyber resilience processes, three European supervisory sources told Reuters.

One banking source said the ECB and other regulators have been in contact with European banks to assess their preparedness for new cybersecurity risks. Supervisors have asked about banks’ awareness of the threat and their ability to respond, the source said.

The capabilities of Mythos to code at a high level have given it a potentially unprecedented ability to identify cybersecurity vulnerabilities, experts say, prompting greater scrutiny from regulators globally.

Barclays CEO C.S. Venkatakrishnan said on Friday in Washington that Mythos was a serious threat to the global banking system and likely to be followed by similar, more powerful cyberthreats. — Reuters