Anthropic is about to have a very serious chat with the global finance watchdog about its Claude Mythos AI model, which has experts reaching for their smelling salts over its potential to wreck cyber defences.
The US startup will be briefing the Financial Stability Board (FSB), chaired by none other than Bank of England governor Andrew Bailey, on the implications of Mythos. Because what could possibly go wrong when you let an AI that's really good at finding holes in IT systems out into the world?
Anthropic has wisely declined to release Mythos to the public, having announced that the AI model has advanced capabilities in highlighting previously unknown flaws in IT systems - flaws that hackers would love to exploit. Instead, the company has given access to a select group of tech companies and banks, including Apple and JP Morgan, to help them identify any weaknesses the AI might sniff out. The FSB plan, first reported by the Financial Times, was confirmed by a source familiar with the regulator's discussions with Anthropic.
The UK's AI Security Institute (AISI), which assesses advanced AI models, issued an updated appraisal of Mythos last week after scrutinising the version released to banks and tech companies. It said the latest iteration represented a “notable capability jump” even on the preview version tested the previous month. The AISI noted that the latest version of Mythos completed a previously unsolved cybersecurity test, called “cooling tower”, in three out of 10 attempts - a first for any model tested by the institute.
“Frontier AI’s autonomous cyber and software capability is advancing quickly: the length of cyber tasks that frontier models can complete autonomously has doubled on the order of months, not years,” the AISI said, adding that it is developing new, tougher hacking tests to keep track of AI models' progress. Because apparently the old tests just aren't cutting it anymore.
The FSB monitors and makes recommendations about the global financial system and includes officials from leading economies including the US, the UK, Australia, and China. Its steering committee includes senior central bank and finance ministry officials. This month, the International Monetary Fund said financial stability risks were rising owing to “fast-moving” developments in AI and called for a coordinated response. “Cyber risk does not respect borders. As AI capabilities spread across countries, inconsistent oversight could weaken a globally interconnected system,” the IMF said in a blog post, clearly not in the mood for understatement.
Last month, Goldman Sachs chief executive David Solomon said he was “hyper-aware” of Mythos's capabilities, while his JP Morgan counterpart Jamie Dimon noted that AI had made cyber defence “harder” even if it could ultimately help companies defend themselves against hackers. Other experts have tried to calm the waters, arguing that Mythos represents an evolution in cyber threats rather than a revolution. Cybersecurity experts caution that most breaches still come from well-established risks such as weak authentication and already known vulnerabilities that haven't been patched. So, you know, don't forget to update your passwords.
When asked about the news that the FSB would be assessing Mythos's risks at the City Week conference in London, Financial Conduct Authority chief executive Nikhil Rathi said AI developments had been a “significant topic of conversation” at the IMF meetings in Washington last month. He noted that Bailey was “engaged” on the issue and that cooperation was taking place with US authorities. Rathi also pointed to guidance released by UK regulators and the Treasury last week, which directed firms to “double down” on “core cyber hygiene”. That meant “having looked at your legacy systems, having good detection mechanisms, having good governance in place, thinking about how you recover, thinking about your insurance”, he said. Rathi added that “Anthropic has acted fairly responsibly in engaging with authorities” internationally on the risks of its AI.
The FSB and Anthropic have been approached for comment. We suspect they're busy preparing for that chat.