Finance chiefs sound alarm over Anthropic’s ‘mythos’ AI model amid cyber-security fears

A powerful new artificial intelligence model developed by Anthropic has triggered a flurry of crisis meetings among finance ministers, central bankers and senior financiers, who fear the technology could be turned on the global financial system with devastating consequences.

The model, known as Claude Mythos, has been shown to pinpoint vulnerabilities in many of the world’s most widely used operating systems, prompting alarm at the highest levels of government and commerce. While some specialists believe it marks a step-change in AI’s ability to uncover and exploit cyber-security flaws, others have urged caution, arguing that far more independent testing is needed before its true capabilities can be judged.

Canada’s Finance Minister, François-Philippe Champagne, confirmed to media that Mythos had dominated discussions at this week’s International Monetary Fund meetings in Washington DC. “Certainly it is serious enough to warrant the attention of all the finance ministers,” he said. Drawing a comparison with geopolitical risks, he added: “The difference is that the Strait of Hormuz – we know where it is and we know how large it is… the issue that we’re facing with Anthropic is that it’s the unknown, unknown. This is requiring a lot of attention so that we have safeguards, and we have processes in place to make sure that we ensure the resiliency of our financial systems.”

Mythos is among the latest additions to Anthropic’s Claude family of models, which competes directly with OpenAI’s ChatGPT and Google’s Gemini. It was unveiled earlier this month by developers responsible for stress-testing so-called “misaligned” AI behaviour, instances in which a model acts against human values or intended goals. Their verdict was that Mythos is “strikingly capable at computer security tasks”.

Citing concerns that the model could surface long-dormant software bugs or identify novel ways to exploit system weaknesses, Anthropic has opted not to release it publicly. Instead, access has been granted to a handful of technology giants, including Amazon Web Services, CrowdStrike, Microsoft and Nvidia, under an initiative dubbed Project Glasswing, which the company describes as an “effort to secure the world’s most critical software”.

On Thursday, Anthropic released an upgraded version of its existing Claude Opus model, saying this would enable Mythos’s cyber capabilities to be evaluated within less powerful systems.

Not everyone in the cyber-security community is convinced the fears are proportionate, particularly given the limited independent testing conducted so far. The UK’s AI Security Institute, which has been given access to a preview version, is the only body to have published an independent assessment. Its researchers concluded that while Mythos Preview could compromise systems with weak defences, it was not dramatically more capable than its predecessor, Opus 4. “Our testing shows that Mythos Preview can exploit systems with weak security posture, and it is likely that more models with these capabilities will be developed,” the report’s authors wrote.

Sceptics have also pointed to precedent: in February 2019, OpenAI similarly delayed the release of GPT-2 on safety grounds, a decision critics at the time dismissed as a marketing device.

Senior bankers are now to be granted early access to Mythos so they can probe their own defences ahead of any wider release. C.S. Venkatakrishnan, chief executive of Barclays, told the BBC: “It’s serious enough that people have to worry. We have to understand it better, and we have to understand the vulnerabilities that are being exposed and fix them quickly.” He added that a far more interconnected financial system had created both fresh opportunities and fresh exposures, cautioning: “This is what the new world is going to be.”

For Britain’s small and medium-sized businesses, which rely on the integrity of banking, payment and cloud infrastructure every day, the implications are considerable. A cyber incident capable of destabilising a major lender or payment processor could ripple rapidly through SME supply chains, hitting cash flow, invoicing and customer confidence within hours.

Anthropic has already flagged that Mythos has uncovered multiple vulnerabilities in core operating systems, financial platforms and web browsers. Governments and banks are being offered advance access to harden their defences before any public launch.

Andrew Bailey, Governor of the Bank of England, has said that the development must be treated with the utmost seriousness. “We are having to look very carefully now what this latest AI development could mean for the risk of cyber crime,” he said. “The consequence could be that there is a development of AI, of modelling, which makes it easier to detect existing vulnerabilities in sort of core IT systems, and then obviously cyber criminals, the bad actors, could seek to exploit them.”

The US Treasury has confirmed that it has raised the matter directly with major American banks, urging them to run internal tests ahead of any public release. Industry sources further suggest that a rival US AI firm could shortly unveil a similarly potent model, but without comparable guardrails.

For the UK technology sector, the controversy may prove an opening as much as a threat. James Wise, a partner at Balderton Capital and chair of the newly established Sovereign AI unit, a £500m government-backed venture capital fund targeting home-grown AI businesses, argued that Mythos is merely “the first of what will be many more powerful models” capable of exposing systemic weaknesses.

Speaking to the BBC’s Today programme, he said his unit was “investing in British AI companies that are tackling that, companies working in AI security and safety”, adding: “We hope the models that expose vulnerabilities are also the models which will fix them.”

For the country’s AI scale-ups and cyber-security start-ups, the message from Threadneedle Street and Washington alike is unmistakable: the defensive side of the AI arms race has just become one of the most commercially significant frontiers in British enterprise.

Read more:
Finance chiefs sound alarm over Anthropic’s ‘mythos’ AI model amid cyber-security fears