Financial regulators worldwide are closely monitoring Anthropic’s advanced AI model Mythos following demonstrations of its ability to autonomously identify and exploit software vulnerabilities, sparking urgent meetings among central banks and government officials concerned about systemic risks to the financial system.
The Australian Securities and Investments Commission confirmed Monday it is tracking Mythos developments alongside peer regulators including the Bank of England, U.S. Federal Reserve, European Central Bank, and Treasury Department.
Anthropic launched Mythos on April 7, 2026, under a restricted access program called Project Glasswing, limiting initial access to approximately 40 companies including Amazon, Apple, Google, Microsoft, Nvidia, Cisco, and JPMorgan Chase. The company claims the model successfully identified and exploited zero-day vulnerabilities in every major operating system and web browser.
Bank of England Governor Andrew Bailey, speaking at Columbia University in New York, warned that Mythos could “crack the whole cyber risk world open” and called on regulators to urgently assess the extent to which the model can identify and exploit vulnerabilities in financial infrastructure.
Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened an urgent meeting with major U.S. bank chief executive officers to discuss Mythos’s cyber risk implications. JPMorgan Chase CEO Jamie Dimon was the only major bank CEO unable to attend, although JPMorgan is listed as a Project Glasswing launch partner.
The urgency reflects concerns that if capable AI agents can weaponize flaws across consolidated cloud service providers at scale, it could trigger catastrophic breaches across the heavily regulated banking system. Major U.S. banks have begun internal testing of Mythos for defensive purposes despite the cybersecurity concerns.
European Central Bank President Christine Lagarde warned that no governance framework is yet in place to address the risks posed by advanced AI models with offensive cybersecurity capabilities. The Bank of Canada separately held its own meeting with Canadian banks and financial institutions on the same topic.
Testing by the UK’s AI Security Institute found that while Mythos performed broadly comparable to peer models on single cyber tasks, it demonstrated superior ability at chaining multiple steps into complete intrusions. The model was the first to complete a full cyber-range attack end-to-end autonomously.
Anthropic CEO Dario Amodei defended the restricted rollout, writing that “the dangers of getting this wrong are obvious, but if we get it right, there is a real opportunity to create a fundamentally more secure internet and world than we had before the advent of AI-powered cyber capabilities.”
