Anthropic's Mythos AI Model Triggers Urgent UK Financial Regulatory Alert
UK financial regulators are rushing to assess the cybersecurity risks posed by Anthropic's powerful new AI model, Mythos, after the Bank of England Governor warned it could "crack the whole cyber risk world open" — with controlled access to British banks now confirmed for next week.
Anthropic confirmed on Thursday that it would grant UK financial institutions controlled access to Mythos within the next week as part of its Project Glasswing initiative. The move comes as senior executives from major British banks, insurers, and exchanges prepare to be briefed on the cybersecurity risks posed by the model.
Key Developments
The Bank of England, the Financial Conduct Authority, HM Treasury, and the National Cyber Security Centre are all involved in the urgent assessment. Bank of England Governor Andrew Bailey explicitly named Mythos in a speech at Columbia University on 15 April, highlighting it as a major cybersecurity concern and warning that the model could autonomously identify and exploit zero-day vulnerabilities across every major web browser and operating system.
The Bank of England's Cross Market Operational Resilience Group (CMORG) and its AI Taskforce plan to discuss the Mythos model in meetings within the next two weeks. CMORG includes CEOs of the UK's eight largest banks, financial infrastructure providers, insurers, and representatives from regulatory bodies.
Background
Anthropic researchers published a blog post on 7 April claiming Mythos Preview successfully identified and exploited zero-day vulnerabilities. The UK's AI Security Institute released a report on 13 April noting the model's success in a 32-step corporate network attack simulation. Regulators are particularly concerned that if AI agents can weaponise flaws at scale within consolidated cloud service providers, it could lead to catastrophic breaches across the banking system.
Why It Matters
For UK banks, Mythos could serve as a powerful "red-team" tool to uncover security flaws before malicious actors exploit them. However, the restricted access model has drawn criticism from some tech leaders, including IBM Senior Vice President Rob Thomas, who argued that security improves through scrutiny rather than concealment.
What's Next
Anthropic will not make Mythos Preview generally available; access is restricted to members of Project Glasswing, which includes JPMorgan Chase, AWS, Google, and Microsoft. UK financial institutions are expected to receive their controlled access within the coming week, with regulatory briefings to follow.
Full analysis available at Disruption Banking.
