Singapore Regulator Demands Banks Close Vulnerabilities Amid Mythos Concerns

Singapore's Monetary Authority (MAS) has issued an official warning to banks: financial institutions must urgently address existing vulnerabilities in their cybersecurity systems. The regulatory alert followed growing concerns in Asian financial circles about Mythos, a new language model from American company Anthropic, creators of the Claude model family. According to Bloomberg, it is precisely the capabilities of this model in understanding context and generating persuasive text that have raised concerns among financial sector information security specialists.

The concerns are not about the model itself, but about its potential misuse by malicious actors: to create phishing emails, impersonate banking communications, and conduct automated attacks against customers and employees of financial organizations. Singapore has long held a leading position among Asia's financial centers and has traditionally acted proactively in regulating technological risks. MAS is known for stringent requirements in the field of technology risk management — banks must comply with regularly updated Technology Risk Management Guidelines.

The current warning continues this practice: rather than reacting to incidents after they occur, the regulator demands preventive measures. According to Bloomberg sources, MAS specifically points to several categories of vulnerabilities. The first is outdated authentication systems, insufficiently protected against attacks using synthetic voices and deepfakes, whose quality has increased dramatically in recent months.

The second concerns weaknesses in email protection: bank employees increasingly become victims of sophisticated phishing scenarios that are practically impossible to detect without special training. The third relates to risks associated with banks themselves using third-party AI tools without proper security verification. The reaction of Asian regulators to Mythos has proven noticeably sharper than to Anthropic's previous releases.

Analysts link this to several factors. Following a series of high-profile incidents in 2025, when fraudsters successfully used language models to attack bank customers in Hong Kong and South Korea, regulators in the region began taking such risks much more seriously. Additionally, Singapore, as Southeast Asia's largest financial hub, processes a significant volume of cross-border transactions, making local banks particularly attractive targets.

It is important to understand: this is not to say that Mythos itself represents a direct threat or that Anthropic is complicit in misuse. MAS is responding to a fundamental shift in the threat landscape — any powerful language model that becomes widely accessible inevitably expands the capabilities of both legitimate users and malicious actors. If several years ago conducting a complex phishing attack required a team of experienced specialists, today access to a cutting-edge AI tool is sufficient.

Banks that have received the MAS directive will be required to audit their cybersecurity systems and report on measures taken. Analysts expect that similar warnings may be issued soon by the Hong Kong Monetary Authority (HKMA) and other regional regulators. The question is no longer whether Asian financial regulators will adapt their standards to the realities of powerful AI — but rather how quickly it will happen.