Bank of England convenes British banks for briefing on cyber risks of Anthropic's Mythos model

On April 16, the Bank of England escalated the Claude Mythos Preview to the level of systemic risk for the entire financial sector. Regulators are preparing a separate briefing for major banks, insurers, and exchanges following statements that Anthropic's new model can autonomously find and exploit vulnerabilities in critical software — from operating systems to browsers. This concerns meetings within the Cross Market Operational Resilience Group (CMORG) — a platform that coordinates the resilience of Britain's financial infrastructure.

Its participants include leaders of eight of the country's largest banks, representatives of four infrastructure operators, two insurance groups, as well as officials from the Treasury, Bank of England, FCA, and National Cyber Security Centre. The very fact that the issue is being raised at this level demonstrates that the problem is being treated not as another IT news item, but as a matter of payment stability, trading platforms, and critical services. The catalyst is Claude Mythos Preview — an Anthropic model not yet released publicly, access to which the company grants only to a limited circle of partners.

According to Anthropic, the model has already helped identify thousands of previously unknown high-severity vulnerabilities, including bugs in every major operating system and every major browser. The company also claims that the model can not only find weak points but also construct exploitation chains with minimal human involvement. One example is the discovery of a method by which a malicious website could gain access to data from another website, including banking data.

Regulators are particularly concerned that this is not a laboratory demonstration. Anthropic explicitly explained that it is not releasing Mythos Preview to broad access precisely because of its cyber capabilities. Among the disclosed examples is a 27-year-old vulnerability in OpenBSD, as well as other bugs that experts and automated tests failed to catch for years.

For banks, this is particularly sensitive: a significant portion of the industry still relies on a complex and heterogeneous legacy stack, where even a single new exploitation search technique could drastically shorten the time between vulnerability discovery and actual attack. The seriousness of the situation is underscored by international reaction. Before these British meetings, emergency discussions had already taken place in the USA and Canada.

In Washington, the topic was raised by the U.S. Treasury and Federal Reserve System together with leaders of major systemically important banks.

For regulators, this is a signal that frontier models are beginning to affect not only developer productivity but also the profile of systemic risks: if such tools fall into the hands of malicious actors or simply outpace the readiness of defensive teams, it is precisely the most critical nodes — payments, clearing, trading infrastructure, and banking web services — that will become more vulnerable. In parallel, Anthropic launched Project Glasswing — a program for early controlled access for defensive teams. Partners named include AWS, Apple, Google, Microsoft, Nvidia, Cisco, and JPMorgan Chase.

The company is promising up to $100 million in credits for Mythos usage and another $4 million in donations to organizations working on open source security. The logic is straightforward: give defenders a head start so they can find and patch vulnerabilities before similar capabilities become widespread among competitors or leak into the attacking ecosystem. The main takeaway for the financial sector is that AI risk has stopped being an abstract topic about the future.

If Anthropic's claims are even partially confirmed in real-world practice, banks will need to accelerate vulnerability inventorying, review patching processes, and learn to use similar models for defense. Otherwise, for the first time, the advantage in speed and scale could shift not to security teams but to those who automate attacks.