Global finance chiefs gathering at this week’s International Monetary Fund meetings in Washington confronted an unexpected threat assessment: a new artificial intelligence model developed by Anthropic that the company characterises as possessing unprecedented capability to identify and exploit cybersecurity vulnerabilities across financial systems, operating platforms, and web browsers whose protection underpins the digital infrastructure that modern economies depend upon.
The Claude Mythos model—which Anthropic has deliberately withheld from public release whilst providing restricted access to technology giants including Amazon Web Services, CrowdStrike, Microsoft and Nvidia through an initiative termed Project Glasswing—has generated sufficient alarm that Canadian Finance Minister François-Philippe Champagne told the BBC it warranted “the attention of all the finance ministers” present at the gathering.
“The difference is that the Strait of Hormuz—we know where it is and we know how large it is… the issue that we’re facing with Anthropic is that it’s the unknown, unknown,” Champagne stated, drawing comparison between the Middle Eastern energy chokepoint whose closure has generated global recession fears and an AI system whose capabilities remain incompletely understood yet potentially pose systemic risks that geopolitical crises cannot match. “This is requiring a lot of attention so that we have safeguards, and we have process in place to make sure that we ensure the resiliency of our financial systems.”
Bank of England Governor Andrew Bailey characterised the development as demanding serious examination, warning that “there is a development of AI, of modelling, which makes it easier to detect existing vulnerabilities in sort of core IT systems, and then obviously cyber criminals—the bad actors—could seek to exploit them.” The acknowledgment that the model might expose previously-unknown security flaws creates dual imperatives: allowing financial institutions to identify and remediate weaknesses before malicious actors discover them, whilst preventing the AI itself from becoming tool that criminals employ to compromise systems more effectively than human hackers could achieve independently.
What Makes Mythos Different From Previous AI Security Capabilities
Anthropic revealed the model earlier this month when developers responsible for testing AI systems’ performance on “misaligned” tasks—activities contradicting human values, goals and behaviour—described Mythos as “strikingly capable at computer security tasks.” The characterisation positioned the system as qualitatively different from previous AI models whose security testing abilities proved useful yet limited compared to skilled human penetration testers employing conventional vulnerability discovery techniques.
The company’s decision to withhold public release whilst providing restricted access through Project Glasswing—which Anthropic terms an “effort to secure the world’s most critical software”—represents extraordinary intervention suggesting the developers themselves concluded that normal release protocols would create unacceptable risks. Thursday’s introduction of a new Claude Opus version incorporating some Mythos capabilities in “less powerful systems” suggests Anthropic is attempting calibrated disclosure allowing security researchers to evaluate the technology whilst limiting potential for malicious exploitation.
Yet independent assessment of Mythos’ actual capabilities remains limited given the restricted access Anthropic has permitted. The UK’s AI Security Institute published the only independent evaluation after receiving preview version access, concluding that whilst the model proved “a powerful tool able to find many security holes in undefended environments,” it was “not dramatically better than Claude’s predecessor, Opus 4” at identifying vulnerabilities in systems with robust security postures already implemented.
“Our testing shows that Mythos Preview can exploit systems with weak security posture, and it is likely that more models with these capabilities will be developed,” the report authors stated—a formulation suggesting the real concern stems less from Mythos specifically than from the trajectory toward increasingly sophisticated AI security testing capabilities that multiple companies will likely develop regardless of whether Anthropic releases this particular model.
Why Sceptics Question Whether Alarm Reflects Genuine Threat or Marketing Strategy
The concerns surrounding Mythos may exceed discussion around previous AI models, yet cybersecurity experts have questioned whether the alarm proves justified—particularly given that broader industry testing to verify claimed capabilities has not occurred. The pattern of AI developers announcing models too powerful or dangerous for public release whilst providing controlled access to select partners has generated accusations that such restrictions serve hype-building purposes rather than genuine safety considerations.
OpenAI employed similar rhetoric in February 2019 when citing fears about GPT-2’s text generation capabilities to justify staggered release—a decision critics characterised as marketing theatre given that the model’s abilities, whilst impressive, did not meaningfully exceed what determined actors could achieve through alternative means. That GPT-2 now appears quaint compared to subsequent releases including ChatGPT suggests the “too dangerous to release” framing generated publicity whilst the actual risks proved manageable once proper safeguards were implemented.
Whether Mythos represents genuine breakthrough in AI-enabled vulnerability discovery or merely incremental improvement marketed through alarming language remains contested amongst security professionals who lack independent access to verify Anthropic’s claims. The company’s assertion that the model has “already exposed multiple security vulnerabilities in some critical operating systems, financial systems and web browsers” provides no specificity about which systems proved vulnerable, what types of flaws were discovered, or whether human security researchers would have identified identical weaknesses through conventional testing.
Financial industry sources indicated that another prominent US AI company could soon release similarly powerful model “without the same safeguards”—a development that if accurate would undermine whatever protective value Anthropic’s restricted access provides by ensuring that comparable capabilities become publicly available regardless of Project Glasswing participants’ preferences. The competitive dynamics driving AI development suggest that unilateral restraint by individual companies proves ineffective when rivals conclude that releasing powerful models generates commercial advantage outweighing safety concerns.
The Banking Sector’s Scramble to Test Systems Before Public Release
Barclays chief executive CS Venkatakrishnan told the BBC that “it’s serious enough that people have to worry. We have to understand it better, and we have to understand the vulnerabilities that are being exposed and fix them quickly.” His acknowledgment that “this is what the new world is going to be”—referencing increasingly connected financial systems with both opportunities and vulnerabilities—captures the dual-use nature of AI capabilities that can strengthen defences when employed by institutions protecting their systems yet equally empower attackers seeking to compromise those same infrastructures.
The US Treasury confirmed it had raised the issue with major American banks, encouraging them to test their systems using Mythos access before any potential public release. The proactive engagement suggests regulators view the model as representing sufficient threat that institutions should prioritise vulnerability remediation rather than waiting to assess whether concerns prove justified after criminals or hostile state actors have already exploited weaknesses that earlier testing might have identified.
James Wise, a partner at Balderton Capital who chairs the Sovereign AI unit—a venture capital fund investing £500 million of government funding in British AI companies—characterised Mythos as “the first of what will be many more powerful models” exposing system vulnerabilities. His unit is “investing in British AI companies that are tackling that—companies working in AI security and safety,” he told the BBC’s Today Programme, expressing hope that “the models that expose vulnerabilities are also the models which will fix them.”
The optimistic framing positions AI security capabilities as self-correcting: the same technologies enabling vulnerability discovery can accelerate patch development and defensive countermeasure implementation, creating virtuous cycle where attack and defence capabilities advance in tandem rather than attackers gaining decisive advantage. Yet whether this equilibrium materialises depends partly on whether defensive AI deployment proves as widespread as offensive capabilities, and partly on whether institutional incentives adequately prioritise security investment when immediate business pressures favour cost minimisation over resilience enhancement.
The ministerial-level attention that Mythos has commanded reflects recognition that financial system cybersecurity constitutes national security concern extending beyond individual institutions’ risk management. A coordinated attack exploiting previously-unknown vulnerabilities across multiple banks simultaneously could trigger payment system failures, liquidity crises, and loss of public confidence in financial infrastructure whose reliable operation modern economies require for basic commercial transactions and household financial management.
Champagne’s invocation of “unknown, unknown” threats—borrowing Donald Rumsfeld’s taxonomy of uncertainty—captures the particular anxiety that AI-enabled vulnerability discovery generates: unlike conventional cybersecurity where threat landscapes evolve gradually as human researchers and criminals identify new attack vectors, AI systems potentially compress discovery timelines whilst identifying vulnerability classes that human intuition might never recognise. Whether such capabilities exist in Mythos specifically or remain speculative fears that testing has yet to validate constitutes the question that finance ministers’ crisis meetings are attempting to answer before events force resolution through actual system compromises.
For now, the restricted access regime that Anthropic has established through Project Glasswing represents attempt to thread needle between transparency that security research demands and restraint that catastrophic risks might justify. Whether the approach proves adequate, whether comparable models without equivalent safeguards soon emerge from competitors, and whether the entire episode represents genuine inflection point in cybersecurity or merely successful marketing campaign generating attention for Anthropic’s latest release will become clearer as institutions complete their testing and as independent researchers gain access sufficient to verify or refute the extraordinary capabilities the company has claimed its creation possesses.
