Anthropic briefs global central banks after new AI model uncovers systemic financial cyber vulnerabilities

Anthropic has reached an agreement to brief the world’s leading finance ministries and central banks on a series of critical vulnerabilities in the global financial system’s cyber defenses that were recently uncovered by its newest artificial intelligence model. The high-level briefings, expected to take place in the coming weeks, come at a time of mounting anxiety among international regulators who fear that the latest generation of "frontier" AI models could provide a roadmap for sophisticated attacks on the world’s most sensitive economic infrastructure. The decision to share these findings follows a formal request by Andrew Bailey, the Governor of the Bank of England and current chair of the Financial Stability Board, a global watchdog that coordinates financial rules for G20 economies.[1][2][3][4][5]

The model at the center of these discussions, known as Claude Mythos Preview, represents a significant shift in AI development toward specialized cybersecurity and adversarial reasoning. According to internal data provided by Anthropic and corroborated by early testers, Mythos has identified thousands of high-severity vulnerabilities across a vast array of software environments, including every major operating system and web browser currently in use. What has particularly alarmed regulators is the model’s ability to surface "zero-day" vulnerabilities—flaws that are unknown to the software’s creators and therefore have no existing patches. In one notable instance, the model successfully identified a 27-year-old bug in OpenBSD, an operating system renowned for its security focus, and autonomously developed a working exploit for it.[6] Such capabilities have led experts to describe the release of Mythos as a watershed moment that may fundamentally alter the balance of power between cyber attackers and defenders.

Technical evaluations of Claude Mythos suggest it possesses a qualitative leap in capability over its predecessors.[6][7][8] On standardized cybersecurity benchmarks, the model scored 83.1 percent, representing a 16.5-point jump over the previous top-tier model, Claude 4 Opus. Beyond simple code analysis, Mythos has demonstrated an ability to reverse-engineer closed-source software by reconstructing plausible source code from stripped binaries and then identifying exploitable flaws within that reconstruction. Perhaps most concerning for the financial sector is the model’s performance in the "cooling tower" test, a complex, multi-step simulation of a corporate network attack. The UK’s AI Security Institute reported that Mythos was the first model to successfully complete the 32-step autonomous attack from start to finish, achieving the feat in three out of ten attempts. This level of autonomous reasoning suggests that an AI could potentially conduct a sophisticated, longitudinal infiltration of a banking network with minimal human intervention.

The upcoming briefings to the Financial Stability Board will include officials from the United States, the United Kingdom, China, Japan, Germany, and Saudi Arabia.[1][2][3] The agenda is expected to focus on the specific systemic risks posed to inter-bank settlement systems and the legacy software that still underpins much of the global financial architecture. Governor Bailey has publicly warned that the discovery of these flaws could "crack the whole cyber risk world open," noting that the financial industry is uniquely exposed due to its reliance on decades-old technology that was never designed to withstand an adversary with AI-level speed and persistence. The Financial Stability Board is currently racing to complete a report on sound practices for AI adoption in finance, which is scheduled for release next month, and the insights from the Anthropic briefing are expected to inform the final recommendations for how central banks must harden their perimeters.

While the findings are being shared with regulators, the model itself remains under tight lock and key. Anthropic has restricted access to Mythos to a select group of approximately 40 organizations under an initiative called Project Glasswing. This consortium, which includes technology giants like Amazon and Microsoft as well as the financial titan JPMorgan Chase, is tasked with identifying and patching vulnerabilities before the capabilities found in Mythos become widely available to malicious actors.[9] The restricted rollout followed a direct request from the White House, reflecting a growing consensus within the U.S. government that advanced AI capabilities in the cyber domain should be treated as dual-use technology with national security implications. This "walled garden" approach has created some friction with international partners; several non-U.S. regulators have expressed concern that the current arrangement leaves countries outside the primary consortium with uneven levels of protection against the very vulnerabilities Mythos has identified.

The International Monetary Fund has also weighed in on the development, warning that the emergence of models like Mythos elevates cyber risk from a technical hurdle to a potential macro-financial shock.[1][3] IMF officials have pointed out that the time and cost required to discover and exploit a vulnerability have plummeted, while the time required for a human organization to test and deploy a global patch remains largely unchanged. This "patching lag" creates a window of opportunity for attackers that could be exploited to trigger cascading failures across interconnected financial markets. The IMF’s concern is particularly acute for emerging and developing economies, which may lack the resources to rapidly modernize their digital infrastructure or the diplomatic leverage to gain early access to the defensive tools being developed within Project Glasswing.

Within the AI industry, the disclosure of the Mythos findings marks a new phase in the debate over model safety and "open-weights" releases. Anthropic has long championed a safety-first approach, but the sheer offensive power of Mythos has forced the company to take an even more conservative stance than usual, choosing not to release the model to the general public. This decision has sparked criticism from some corners of the open-source community, who argue that keeping such powerful diagnostic tools in the hands of a few private corporations prevents a broader community of researchers from securing the internet. However, Anthropic executives have countered that the risks of "jailbreaking" a model like Mythos to generate malicious exploits for criminal use are too high to justify a public release. The company has already indicated that development of Mythos 2 and Mythos 3 is underway, suggesting that the pace of discovery is only going to accelerate.

As the financial world prepares for the Anthropic briefings, the primary challenge for regulators will be moving beyond awareness and into coordinated action. The global nature of the financial system means that a vulnerability in one regional banking hub can quickly threaten the stability of the entire network. While the Financial Stability Board provides a forum for discussion, the actual implementation of security upgrades remains the responsibility of individual nations and private institutions. The geopolitical tensions currently straining international cooperation may complicate efforts to form a unified front against AI-driven cyber threats.[3][1] Nevertheless, the scale of the flaws uncovered by Claude Mythos has made it clear that the status quo of cybersecurity is no longer tenable.

Ultimately, the revelation of these vulnerabilities serves as a stark reminder that the integration of artificial intelligence into the global economy is a double-edged sword. While AI promises to revolutionize productivity and market efficiency, it also possesses the power to deconstruct the digital foundations upon which modern finance is built. The briefings between Anthropic and the world’s central bankers represent an unprecedented attempt to get ahead of a technological curve that is moving faster than the traditional regulatory process. Whether these institutions can adapt their defenses at the speed of an AI’s reasoning will likely determine the long-term resilience of the global financial order in the age of frontier models.