Islam FaisalEconomics writer
Finance ministers, central bankers and financiers have expressed serious concerns about a powerful new AI model, which they fear could undermine the security of financial systems.
The development of the Claude Mythos model by Anthropic gave rise to crisis meetings, after discovering vulnerabilities in many major operating systems.
Experts say it potentially has an unprecedented ability to identify and exploit cybersecurity weaknesses – although others caution that further testing is needed to fully understand its capabilities.
Canadian Finance Minister François-Philippe Champagne told the BBC that Mythe was discussed at length at the International Monetary Fund (IMF) meeting in Washington DC this week.
“It is certainly serious enough to deserve the attention of all finance ministers,” he said.
“The difference is that the Strait of Hormuz – we know where it is and how big it is… the problem we face with Anthropic is that it’s the unknown, the unknown.”
“This requires a lot of attention so that we have safeguards and we have processes in place to ensure the resilience of our financial systems,” he added.
Concerns about Mythos exceed those of any previous AI model. However, some cybersecurity experts question how justified they are, especially since the model has not been tested by the industry as a whole to determine its true capabilities.
The UK’s AI Security Institute has had access to a preliminary version of this and has published the only independent report on the model’s cybersecurity skills.
Its researchers noted that it was a powerful tool capable of detecting many security vulnerabilities in undefended environments, but suggested that Mythos was not significantly better than Claude’s predecessor, Opus 4.
“Our testing shows that Mythos Preview can exploit systems with weak security, and it is likely that more models with these capabilities will be developed,” the report’s authors said.
“Understanding vulnerabilities”
Large bankers should have access to the model in advance to test their systems.
Barclays chief executive CS Venkatakrishnan told the BBC: “It’s serious enough that people need to be concerned.
“We need to understand it better, understand the vulnerabilities that are exposed and fix them quickly.”
He added that “this is what the new world will be,” referring to a much more connected financial system, with both opportunities and vulnerabilities.
While developer Anthropic said the model has already exposed multiple security vulnerabilities in some critical operating systems, financial systems and web browsers, governments and banks are being offered access ahead of its public release to help protect their own systems.
Bank of England Governor Andrew Bailey told the BBC that this development should be taken very seriously: “We now need to look very carefully at what this latest development in AI could mean for the risk of cybercrime.”
He added: “The consequence could be that there is a development of AI, of modeling, that makes it easier to detect existing vulnerabilities in sort of core IT systems, and then obviously cybercriminals – bad actors – could seek to exploit them.”
The US Treasury confirmed that it had raised the issue with its main banks, encouraging them to test their systems, before any public release of Mythos by Anthropic.
Financial industry sources have indicated that another major US AI company could soon launch an equally powerful model, but without the same guarantees.
James Wise, partner at Balderton Capital, is chairman of the Sovereign AI unit, a venture capital fund which will invest in UK AI companies, backed by £500m of government funding.
He said Mythos is “the first of many more powerful models” capable of exposing vulnerabilities in systems.
His unit is “investing in UK AI companies that are tackling this problem – companies working in AI security and safety,” he told the BBC’s Today programme.
“We hope that the models that expose the vulnerabilities are also the ones that will fix them.”
