A recently announced powerful AI model built by Anthropic has prompted emergency meetings among finance ministers, central bankers and Wall Street chief executives after it demonstrated the ability to discover and exploit cybersecurity weaknesses across major banking systems, operating systems and web browsers.
The Claude Mythos Preview model was discussed at a meeting convened by US Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell with the chief executives of the country's largest banks, including Bank of America's Brian Moynihan and Goldman Sachs's David Solomon.
Anthropic said the model represents a "step change" in AI performance and is the most capable it has built to date. The company has not released Mythos publicly, citing internal tests that found it too dangerous in its current form.
JPMorgan Chase, Goldman Sachs, Citigroup, Bank of America and Morgan Stanley are among the institutions testing the model through Anthropic's early access programme called Project Glasswing, which grants select financial firms access under controlled conditions. The White House has encouraged banks to use Mythos to audit their own systems before hostile actors gain access to similar capabilities.
Barclays chief executive CS Venkatakrishnan told the BBC on April 16 that the threat was serious. "We have to understand it better, and we have to understand the vulnerabilities that are being exposed and fix them quickly," he said, adding that the situation reflected a more connected financial system with both opportunities and risks.
Bank of England Governor Andrew Bailey said regulators were examining what the development could mean for cybercrime risk. "The consequence could be that there is a development of AI, of modelling, which makes it easier to detect existing vulnerabilities in core IT systems, and then obviously cyber criminals could seek to exploit them," Bailey said.
Banks are seen as exposed because they operate mixed technology stacks where modern infrastructure runs alongside decades-old legacy systems. Security researcher Costin Raiu told Reuters that IBM-built banking systems from decades back would be particularly vulnerable, saying "a model like Mythos would have a field day finding exploits" in such technology.
Anthropic briefed senior US government officials on the model's capabilities before its limited release, including the Cybersecurity and Infrastructure Security Agency. The company also reported that hacking groups linked to the Chinese government had already attempted to exploit an earlier version of Claude in real-world cyberattacks, including a coordinated campaign targeting around 30 organisations before Anthropic detected and shut it down.
Anthropic has since released a separate update, Claude Opus 4.7, which includes new cyber safeguards, saying it would test protections on less capable models before eventually working towards a broader release of Mythos-class systems.
Financial industry sources told the BBC that another prominent US AI company could soon release a similarly powerful model without the same safeguards.
James Wise, a partner at Balderton Capital and chair of the UK's Sovereign AI unit, said Mythos was "the first of what will be many more powerful models" that could expose system weaknesses.
Former White House AI czar David Sacks was sceptical, saying on the "All-In" podcast that Anthropic was skilled at "scaring people" alongside product launches.
No comments:
Post a Comment