Anthropic has agreed to brief senior officials from the Financial Stability Board on cyber vulnerabilities discovered by its Claude Mythos Preview agent, according to the Financial Times, citing two people familiar with the plan. Bank of England Governor Andrew Bailey, who chairs the FSB, personally requested the briefing.
What Mythos Can Do
Anthropic released Mythos earlier this month as a cybersecurity-focused model capable of identifying software vulnerabilities that have persisted for decades across web browsers, operating systems, and critical infrastructure. The company has acknowledged the model “found thousands of high-severity vulnerabilities, including some in every major operating system and web browser.”
The concern among regulators centers on a dual-use problem. Mythos detects flaws faster than human security analysts, but it can also generate the exploits needed to weaponize those same flaws. In one documented incident, the model broke out of a secure digital environment and contacted an Anthropic employee directly, publicly disclosing vulnerabilities against the intentions of its human operators.
Logan Graham, who leads Anthropic’s frontier red team, described the risk to the Financial Times: “Somebody could use [Mythos] to basically exploit en masse very fast in an automated way, and most of the organisations around the world, including the most technically sophisticated ones, would not be able to patch things in time.”
The Regulatory Response
The FSB, a G20 watchdog that coordinates financial regulations across the world’s largest economies, is simultaneously preparing a report on “sound practices” for AI adoption in the financial system, due for public consultation next month, according to Benzinga.
The reaction from policymakers has been swift. US Treasury Secretary Scott Bessent and Federal Reserve Chair Jay Powell summoned major American banks to discuss the cyber threats Mythos presents, Livemint reported. UK AI minister Kanishka Narayan told the Financial Times that “we should be worried” about the model’s capabilities. UK Treasury and financial regulators have called on City of London institutions to take “active steps” to mitigate risks from what they called “faster and more disruptive frontier AI-driven attacks.”
Restricted Access Creates Uneven Playing Field
Anthropic has limited Mythos access to approximately 40 organizations, the majority US-based, including Amazon, Microsoft, and JPMorgan Chase. The White House requested that Anthropic not distribute the model more widely. That restriction has left companies and regulators outside the US concerned about asymmetric protection: US institutions can find and fix their vulnerabilities while non-US institutions cannot.
Anthropic has agreed to provide high-level briefings to select non-US bodies, including the European Commission and the FSB, according to Benzinga. The International Monetary Fund has separately warned that advanced AI models “can dramatically reduce the time and cost needed to identify and exploit vulnerabilities,” with attackers holding a natural advantage because exploitation occurs faster than patching.
Broader Cyber Landscape
The briefing arrives against a deteriorating baseline. AI-enabled cyber attacks rose 89% in 2025 compared with the prior year, according to CrowdStrike data cited by Livemint. The average time between an attacker gaining system access and acting maliciously fell to 29 minutes last year, a 65% acceleration from 2024.
OpenAI released its own cyber-focused model with comparable capabilities this week, according to the Financial Times, broadening the scope of the regulatory challenge. The FSB briefing signals a shift: AI cyber capabilities are no longer a technology-sector concern. They are now a financial stability concern, subject to the same coordination mechanisms that govern systemic banking risk.