UK financial regulators and major banks are in urgent discussions over cybersecurity risks tied to Claude Mythos Preview, a new Artificial Intelligence model from Anthropic. The model is described as capable of detecting vulnerabilities in critical systems that have gone undetected for decades. Officials from the Bank of England, the Financial Conduct Authority and HM Treasury are working with the National Cyber Security Centre to evaluate weaknesses that the model could expose. Leading banks, insurers and exchanges are expected to be briefed on the risks at a meeting within the next fortnight.
The UK response follows similar action in the United States, where US Treasury Secretary Scott Bessent called in Wall Street bank leaders to discuss the model’s ability to identify security flaws that could be used by malicious actors. When Anthropic released Mythos to select customers last week, the San Francisco company said the model had already identified thousands of high-severity vulnerabilities across major operating systems and web browsers. The $380 billion firm warned that such capabilities could spread “beyond actors who are committed to deploying them safely”, with potentially severe consequences for economies, public safety and national security.
The issue has been added to the agenda of the UK’s Cross Market Operational Resilience Group, which brings together regulators and financial services firms to address systemic threats. CMORG is co-chaired by the Bank of England’s executive director for supervisory risk, Duncan Mackinnon, and David Postings of UK Finance. Its membership includes senior representatives from eight of the country’s largest banks, four financial infrastructure providers, two insurers, the National Cyber Security Centre, the Financial Conduct Authority and HM Treasury.
David Raw, managing director for resilience at UK Finance, said the organisation works with members and public-private partners on significant operational risks affecting the resilience of the UK financial services sector. If the threat worsens, the Bank of England could call an emergency meeting with financial institutions within one to two hours through its Cross Market Business Continuity Group, although that step has not been taken. The discussions come amid wider concern over cyberattacks in British industry and as the government considers standardised testing requirements for Artificial Intelligence models used across the UK banking sector.
