UK regulators are moving quickly to examine the risks posed by Anthropic’s Claude Mythos Preview Artificial Intelligence model. The Bank of England, Financial Conduct Authority and HM Treasury are in urgent talks with the National Cyber Security Centre and major banks through the UK’s Cross Market Operational Resilience Group.
The group includes the Bank of England, the National Cyber Security Centre, the Financial Conduct Authority, HM Treasury, the UK Finance trade body for banks, eight of the UK’s biggest banks, four financial infrastructure providers and two insurers. Regulators are also speaking with representatives from major financial institutions, including banks, insurers and exchanges, and are expected to brief these stakeholders on Claude Mythos Preview’s cyber risks later this month.
Claude Mythos Preview is not publicly available and is designed to understand and modify existing software, allowing it to detect vulnerabilities that have gone unnoticed for years. In testing, the system uncovered flaws that had been overlooked for decades, including a 27-year-old weakness in OpenBSD. That capability could strengthen cyber defence, but it also raises concern because the autonomous discovery of flaws without human involvement could be used for criminal purposes.
Concern is not limited to the UK. Treasury Secretary Scott Bessent recently called a meeting with some of the largest US banks on Mythos’ risk. A limited early trial is underway with organisations including AWS, Apple, Google, Microsoft and Nvidia, an approach that Bharat Mistry, field CTO at TrendAI, described as trying to give defenders a head start.
