Anthropic says Claude Mythos Preview has identified thousands of additional high- and critical-severity vulnerabilities and is not being made generally available.
The Bank of England said it is testing AI risks to the financial system through scenario analysis and simulations.
German banks, BaFin, the finance ministry, and other authorities are assessing the risks tied to Mythos.
ECB supervisors are preparing to question banks about the model’s potential cyber threat.
OpenAI has launched GPT-5.4-Cyber for vetted security organizations, showing how quickly cyber-focused AI deployment is accelerating.
Banking regulators shift focus to AI cyber risk
Global financial officials are moving quickly to assess the banking risks linked to the latest generation of AI models after Anthropic’s Claude Mythos Preview raised fresh concerns about cyber vulnerability across the sector. Anthropic says the model has identified thousands of additional high- and critical-severity vulnerabilities and has kept access restricted under Project Glasswing rather than releasing it publicly.
That response is now spilling into financial supervision. The Bank of England said this week that it is testing the risks AI could pose to the financial system through scenario analysis and simulations, while Reuters reported that ECB supervisors are preparing to question banks about Mythos-related threats.
Officials and banks are now assessing the threat
In Germany, banks and national authorities are already examining the risks tied to Mythos. Reuters reported that the discussions involve the German Banking Association, the finance ministry, the Bundesbank and BaFin, with officials warning that financial firms must be ready to address newly discovered vulnerabilities quickly.
The issue is also moving up the policy chain in the United States. Reuters reported last week that Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell discussed Anthropic model risks with bank CEOs, highlighting how seriously officials are taking the issue.
“Financial firms must be prepared for the possibility that vulnerabilities could be discovered in the near future, which would then need to be addressed promptly and quickly,” BaFin said, according to Reuters.
Why Mythos is drawing attention
Anthropic’s own disclosures explain why the model has set off alarm bells. In a technical write-up, the company said Mythos Preview identified thousands of additional serious vulnerabilities and demonstrated the ability to chain together multiple exploits, including across major operating systems and web browsers. Anthropic said it does not plan to make the model generally available.
That matters for banks because the sector still depends on large, complex, and often legacy technology systems. Reuters reported that German banking officials see Mythos as posing significant challenges to the sector and its existing infrastructure.
The industry response is widening
The banking industry is not the only part of the market reacting. OpenAI said on April 14 that it was rolling out GPT-5.4-Cyber on a limited basis to vetted security vendors, organizations, and researchers, framing the launch as part of a broader push to strengthen defensive cyber capabilities.
That makes this more than a single-company story. It signals that advanced cyber-capable AI is moving into a new phase where firms, regulators, and infrastructure operators may need to update security practices faster than many had expected. That is an inference based on the rapid regulatory response, Anthropic’s restricted deployment, and OpenAI’s parallel launch of a cyber-focused model.
What matters now
For banks and regulators, the immediate issue is not only offensive misuse. It is also the speed at which these systems can expose weaknesses that already exist inside critical infrastructure.
Key points to watch:
whether more regulators issue direct guidance to banks
how quickly lenders can patch exposed vulnerabilities
whether access to these models remains tightly controlled
how AI companies and supervisors build a workable governance framework around cyber-capable models
The story is moving fast, but one point is already clear: financial authorities no longer see advanced AI only as a productivity tool. They are increasingly treating it as a live cyber-risk issue for the banking system.
