Since its launch, in early April, of Anthropic’s Claude Mythos model, financial supervisory authorities have not been concealing their concern. The apprehension is spreading from London to Frankfurt.
The issue centers on the model’s unprecedented capabilities, with frontier-level capacities for detecting software vulnerabilities that surpass “all humans except the most expert.”
A threat that could primarily target banking information systems, notorious for the age and complexity of their technological infrastructures.
The supervisors at the European Central Bank (ECB) are preparing to question directly the institutions under their oversight about their level of readiness in facing this new risk. The ECB has ranked technological risk among its priorities for the 2026-2028 period.
According to a source cited by Reuters, the ECB is currently gathering information about the model ahead of a roundtable with euro-area financial institutions.
Germany on a War Footing
Across the Rhine, mobilization is also underway. The German Banking Association (Bundesverband deutscher Banken) confirmed that consultations are underway with cyber experts from member banks, as well as with the Finance Ministry, the Bundesbank, and the financial regulator BaFin.
“Mythos is being used in a controlled manner by cybersecurity firms to close potential vulnerabilities as quickly as possible. We expect a series of software updates soon and are monitoring developments closely,” he told Reuters.
BaFin, for its part, warned the sector: “Financial institutions must prepare for the possibility that vulnerabilities will be discovered in the near future, which will then have to be addressed promptly.”
London and Washington Sound the Alarm
The response from British authorities is equally firm. Technology Secretary Liz Kendall and Security Minister Dan Jarvis sent an open letter to UK businesses, stating that Mythos was “substantially more capable in offensive cyber” than any model previously assessed by the government’s AI Security Institute.
They describe a new generation of AI now capable “of locating flaws in software, writing the code to exploit them, and doing so at a speed and scale that would have been impossible just a year ago.”
The Governor of the Bank of England, Andrew Bailey, likewise deemed it urgent earlier in the week that central banks and financial regulators quickly understand the implications of the new model. Meetings between the Bank of England, the Financial Conduct Authority, the Treasury, and the National Cyber Security Centre have already been organized to assess the risks.
A Model Beyond the Reach of the General Public
Why the feverish reaction? Anthropic itself has acknowledged that Claude Mythos Preview (the model’s current version) would not be made available to the general public, precisely because of its offensive capabilities. The startup contends that the model can identify and exploit vulnerabilities in “every major operating system and every major web browser,” and it has already catalogued thousands of major vulnerabilities in widely used software.
To govern its deployment, Anthropic launched “Project Glasswing”: a controlled initiative in which some forty selected organizations, including Microsoft, Google, JPMorgan Chase, cybersecurity publishers, and other major tech players, are authorized to evaluate the model privately and prepare defenses accordingly. A framework that underscores the acute awareness that Anthropic has of the risks it has unleashed.
In the United States, Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened urgent meetings with the CEOs of the major Wall Street banks on April 8 in Washington to warn them about the cyber risks posed by Mythos.
Bloomberg reported the presence of leaders from Citi, Morgan Stanley, Bank of America, Wells Fargo, and Goldman Sachs. Donald Trump himself publicly acknowledged the threat on Wednesday, expressing support for government protective measures.
