Why Global Banks Are Concerned About Anthropic’s New AI Model: Key Insights and Implications

In the realm of American crime lore, Willie Sutton stands out as a notorious bank robber whose exploits spanned four decades. His rationale for robbing banks was famously succinct: “Because that’s where the money is.” This age-old view of banks as treasure troves has taken on a modern twist: with the rise of technology, especially artificial intelligence (AI), the potential for digital heists has escalated dramatically. In 2017, I anticipated that not only charismatic figures like Sutton would be targeting banks, but so too would AI-driven cybercriminals. This reality is rapidly becoming a concern for financial institutions worldwide.

The Unsettling Power of AI

At the heart of these concerns lies a sophisticated AI model known as “Mythos,” developed by Anthropic, the team also responsible for the widely recognized Claude chatbot. While the general public cannot access this advanced model, its internal testing has uncovered thousands of significant security vulnerabilities across major operating systems and web browsers. Alarmingly, some of these flaws have remained hidden for decades, and many qualify as “zero-day” vulnerabilities—serious issues that require immediate resolution. These vulnerabilities may open the proverbial back door into the financial vaults of banks.

Limited Access: A Preemptive Step

In response to mounting concerns, Anthropic has chosen to restrict access to Mythos, sharing it solely with a select group of partners within a defensive coalition, which includes tech giants like Microsoft, Amazon Web Services, Apple, Cisco, and the Linux Foundation. This careful rollout seeks to mitigate risk while tackling identified security flaws. Additionally, Anthropic has pledged substantial resources—approximately $100 million in usage credits and $4 million for open-source grants—to fix these vulnerabilities.

While this initiative is commendable, reports indicate that many institutions outside the United States—including banks in Australia and Europe—have yet to gain access to this groundbreaking model. Recent news also raises alarm about unauthorized users who may have managed to interact with Mythos, although there is no current evidence of malicious intent.

Read more: Claude Mythos and Project Glasswing: why an AI superhacker has the tech world on alert

Global Financial Concern

Recently, policymakers from various nations convened at the International Monetary Fund spring meeting, where cybersecurity in the banking sector featured prominently on the agenda. Banks, with their troves of sensitive information and monetary assets, are prime targets for cybercriminals—particularly those leveraging advanced AI technologies. The incidence of legacy systems within banks compounds the risk, as outdated technology often leaves institutions more susceptible to cutting-edge attacks.

While individual customers may not need to panic, as many countries have robust consumer protections—including deposit insurance and reimbursement policies for unauthorized transactions—there is a pressing urgency for banks to fortify their defenses. Continuous updates to computers and smartphones, especially for banking applications, are advisable as patches for these newfound vulnerabilities are developed.

The Continuous Battle Against Cyber Crime

The unfolding narrative surrounding Mythos underscores a critical cybersecurity principle: defending against attacks is inherently more challenging than executing them. Software is one of the most intricate constructs in existence, making it nearly impossible to create without flaws. This reality sets the stage for an unending competition against those with malicious intent, who constantly seek to exploit weaknesses before they can be rectified.

For instance, the European Union has recently rolled out an age verification app intended to comply with new regulations for online content. In a twist of irony, security experts discovered vulnerabilities within mere hours of its launch that could allow young users to bypass restrictions. Although some software can undergo rigorous evaluation to prove its security—such as the recent efforts by the Beneficial AI Foundation to certify the messaging app Signal—such instances remain exceptions rather than the standard practice.

The advent of powerful AI models like Mythos presents both peril and potential. In this rapidly evolving landscape, as these technologies advance, they could also pave the way for more effective defensive mechanisms against cyber threats.