German banks and national authorities have initiated a coordinated review of the security risks connected to Anthropic's latest artificial intelligence model, according to statements released on Thursday. The move follows concerns within cybersecurity circles that the model, known as Mythos, could create new avenues for cyberattacks on financial institutions and their legacy technology stacks.
Kolja Gabriel, who sits on the executive board of the German Banking Association and oversees technology and innovation, said the banking industry association is engaging its members' IT security experts while consulting with Germany's finance ministry and other relevant authorities. In an emailed statement, Gabriel said Mythos is currently being applied in a controlled way by IT security firms to identify and seal possible weaknesses as quickly as possible.
"Mythos is being used in a controlled manner by IT security firms to close potential vulnerabilities as quickly as possible. We expect a series of software updates shortly and are closely monitoring developments," Gabriel said in the statement.
The discussions on the German side also include the Bundesbank and the Federal Financial Supervisory Authority, BaFin. The finance ministry declined to comment. The central bank did not immediately respond to a request for comment.
BaFin said it maintains regular exchanges with relevant national, European and international stakeholders. In its own statement, the regulator warned that financial firms must be prepared for the possibility that vulnerabilities could be discovered in the near future, and that any such issues would need to be addressed promptly and efficiently.
At the European level, supervisors at the European Central Bank are set to question bankers about the risks presented by Mythos, a development that underscores how regulators across jurisdictions are taking the issue seriously.
Anthropic has indicated that the current iteration, Claude Mythos Preview, will not be made widely available. Instead, the company has announced Project Glasswing. Under that initiative, Anthropic has invited major technology firms, cybersecurity vendors and financial institutions, including JPMorgan Chase and several dozen other organisations, to privately test the model and prepare defences.
The coordination among banks, national authorities and European supervisors reflects a focus on rapid detection and remediation. Industry participants are running controlled tests and expect follow-up software updates as they work to mitigate any exposures identified during those reviews.
Key points
- German banks, the finance ministry, the Bundesbank and BaFin are coordinating work to assess security risks tied to Anthropic's Mythos model - sectors affected include banking and cybersecurity.
- BaFin cautioned that vulnerabilities could emerge in the near term and would need quick remediation - this affects operational resilience in financial services.
- Anthropic will not broadly release Claude Mythos Preview, and has launched Project Glasswing to allow select companies and banks, including JPMorgan Chase, to evaluate the model privately and prepare defences - this involves technology and cybersecurity vendors as well as major financial institutions.
Risks and uncertainties
- Potential discovery of vulnerabilities in Mythos that could be exploited - risk primarily to banking infrastructure and legacy IT systems.
- Uncertainty over the timing and effectiveness of forthcoming software updates and fixes - operational risk for financial firms while patches are developed and deployed.
- Regulatory scrutiny, including questions from European Central Bank supervisors, could increase compliance and oversight demands on banks testing and deploying defences - risk to bank operational processes and compliance teams.