Executives from Canadian banks and regulators convened on Friday to address cybersecurity risks associated with Anthropic’s latest AI model, Claude Mythos. The discussions come amid rising concerns that the powerful AI tool could potentially be leveraged by cybercriminals to exploit software vulnerabilities.
The meeting, part of the Canadian Financial Sector Resiliency Group (CFRG), was chaired by Alexis Corbett, chief operating officer of the Bank of Canada. It included representatives from the Department of Finance, the Office of the Superintendent of Financial Institutions, and several of Canada’s largest banks, including Desjardins Group.
This gathering followed a similar meeting in the United States led by Treasury Secretary Scott Bessent, which included the chief executives of major U.S. banks such as Bank of America and CitiGroup. The discussions reflect heightened vigilance among regulators and cybersecurity experts regarding the potential for AI-driven cyberattacks to threaten the financial sector and other critical infrastructure.
Experts have flagged Mythos as “exceptionally dangerous” due to its ability to identify and exploit vulnerabilities in software, raising alarms about its implications for cybersecurity. Paul Badertscher, a spokesperson for the Bank of Canada, clarified that Friday’s meeting was not an emergency session, stating, “This was not that,” while emphasizing the group’s role in monitoring threats in the technology environment.
Neither Bank of Canada Governor Tiff Macklem nor Senior Deputy Governor Carolyn Rogers attended the meeting. However, discussions earlier in the week in the U.S. included Bessent, Federal Reserve Chair Jerome Powell, and other top banking executives.
Anthropic describes Mythos as a dual-use tool capable of both offensive and defensive applications, finding and repairing vulnerabilities while also enabling potential exploitation by malicious actors. The company has indicated that the model has already identified thousands of vulnerabilities across “every major operating system and web browser.”
To mitigate risks, Anthropic has opted not to make Mythos publicly available, instead offering a preview version to selected organizations responsible for critical digital infrastructure. This initiative, known as Project Glasswing, includes participants such as Amazon, Microsoft, Apple, Google, JPMorgan Chase, CrowdStrike, Palo Alto Networks, and Nvidia.
Charles Finlay, executive director of Rogers Cybersecure Catalyst at Toronto Metropolitan University, highlighted the model’s capabilities as a defensive asset while also acknowledging its potential for misuse. “What we appear to have here is an AI that is exceptionally capable as a defensive tool but is also exceptionally dangerous,” he noted, stressing the challenges this presents in the current technology landscape.
Finlay remarked on the difficulty of distinguishing between the model’s realistic capabilities and any exaggeration surrounding its power. He cautioned that if Anthropic‘s claims are accurate, the landscape of cybersecurity could fundamentally change, presenting new challenges for safeguarding technology.
David Shipley, CEO of Canadian cybersecurity firm Beauceron Security Inc., echoed these concerns, stating that Mythos can identify “extraordinary levels of flawed code” due to its ability to detect patterns much faster than human analysts. He added, “It turns out there’s a lot of holes in our code, like trillions of lines of code with problems in it.”
As Canadian banks increase their investments in AI to enhance productivity and profitability, the country’s banking regulator has established guidelines for assessing risks from new technologies and cybersecurity threats. Although the Office of the Superintendent of Financial Institutions has no immediate plans to modify its existing guidelines issued in 2022, it remains committed to evaluating emerging threats.
OSFI spokesperson Cory Harding stated, “We are in active conversations with institutions to raise awareness, as well as assess this situation and its potential impact on the resilience of the financial system.” He emphasized that the office is closely monitoring advanced AI systems that could affect the cybersecurity resilience of Canada’s federally regulated financial institutions.
The Canadian Bankers Association expressed its members’ support for responsible AI use, which is becoming increasingly important in areas like cybersecurity, fraud detection, operational efficiency, and customer service. CBA spokesperson Ethan Teclu affirmed that banks are managing AI-related risks effectively through established regulatory requirements and internal frameworks.
As the discourse surrounding Mythos evolves, it underscores the dual-edged nature of AI in cybersecurity, highlighting the urgent need for robust strategies to mitigate potential threats while harnessing its capabilities for protective purposes.
See also
Finance Ministry Alerts Public to Fake AI Video Featuring Adviser Salehuddin Ahmed
Bajaj Finance Launches 200K AI-Generated Ads with Bollywood Celebrities’ Digital Rights
Traders Seek Credit Protection as Oracle’s Bond Derivatives Costs Double Since September
BiyaPay Reveals Strategic Upgrade to Enhance Digital Finance Platform for Global Users
MVGX Tech Launches AI-Powered Green Supply Chain Finance System at SFF 2025
