Banks worldwide are on high alert for a potential surge of AI-powered cyberattacks, as regulators and policymakers voice concerns about the technology’s ability to exploit deep-seated vulnerabilities within financial systems. The latest apprehension focuses on Mythos, an advanced AI model developed by Anthropic, the same company behind the Claude chatbot. Currently, Mythos is not available to the public because its creators believe its capabilities pose a significant risk if widely released.
Internal tests of Mythos have revealed thousands of severe security vulnerabilities across all major operating systems and web browsers. Many of these flaws have remained undetected for decades, including what cybersecurity experts classify as “zero-day” vulnerabilities—issues so critical that they require immediate fixes upon disclosure.
To combat this emerging threat, Anthropic has granted Mythos access to a coalition of defense partners, including Microsoft, Amazon Web Services, Apple, Cisco, and the Linux Foundation. The company has committed $100 million in usage credits and $4 million in open-source grants to help identify and resolve these vulnerabilities. In total, over 40 organizations, including several U.S. banks, have been given access to the model. However, as of now, Anthropic has not provided access to banks in Australia, the United Kingdom, or Europe.
Anthropic confirmed on Wednesday that it is investigating reports from Bloomberg regarding a small group of unauthorized users who may have gained access to Mythos. There is currently no indication that this access was intended for malicious purposes.
The banking sector’s risk is magnified by its reliance on legacy systems—software and hardware technologies that are often decades old and potentially vulnerable to AI-driven attacks. This concern was a focal point of discussions at the recent International Monetary Fund Spring Meetings held in Washington, where emerging cybersecurity threats to the financial sector were highlighted alongside geopolitical issues such as the ongoing conflict in Iran.
For consumers in regions with robust banking protections, the immediate risks remain relatively contained. In Australia, for example, the first 250,000 Australian dollars of a customer’s deposits are insured through the government-backed Financial Claims Scheme. Moreover, the Australian Securities and Investments Commission mandates that banks investigate and reimburse fraudulent transactions where customers are not at fault. Experts continue to advise regular updates of operating systems and banking apps while maintaining vigilance against phishing attacks.
In the long run, however, the challenge remains formidable, as noted by Toby Walsh, a professor of AI at UNSW Sydney. He emphasized that defending software is inherently more complex than attacking it, given the immense intricacies involved in software development. This complexity makes it nearly impossible to ensure bug-free software, leading to a relentless race between cyber attackers and defenders to discover and patch vulnerabilities before they can be exploited.
The European Union recently launched an age verification app designed to support new legislation on social media access and age-restricted content. However, security researchers identified vulnerabilities within hours of its release that underage users could potentially exploit.
Amidst these challenges, organizations operating in high-stakes environments are increasingly turning to mathematical verification methods to validate that their software is devoid of bugs. The Beneficial AI Foundation recently initiated a “moonshot” project aimed at proving that the messaging app Signal is secure and protects user privacy as advertised. While such initiatives remain rare, advancements in AI technology may ultimately help to rebalance the scales in the ongoing battle between cyber attackers and defenders.
See also
Anthropic’s Claims of AI-Driven Cyberattacks Raise Industry Skepticism
Anthropic Reports AI-Driven Cyberattack Linked to Chinese Espionage
Quantum Computing Threatens Current Cryptography, Experts Seek Solutions
Anthropic’s Claude AI exploited in significant cyber-espionage operation
AI Poisoning Attacks Surge 40%: Businesses Face Growing Cybersecurity Risks
