Why Anthropic’s Mythos AI Is Triggering Cybersecurity Warnings From the G20

This kind of capability is extremely valuable for defensive security teams. If organizations can find vulnerabilities earlier, they can patch them before attackers exploit them. But it also illustrates why such tools are controversial: discovering vulnerabilities faster can also mean exploiting them faster.

Why Anthropic Is Briefing the Financial Stability Board

The Financial Stability Board coordinates financial‑system oversight among central banks, regulators, and finance ministries across the G20 economies. When technology threatens the stability of global finance, the FSB becomes a central venue for coordination.

Anthropic has agreed to brief the FSB after its Mythos model reportedly identified cybersecurity vulnerabilities relevant to the global financial system. The briefing was requested by Bank of England governor Andrew Bailey, who chairs the FSB, and is expected to include G20 finance ministries and central banks.

Regulators are concerned because modern finance relies heavily on digital infrastructure—banking software, cloud platforms, authentication systems, and payment networks. A vulnerability in widely used software could potentially affect many financial institutions simultaneously.

Why the Model Is Considered Too Dangerous for Public Release

Anthropic has deliberately avoided releasing Mythos broadly because the model could significantly lower the effort required to discover serious vulnerabilities in widely used software.

If a tool can automatically identify exploitable weaknesses across operating systems, browsers, or core infrastructure, the risks extend beyond typical cybersecurity concerns. Criminal groups or state‑sponsored attackers could potentially use the same technology to find and weaponize vulnerabilities much faster.

Because of this dual‑use nature, Mythos is being treated less like a typical AI product and more like sensitive cybersecurity technology.

Project Glasswing: Controlled Access for Defense

Instead of a public launch, Anthropic created Project Glasswing, an initiative that gives carefully selected organizations early access to the model for defensive cybersecurity work.

The partners include major cloud providers, technology companies, and cybersecurity firms responsible for widely used infrastructure. Organizations reported to be involved include:

• Amazon Web Services
• Apple
• Broadcom
• Cisco
• CrowdStrike
• Google
• JPMorganChase
• Microsoft
• NVIDIA
• The Linux Foundation
• Palo Alto Networks

These organizations can use the model to search for vulnerabilities in the software platforms and systems billions of people depend on. The goal is coordinated defense: find and patch weaknesses before attackers discover them.

Why Regulators See AI Cyber Tools as a Systemic Risk

Financial regulators are increasingly treating advanced AI cyber capabilities as a systemic risk, not just a technical issue.

The Financial Stability Board has previously warned that AI could amplify vulnerabilities in financial systems through several channels, including:

• dependence on shared technology providers
• increased cyber risk
• correlated failures across institutions
• weaknesses in AI governance or model oversight

Because banks, payment networks, and financial markets rely on common software stacks and cloud infrastructure, a single critical vulnerability could disrupt multiple institutions at once. If AI dramatically accelerates vulnerability discovery—or exploitation—the impact could ripple across the global financial system.

What We Still Don’t Know

Despite growing attention, many details about Mythos remain undisclosed.

Anthropic has not publicly revealed the specific vulnerabilities the model has identified, their severity, or whether independent security researchers have verified them. Much of what is known comes from company statements and media reporting rather than technical publications.

That secrecy reflects the central dilemma behind tools like Mythos: revealing too much about the vulnerabilities it finds could itself create new security risks.

The Bigger Shift in Cybersecurity

Mythos represents an emerging pattern in cybersecurity where AI dramatically accelerates both offense and defense. Instead of security researchers spending months analyzing code, powerful models may soon perform similar work in minutes or hours.

For technology companies, governments, and financial institutions, the challenge is clear: deploy AI quickly enough to defend critical infrastructure while preventing the same capabilities from enabling large‑scale cyberattacks.