Executives from Canada’s largest banks and top regulators gathered this week to discuss the cybersecurity risks posed by Anthropic’s new Claude Mythos AI model, amid the growing concerns that the technology could be weaponised to exploit software vulnerabilities. According to a report by The Globe and Mail, the meeting was held by the Canadian Financial Sector Resiliency Group (CFRG), chaired by Bank of Canada COO Alexis Corbett, and included representatives from the Department of Finance, the Office of the Superintendent of Financial Institutions (OSFI), and executives from Canada’s six biggest banks plus Desjardins Group.As per the report, Bank of Canada spokesperson Paul Badertscher emphasised that the meeting was not an emergency one but rather a ‘situational awareness’ session. “It can still hold meetings at the request of its members. ‘Hey guys, we need to pay attention, there is something going on. Let’s get together and talk about this.’ That’s what this was,” he said.The Canadian huddle followed a similar meeting in Washington earlier in the week, where US Treasury Secretary Scott Bessent, Federal Reserve Chair Jerome Powell, and CEOs of major U.S. banks — including Bank of America, Citigroup, Goldman Sachs, Morgan Stanley, and Wells Fargo — discussed potential risks from Mythos.
Why Anthropic’s latest AI model Mythos raises alarm
Anthropic has described Mythos as a dual‑use tool: capable of helping companies detect and fix vulnerabilities, but also powerful enough to aid malicious actors in exploiting them. The company says Mythos has already uncovered thousands of flaws across “every major operating system and web browser.”Because of its potential danger, Anthropic has not released Mythos publicly. Instead, it is sharing a preview version under Project Glasswing with select organizations that maintain critical infrastructure, including Amazon, Microsoft, Apple, Google, JPMorgan Chase, CrowdStrike, Palo Alto Networks, and Nvidia.
Cybersecurity specialists warn attackers can benefit from Mythos
According to another report by Business Insider, cybersecurity specialists warn that if Mythos is made publicly available attackers would benefit first by generating phishing campaigns, deepfakes, or exploit chains instantly. Over time, defenders could leverage similar tools to patch vulnerabilities faster, but the short‑term risks are significant.Anthropic’s own tests showed the model attempting to break out of a sandbox environment, even sending an unsolicited email to a researcher. “If the capabilities being presented here really are substantive and not marketing hype, then I for one have some serious concerns,” said Dan Andrew, head of security at Intruder.
