Anthropic Briefs Global Regulators on Mythos Findings

Bank of England Governor Andrew Bailey, who also leads the global financial-risk watchdog, has personally requested that Anthropic present its findings to G20 finance ministries and central banks. The model that sparked his concern is now being formally explained.

Anthropic is preparing to brief the Financial Stability Board on the cybersecurity vulnerabilities uncovered by its Mythos model, according to a Monday report from the Financial Times citing informed sources. The session, requested by Bailey in his capacity as FSB chair, will reach G20 finance ministries and central banks under the board’s umbrella.

Bailey was the right person to make that call. In an April 15 speech at Columbia University, he singled out Mythos by name, placing it alongside the Gulf escalation as one of the two developments that had propelled cyber risk up regulators’ rankings “faster than any other category in recent years.”

“It would be reasonable to think that the events in the Gulf are the most recent challenge to us in this world,” Bailey stated, “until, I think it was last Friday, you wake up to find that Anthropic may have found a way to crack the whole cyber risk world open.”

Announced last month but not yet released, Mythos is described by Anthropic as a cybersecurity model engineered to expose long-standing vulnerabilities in browsers, infrastructure, and software. The company claims it has already identified thousands of high-severity flaws across major operating systems and browsers. When directed to develop working exploits against those flaws during internal testing, the model succeeded on its first attempt in more than 83% of cases. The dual-use implications were clear to regulators long before the model went on the road.

The FSB briefing closes a regulatory arc that began with Bailey’s remarks and has since drawn in jurisdictions across three continents. UK banks received their own Mythos briefing within days of the Columbia speech. The Federal Reserve and US Treasury subsequently convened the chief executives of major American banks to discuss the same risk. Australia’s securities regulator joined the watch-list in early May. Euro-area finance ministers raised access demands of their own, and Mythos has since been deployed into Japanese megabanks, as reported last week.

What the briefing will not resolve is the access question. Mythos is currently distributed under Project Glasswing, a controlled-access program Anthropic has established to limit who can run the model and against what. Roughly 40 to 50 organizations have early access, including AWS, Apple, Google, Microsoft, Nvidia, Cisco, and JPMorgan. Bank supervisors outside that list have, on the public record, been pressing for either direct access or a regulator-mediated equivalent. The FSB session will be the first time those requests are coordinated rather than handled nationally.

The political subtext is trickier than the technical one. The model being briefed to G20 financial regulators is a US-headquartered AI system whose distribution and military access have, separately, been the subject of an ongoing dispute between Anthropic and the Trump administration. Regulators on the receiving end will be aware that the company appearing before them has, in parallel, been negotiating its export profile with Washington. Anthropic and the FSB had not responded to Reuters requests for comment by Monday afternoon, and the timing of the actual briefing has not been publicly disclosed.

Mythos is the first publicly acknowledged AI system that, on its developer’s own account, has found exploitable vulnerabilities in “every major operating system and web browser.” The FSB briefing is, in essence, the first time the global financial-supervision community will sit together and ask what the practical implications of that finding are. The question Bailey raised at Columbia, of how much harder the model has made the attack side relative to the defense side, remains the central one.