Podcast Episode
The European Central Bank is preparing to question bankers under its supervision about the risks the model poses, joining a coordinated effort with regulators in the United States and Britain. The move reflects growing concern that the model could dramatically enhance the capabilities of cyberattackers targeting financial institutions.
BaFin warned in a statement that financial firms "must be prepared for the possibility that vulnerabilities could be discovered in the near future, which would then need to be addressed promptly and quickly."
During testing, the model identified thousands of previously unknown vulnerabilities, including a 17-year-old remote code execution flaw in FreeBSD that allows complete server takeover from an unauthenticated connection.
IMF Managing Director Kristalina Georgieva added her voice to the chorus of concern, warning that cybersecurity risks "have been growing exponentially" and calling for stronger safeguards to protect financial stability.
European Regulators Sound Alarm Over Anthropic's Mythos AI Cyber Capabilities
April 17, 2026
0:00
2:51
The European Central Bank and German banking authorities are urgently assessing cybersecurity risks posed by Anthropic's Claude Mythos Preview, an AI model capable of autonomously discovering and exploiting thousands of previously unknown software vulnerabilities. The coordinated probe spans regulators in Europe, the US, and the UK.
A New Class of AI Threat
European financial regulators are scrambling to assess the cybersecurity implications of Anthropic's Claude Mythos Preview, an AI model that has demonstrated an unprecedented ability to autonomously discover and exploit zero-day software vulnerabilities across every major operating system and web browser.The European Central Bank is preparing to question bankers under its supervision about the risks the model poses, joining a coordinated effort with regulators in the United States and Britain. The move reflects growing concern that the model could dramatically enhance the capabilities of cyberattackers targeting financial institutions.
German Banks Lead the Response
In Germany, the banking industry is conducting its own independent assessment. Kolja Gabriel, a member of the executive board at the German Banking Association, said the group is consulting with cybersecurity experts at member banks, Germany's finance ministry, and other authorities. The Bundesbank and BaFin, Germany's financial watchdog, are also involved in the discussions.BaFin warned in a statement that financial firms "must be prepared for the possibility that vulnerabilities could be discovered in the near future, which would then need to be addressed promptly and quickly."
Project Glasswing: Controlled Access Only
Anthropic announced on 7 April that Mythos would not be made publicly available. Instead, the company launched Project Glasswing, granting access to more than 40 companies, including Amazon, Apple, Microsoft, Google, JPMorgan Chase, CrowdStrike, and Nvidia, to use the model exclusively for defensive security work.During testing, the model identified thousands of previously unknown vulnerabilities, including a 17-year-old remote code execution flaw in FreeBSD that allows complete server takeover from an unauthenticated connection.
Global Regulatory Coordination
In the UK, officials from the Bank of England, the Financial Conduct Authority, and HM Treasury met with the National Cyber Security Centre to examine the model's potential impact on banking. In the US, Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell warned bank executives about the model's ability to identify security flaws that could expose sensitive data.IMF Managing Director Kristalina Georgieva added her voice to the chorus of concern, warning that cybersecurity risks "have been growing exponentially" and calling for stronger safeguards to protect financial stability.
Published April 17, 2026 at 3:31am
