Anthropic to brief Financial Stability Board on AI cybersecurity risks from Mythos model

Anthropic agreed on May 18, 2026, to brief the Financial Stability Board (FSB) on cybersecurity vulnerabilities detected by its AI model Mythos in global financial systems ^{[1, 2, 3, 4, 5, 6, 7]}.

The briefing was requested by Bank of England governor Andrew Bailey, who also chairs the FSB. Bailey said, "It would be reasonable to think that the events in the Gulf are the most recent challenge to us in this world, until, I think it was last Friday, you wake up to find that Anthropic may have found a way to crack the whole cyber risk world open" ^[1]. He added, "The issue is: to what extent is this new version of the product going to be able to, in a sense, identify vulnerabilities in other systems which can be exploited for cyber attack purposes" ^[1].

Mythos is an AI cybersecurity model announced by Anthropic in April 2026. It detects decades-old vulnerabilities in browsers, infrastructure, and software but has not been publicly released ^{[1, 3, 5, 7]}. Access is currently restricted to select companies and banks including Apple and JP Morgan under a controlled program called Project Glasswing ^{[3, 8, 9, 10]}. Anthropic recently expanded sharing permissions to allow partners like Amazon, Microsoft, Nvidia, and Apple to share identified cybersecurity threats externally ^[9].

Cybersecurity experts have described Mythos as a double-edged sword: it can accelerate patching of vulnerabilities but also enable more sophisticated cyberattacks ^{[1, 2, 5, 7]}. The AI Security Institute noted Mythos completed a previously unsolved cybersecurity test called "cooling tower" with a success rate of 3 out of 10 attempts, demonstrating a significant leap in capability ^[3].

The FSB, which includes senior officials from major economies and coordinates financial regulations among G20 members, will receive the briefing amid heightened concern over AI-related financial stability risks ^{[1, 2, 3, 5]}. The International Monetary Fund warned in May 2026 that "Cyber risk does not respect borders. As AI capabilities spread across countries, inconsistent oversight could weaken a globally interconnected system" ^[3].

In response to risks identified by Mythos, US regulators including the Federal Reserve and OCC temporarily paused some cybersecurity examinations of large banks starting May 20, 2026, to allow institutions time to adapt ^{[8, 10]}.

The briefing to the FSB is scheduled imminently following Anthropic’s agreement on May 18 to share full findings on Mythos's cybersecurity discoveries that could affect global financial systems ^{[1, 2, 3, 4, 5, 6, 7]}.