Anthropic to Brief Global Financial Watchdog on Mythos Cyber Flaws

Anthropic is preparing to brief the Financial Stability Board (FSB) — the G20 body that monitors the global financial system for systemic risk — on cybersecurity vulnerabilities its Mythos model has discovered in the global banking infrastructure. The briefing, first reported by the Financial Times, marks the first time a global financial regulator has convened specifically to discuss the real‑world implications of a single AI model's capabilities.

The briefing was requested by Bank of England Governor and FSB Chair Andrew Bailey, who in an April 15 speech at Columbia University named Mythos as one of two events that "moved cyber up regulators' risk ranking faster than any other category in recent years" — the other being the escalation of military tensions in the Gulf. The Next Web reports that Bailey told the audience: "It would be reasonable to think that the events in the Gulf are the most recent challenge to us in this world, until, I think it was last Friday, you wake up to find that Anthropic may have found a way to crack the whole cyber risk world open."

Mythos Preview — announced by Anthropic on April 7, 2026, and not publicly released — is a general‑purpose frontier model that has demonstrated an ability to find exploitable vulnerabilities that survived decades of human review. In internal testing, Mythos found thousands of high‑severity flaws across every major operating system and web browser, Anthropic disclosed in its Project Glasswing announcement. When directed to develop working exploits, it succeeded on the first attempt in over 83% of cases.

The findings are staggering in both age and reach. Mythos found a 27‑year‑old vulnerability in OpenBSD, considered one of the most security‑hardened operating systems in the world; a 16‑year‑old flaw in FFmpeg, the video codec library used by countless applications, in a line of code that automated testing tools had hit five million times without catching; and chained together multiple vulnerabilities in the Linux kernel to escalate from ordinary user access to full machine control.

The UK's AI Security Institute (AISI), the only independent body with preview access, published its own evaluation. AISI found Mythos was the first model to complete "The Last Ones," a 32‑step corporate network attack simulation estimated to take human experts 20 hours — succeeding in 3 out of 10 attempts. On expert‑level capture‑the‑flag tasks, Mythos scored 73%, where no model could complete them before April 2025. "Our testing shows that Mythos Preview can exploit systems with weak security posture, and it is likely that more models with these capabilities will be developed," AISI concluded.

The FSB briefing is the culmination of a rapid‑fire sequence of national‑level engagements over the past five weeks. According to The Next Web, the cascade moved at remarkable speed:

Within days of Bailey's Columbia speech, UK banks received a Mythos briefing. The Federal Reserve and US Treasury then convened major US bank CEOs on the same risks. Australia's securities regulator joined monitoring in early May. Euro‑area finance ministers demanded their own access. Japanese megabanks were onboarded last week. Now the conversation moves to the FSB, where G20 finance ministries and central banks will coordinate their response for the first time.

"Certainly it is serious enough to warrant the attention of all the finance ministers," Canadian Finance Minister François‑Philippe Champagne told the.⁴ "The difference is that the Strait of Hormuz — we know where it is and we know how large it is. The issue that we're facing with Anthropic is that it's the unknown, unknown."

Anthropic's access model for Mythos is Project Glasswing, a controlled‑access program that currently includes approximately 40 to 50 organizations. Launch partners include AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Microsoft, Nvidia, Palo Alto Networks, and the Linux Foundation. Anthropic is committing $100 million in usage credits and $4 million in direct donations to open‑source security organizations.

The model is not for sale to the general public. After the research preview period, Mythos will be available to participants at $25/$125 per million input/output tokens on the Claude API, Amazon Bedrock, Google Cloud's Vertex AI, and Microsoft Foundry — but only to organizations in the program.

This access control is itself controversial. The Next Web notes that bank supervisors outside the Glasswing program have publicly pressed for either direct access or a regulator‑mediated equivalent. The FSB session will be the first time these access requests are coordinated globally rather than pursued nation‑by‑nation. A separate tension exists with the Trump administration over Mythos's export profile and military access — Anthropic is briefing regulators while simultaneously negotiating with Washington.

Not everyone is convinced Mythos warrants the level of alarm. The BBC reports that some cybersecurity experts question the frenzy, noting the model hasn't been widely tested by the industry. Critics suggest that claiming a model is too dangerous to release may be a tactic to build hype — citing OpenAI's staggered release of GPT‑2 in 2019 as precedent.

The UK's AISI evaluation offers nuance: Mythos is a step up from previous frontier models and the first to autonomously complete complex multi‑step attack simulations, but it is "not dramatically better" than its predecessor Claude Opus 4.6 on many tasks, AISI wrote. The evaluation environments also lack active defenders and defensive tooling that exist in real‑world systems — meaning AISI said it "cannot say for sure" whether Mythos could attack well‑defended targets.

Barclays CEO CS Venkatakrishnan told the:⁴ "It's serious enough that people have to worry. We have to understand it better, and we have to understand the vulnerabilities that are being exposed and fix them quickly." He added, per the same BBC report, that "this is what the new world is going to be" — a more connected financial system with both opportunities and vulnerabilities.

The Mythos‑FSB story carries several hard implications for builders, whether you work in fintech, infrastructure, or any domain touching software security.

First, the vulnerability window has collapsed. "Attackers have the advantage over defenders because discovering and exploiting vulnerabilities can occur faster than patching and remediation," the IMF wrote in its May 7 analysis. When AI can find flaws that survived 27 years of human review, the assumption that long‑unexamined systems are safe no longer holds. Every system needs re‑auditing for vulnerabilities that AI can now spot but humans couldn't.

Second, access control is becoming a regulatory battlefield. Who gets to use the most powerful cybersecurity AI is now a matter of international negotiation, not just corporate policy. Builders working on AI security tools should expect export controls, access restrictions, and compliance requirements to follow the same trajectory as nuclear or cryptographic technology.

Third, the defense opportunity is real. Anthropic's own framing — and the IMF's — is that the same capabilities that make Mythos dangerous make it invaluable for defense. The Linux Foundation's CEO Jim Zemlin noted on ² that "open source maintainers — whose software underpins much of the world's critical infrastructure — have historically been left to figure out security on their own." AI‑augmented vulnerability discovery for defensive purposes is now a credible product category, not a research project.