Canadian regulator warns banks of cyber threats, citing Anthropic's Claude Mythos
The warning highlights growing concerns over artificial intelligence and its potential role in financial sector cyber risks
Canada's federal banking regulator warned the country's largest financial institutions about the risks of advanced AI models, saying the new technology could increase cyber threats and reduce the time institutions have to identify and fix vulnerabilities.
As reported by Reuters the regulator, the Office of the Superintendent of Financial Institutions OSFI, sent the email to chief technology officers, chief information security officers, and chief risk officers across the financial industry, including the big banks and insurers.
Canada's OSFI, alongside the Bank of Canada, sent direct warnings to the executives of the country's largest financial institutions including Royal Bank of Canada, TD Bank, and BMO.
The urgent briefing focused on the emergence of frontier-class AI models, specifically naming Anthropic's Claude Mythos—a powerful model designed for advanced software security that Anthropic has purposefully withheld from the general public due to its extreme capabilities.
Security concerns:
Claude Mythos was developed to help organizations scan code and patch software flaws.
However, security evaluations including testing by the UK AI Safety Institute revealed it can autonomously chain together multiple complex steps to execute a complete network takeover.
Moreover, if accessed by bad actors, it acts as a hyper-efficient hacking tool.
OSFI explicitly warned banks that such advanced AI models drastically shrink the window of defense.
Historically, when a system flaw is found, cybersecurity teams have days or weeks to deploy a fix while Mythos-class tools allow threat actors to find and weaponize those flaws instantly at a massive scale.
Threat to major infrastructure:
While Canada has gained limited defensive access to the platform via its Communications Security Establishment (CSE) under Anthropic’s "Project Glasswing," regulators are terrified that financial systems are not moving fast enough to update their defensive perimeters against an AI that has already mapped thousands of critical flaws across every major operating system and browser.
Regulators globally are also trying to assess cybersecurity risks from Anthropic’s frontier AI model Mythos.
Cybersecurity experts say Mythos, an AI model described as extremely capable at finding and exploiting cybersecurity vulnerabilities, poses significant challenges to the banking industry and its legacy technology systems.
OSFI said in the email, "Advanced artificial intelligence models, such as Anthropic Claude Mythos, significantly compress the timeframe for effective risk mitigation."
"Accordingly, this bulletin is grounded in our existing guidance and outlines sound practices that institutions can adopt to enhance the speed and effectiveness of risk identification, mitigation and response."
"OSFI takes a technology‑neutral, risk‑focused approach to emerging technologies, including advanced artificial intelligence models. Our focus is not the technology itself, but how federally regulated financial institutions govern and manage the risks associated with its use," the regulator added.
-
New Android malware can drain bank accounts silently
-
Apple's iOS 27 child safety overhaul: Explained
-
EU moves to restrict children’s social media access with tough new rules
-
Samsung Health may delete your data if you reject AI training
-
TSMC to build two more chip plants in Chiayi, Taiwan
-
WhatsApp Business can now run two accounts at once: Here’s how
-
Apple introduces new child safety features in iOS 27
-
How to use AI for brainstorming that beats generic ideas