UK regulators set sights on Anthropic's Mythos

Bodies including the Bank of England, Financial Conduct Authority and HM Treasury are in "urgent" talks with the National Cyber Security Centre and major banks, according to the Financial Times, as part of the UK's Cross Market Operational Resilience Group.

As well as the BoE, NCSC, FCA and the Treasury, CMORG members include the UK Finance trade body for banks, eight of the UK's biggest banks, four financial infrastructure providers and two insurers.

Claude Mythos Preview, which is not publicly available, is designed to understand and modify existing software, enabling it to detect vulnerabilities that have gone unnoticed for years.

In testing, the system uncovered flaws that had been overlooked for decades, including a 27-year-old weakness in OpenBSD.

That sounds like a good thing, but the ability to autonomously detect flaws without human involvement is, it goes without saying, ripe for criminal exploitation.

As well as the NCSC, people familiar with the matter told the FT that regulators are talking to representatives from major financial institutions, including banks, insurers and exchanges. They are expected to brief these stakeholders on Claude Mythos Preview's cyber risks later this month.

British bodies are not alone in their concern. Treasury Secretary Scott Bessent recently called a meeting with some of the largest US banks on Mythos' risk.

Select organisations, including AWS, Apple, Google, Microsoft and Nvidia, are currently taking part in an early trial of the system, a move Bharat Mistry, field CTO at TrendAI, described as "trying to give defenders a head start."