ASIC Joins Global Regulators to Monitor Anthropic's Mythos AI for Banking Risks

The coordinated global regulatory response highlights the potential systemic risks posed by advanced AI technologies to financial stability.

• April 20, 2026: ASIC announces it is monitoring Anthropic's Mythos AI for banking system risks, joining other global regulators.
• April 7, 2026: Anthropic launches Mythos under Project Glasswing, restricting access to select organizations to mitigate risks.
• April 10, 2026: Urgent meetings among US financial leaders occur to address the cyber risks posed by Mythos's capabilities.

• Mythos AI can autonomously identify and exploit zero-day vulnerabilities in critical software, raising alarms among regulators.
• Global financial systems heavily rely on legacy software and consolidated cloud providers, which lack established governance for AI-driven threats.
• Regulatory bodies worldwide are forming taskforces and holding emergency meetings to assess and mitigate the risks associated with Mythos.

The emergence of Anthropic's Mythos AI has triggered a wave of regulatory scrutiny due to its advanced capabilities in identifying and exploiting vulnerabilities in software critical to financial infrastructure. This AI model, launched under Project Glasswing, has been restricted to approximately 40 organizations, including major banks and tech firms, to mitigate potential risks. The decision to monitor Mythos by ASIC, alongside other global regulators like the Bank of England and the US Federal Reserve, underscores a collective recognition of the systemic risks posed by such technologies.

The core concern revolves around Mythos's ability to autonomously detect zero-day vulnerabilities—flaws in software that are unknown to the vendor and can be exploited by malicious actors. Reports indicate that Mythos has identified thousands of these vulnerabilities across major operating systems and web browsers. This capability raises significant alarms, especially given the financial sector's reliance on legacy systems that may not be equipped to handle such advanced threats.

In response to these concerns, urgent meetings were convened among top financial leaders, including US Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell, to discuss the implications of Mythos on the banking system. The Bank of England and the European Central Bank have also expressed their worries, with ECB President Christine Lagarde highlighting the absence of governance frameworks to manage AI-driven cyber threats.

The Financial Stability Board (FSB) has initiated information gathering to better understand the risks associated with Mythos, while Asian regulators have formed taskforces to enhance vigilance. Banks like JPMorgan and Goldman Sachs are already conducting defensive testing to prepare for potential vulnerabilities that could be exploited by AI technologies like Mythos.

This regulatory response reflects a broader trend of increasing scrutiny on AI technologies and their implications for financial stability. As the financial sector grapples with the challenges posed by advanced AI, the need for robust governance frameworks and proactive safeguards becomes more pressing.

• Financial institutions: Banks and investment firms will need to enhance their cybersecurity measures and risk assessments.
• Tech companies: Organizations developing or utilizing AI technologies may face increased regulatory oversight and compliance requirements.
• Regulators: Agencies like ASIC, the Bank of England, and the US Federal Reserve will be at the forefront of monitoring and enforcing new standards.

• Regulatory frameworks: Watch for the development of new governance frameworks aimed at managing AI-driven cyber risks, which could set industry standards.
• Cybersecurity investments: Increased investments in cybersecurity measures by financial institutions as they adapt to the risks posed by advanced AI technologies.
• Global coordination: Monitor how international regulatory bodies collaborate to address the challenges posed by AI, which could lead to unified standards or protocols.