Bankers losing sleep over Anthropic’s Mythos AI

Just when Canada’s banks have succeeded in convincing the vast majority of consumers to go digital, it’s all suddenly at risk of blowing up for banks and their customers.

Think that’s an exaggeration? Asked on a TV talk show on Sunday if consumers should be concerned about AI providing the means to break into their bank accounts, U.S. Treasury Secretary Scott Bessent answered: “You should.”

His remark reflected the shock wave felt in the international banking industry about the emergence of a new AI model from Anthropic that could be used by bad actors to compromise financial systems around the world.

The potential for AI to imperil the integrity of financial systems is emerging at a time when 87% of Canadian bank customers have adopted Internet banking as this country’s major financial institutions have for the most part been closing branch locations.

Besides potentially positive applications, Claude Mythos has shown it can rapidly seek out thousands of software vulnerabilities across operating systems and browsers. And that’s not the only AI model that could be used by hackers in what amounts to a new stage in the regulatory struggle to protect the digital economy.

“What we’ve had in the past month was a step change in the power of one large language model,” Bessent said. “But we’re going to see it from the other AI companies.”

Bankers and industry regulators have been meeting quietly to discuss the problem while experts rush to see how bad the damage could be.

Last month, Bessent and Federal Reserve Chair Jerome Powell responded to the issue by convening an unscheduled meeting in Washington of Wall Street bank executives.

Mythos can exploit cybersecurity vulnerabilities

“Cybersecurity remains one of the most critical risks facing the banking sector, and advancements in AI are likely to intensify these challenges,” Powell reportedly told the CEOs. The Mythos model “has raised concerns due to its capability to identify and exploit cybersecurity vulnerabilities across all major operating systems and browsers,” Powell said.

Canadian Finance Minister Francois-Philippe Champagne, who discussed the problem with Bessent and other colleagues at international financial organization meetings in Washington in mid-April, also said Mythos has to be taken very seriously. 

“This has been something that has been talked about by many in terms of the measures that we need to take, not just in North America, but in G7 countries and beyond, to maintain the integrity of our financial institutions,” Champagne told the media.

The new threat has landed in the lap of Bank of Canada Governor Tiff Macklem in his capacity as an international regulator with the Financial Stability Board (FSB). Macklem, who heads the board’s key committee for monitoring risks, has reiterated the need for regulatory action.

“New AI capabilities increase the speed at which vulnerabilities could be found and exploited,” Macklem told reporters. “That puts a real premium on having a really mature, effective cyber program. There is no immediate cyber attack, there is no immediate crisis, but AI is changing the landscape and we’ve got to get on top of that.” The FSB will share information globally about potential hazards from new AI models, he said.

Giving defenders a head start

Macklem has been discussing the problem with Canadian bank executives and Ottawa’s other regulators under the auspices of the Canadian Financial Sector Resiliency Group.

Aware of the possible security risks, Anthropic has held back making Mythos public and has given prominent companies like Google, Apple and Amazon preview versions so they can upgrade their defences against cyberattacks.

Artificial Intelligence Minister Evan Solomon, who has discussed the risks with Anthropic, said the company’s decision to work “with defenders first” is responsible and “gives people protecting critical systems a head start.”

But for banking consumers, the only message so far seems to be: Change your passwords!

You might also like