NEW YORK — Major U.S. banks are now scrambling to repair hundreds to thousands of information technology vulnerabilities uncovered by a powerful artificial intelligence cybersecurity tool developed by Anthropic, according to a new report.
As the CU Daily reported earlier, Mythos is a powerful new artificial intelligence model developed by Anthropic is raising urgent concerns among cybersecurity experts, policymakers and financial institutions, as early testing suggests it could dramatically accelerate both the discovery and exploitation of software vulnerabilities and create significant data breach threats—prompting high-level emergency discussions in Washington among top U.S. economic and security officials.
Reuters reported that several of the nation’s largest banks, including JPMorgan Chase, Goldman Sachs, Citigroup, Bank of America and Morgan Stanley, have gained access to Anthropic’s “Claude Mythos Preview” model through its Project Glasswing initiative.
The AI system, known as Mythos, is designed to rapidly identify cybersecurity weaknesses, including vulnerabilities buried within proprietary and open-source code. Reuters reported the tool is proving especially effective at linking together multiple lower-risk flaws into more serious threats that could expose critical banking systems.
Accelerating Upgrades
As a result, banks are accelerating software upgrades, shortening patch-management timelines and reviewing aging technology infrastructure that may no longer be supported by vendors, Reuters reported. Sources told Reuters that vulnerabilities previously scheduled for remediation over several weeks are now being patched within days.
Reuters also reported that banks are uncovering weaknesses in older legacy systems and unsupported software platforms that had not previously been viewed as urgent risks. Some institutions are increasing automated system scans and continuous monitoring efforts as they adapt to what one source described as a “machine-speed” threat environment.
Systems May Need to Go Offline
The report said the increased workload could occasionally require banks to temporarily take systems offline more frequently to complete upgrades and repairs, though institutions are attempting to minimize customer disruptions.
“This is a wake-up call because cyber risk is moving to machine speed, while much of bank defense still operates at human speed,” Nitin Seth, co-founder and CEO of Incedo, told Reuters.
Cybersecurity teams are also developing new internal procedures and methodologies to work with the AI tool effectively. Adam Meyers of CrowdStrike told Reuters his team spent an entire weekend building workflows and capabilities around Mythos before beginning vulnerability testing.
Information Being Shared
Reuters further reported that larger banks are sharing information about identified risks and defensive measures with smaller institutions that do not have direct access to the technology because of its high costs and computing requirements.
Anthropic prices the model at $25 per million input tokens and $125 per million output tokens, Reuters said, making it significantly more expensive than some of the company’s broader AI offerings.
