The banking industry is not ready for a world of AI-boosted hackers

• Key insight: We have always known that the asymmetry between attack and defense in cybersecurity favors attackers. Mythos has made that asymmetry impossible to ignore.
• What’s at stake: Mythos introduces an adversary that can find vulnerabilities that nobody knew existed, faster than defenders can be warned they exist.
• Forward look: Regulators should fast-track the development of AI-powered vulnerability intelligence sharing frameworks.

When CEOs of America’s largest banks were summoned to an emergency meeting in Washington to discuss Anthropic’s Claude Mythos, the alarm was understandable. The claim that an AI model can autonomously discover previously unknown vulnerabilities, known as “zero-day vulnerabilities” across every major operating system and web browser, including flaws that survived decades of human review, is significant.

Processing Content

But Mythos is not the beginning of the problem; it’s the revelation of how far behind we already are.

For years, the financial industry has operated under the illusion that threats were limited by the skill of human attackers. Organized criminal networks are dangerous, nation-state actors more so, but both required experts working for months at a time to pull off the attacks. Institutions that can afford to invest in complex systems and access shared threat intelligence were able to shut down more fraud, but that equation is now broken.

This seems apparent in Anthropic’s Mythos simulations, quickly stopping a corporate network attack that would have taken a human expert more than 10 hours, and unearthing a 17-year-old vulnerability in open-source operating system FreeBSD, then developing a way to exploit it without human guidance.

But what Mythos suggests is not that AI can hack banks. It shows that finding and exploiting critical vulnerabilities now costs almost nothing.

So many financial systems, from core banking systems to algorithmic trading platforms, run primarily on the same operating systems and browsers that Mythos has already mapped. A single settlement failure, happening faster than any human team could respond, could spiral into a liquidity crisis.

Banks understand cybersecurity. They have invested heavily in it. And now the Mythos launch has many bank execs asking if all those investments were built for the equivalent of dial-up while fraudsters run on fiber.

The conventional approach to financial cybersecurity was reactive and perimeter-based: keep attackers out, detect intrusions, patch known vulnerabilities. But this approach has been no match for deepfakes or synthetic identity attacks, to name a few. Mythos introduces an adversary that can find vulnerabilities that nobody knew existed, faster than defenders can be warned they exist.

This is not a problem that emergency meetings or incremental budget increases will solve. The financial system must build a defense for the world that Mythos just revealed. One where perimeter security fails, and zero-days get exploited before anyone knows they exist. Some attacks will get through, and the signs will be subtle. We must focus on how fast we can spot them and limit the damage.

The financial industry has actually been building toward this model in the fraud domain, and the lessons transfer directly. This means identifying patterns across millions of accounts and transactions that no single alert or rule can catch. The same logic applies to infrastructure security. To contain threats faster than they can spread, institutions need to be able to detect anomalous system behavior in real time and correlate signals across their entire stack.

Project Glasswing, Anthropic’s controlled initiative to share Mythos access with a small group of institutions, may be a marketing ploy, but it’s also not nearly enough. Banks with early access to Mythos can use it to find and patch vulnerabilities in their own systems before attackers do. This is AI used defensively, and it represents exactly the posture the industry needs to adopt.

The problem is that roughly 50 organizations, however large, do not come close to representing the financial system. The rest of it, including community banks, regional institutions, credit unions, payment processors, fintechs and many other market infrastructure operators are not Project Glasswing partners. And that makes them targets.

This leaves thousands of institutions and other financial connectors exposed, creating a patchwork of risk. If the defensive benefits of Mythos-class AI are available only to institutions large enough to be launch partners, while the risks run across the entire ecosystem, we have made the financial system more fragile, not less.

Specifically, regulators should fast-track the development of AI-powered vulnerability intelligence sharing frameworks. We need zero-days found by models like Mythos to reach smaller banks fast, with enough detail to act on them. The Financial Services Information Sharing and Analysis Center, or FS-ISAC, is the right vehicle; but it needs both the mandate and the resources to move at AI speed.

For its part, Open AI just announced changes to their Trusted Access for Cyber, or TAC, approach, announcing that they “aim to make advanced defensive capabilities available to legitimate actors large and small, including those responsible for protecting critical infrastructure, public services, and the digital systems people depend on every day.”

Time will tell if these strategies come quickly enough and how long the latest AI models can be kept out of the hands of bad actors. (Likely not nearly long enough). Regardless, banks should treat Mythos not as a singular emergency but as the moment the rules changed for every player in the financial system, not just the big banks. People have been writing about the importance of modernizing legacy financial systems for years. But now the strength and stability of the system itself is at risk.

We have always known that the asymmetry between attack and defense in cybersecurity favors attackers. Mythos has made that asymmetry impossible to ignore.