Singapore's financial regulator is urging banks to plug their cybersecurity holes as concerns over Anthropic's latest AI model Mythos spread to Asia. The Monetary Authority of Singapore is coordinating with the country's Cyber Security Agency to strengthen defenses at critical infrastructure operators including banks. Games In a statement that pulled no punches, a MAS spokesperson said: "Financial institutions need to redouble efforts to strengthen their security defences, pro-actively identify and close vulnerabilities, and raise vigilance on cyber hygiene, including timely security patching." The spokesperson added that advances in AI will "accelerate the discovery and exploitation of software vulnerabilities in IT systems." Bloomberg
What makes this unusual is the source of the alarm. Mythos isn't a tool being weaponized by hackers. It's a model that Anthropic itself built — and then decided not to release, because it was too capable. Anthropic held back a broader rollout after internal testing showed it could identify long-hidden software flaws — a capability that could be weaponized by malicious actors. Free Malaysia Today Anthropic said earlier this month that Mythos had "found thousands of high-severity vulnerabilities, including some in every big operating system and web browser," and warned it would "not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely." The company added that the fallout "for economies, public safety and national security — could be severe." GovInfoSecurity
So far, Anthropic has only shared Mythos with a group of about 40 companies — including Amazon, Apple, and JPMorgan Chase — giving them a chance to experiment with it and start fixing any vulnerabilities it finds in their systems. GovInfoSecurity That controlled release has created a strange dynamic: a small club of the world's largest corporations now has access to what is essentially the most powerful automated vulnerability scanner ever built, while the broader market scrambles to understand what they're defending against.
The US government moved fast. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened an urgent meeting with Wall Street bank leaders to discuss the risks and precautions firms are taking to defend their systems. Bloomberg JPMorgan Chase CEO Jamie Dimon, whose firm is in that exclusive testing group, acknowledged the reality plainly: he said on a recent earnings call that AI has made cyber risks worse, though it also offers better ways to boost defenses. Bloomberg That dual-use reality — the same model that can find a vulnerability can also help patch it — is the core tension regulators are now trying to get their arms around.
The response went global almost immediately. Bank of England Governor Andrew Bailey said global regulators need to rapidly evaluate the threat posed by Mythos, describing the rapid evolution of AI systems as a "very serious challenge." Bloomberg The European Central Bank convened a call with Eurozone banks to discuss the ramifications of Mythos on their cybersecurity. Bloomberg At the IMF and World Bank spring meetings in Washington, the ability of new AI models to cause disruption in the world's banking system was all many people wanted to talk about — displacing discussions that officials had expected to center on the Middle East conflict, tensions in private credit markets, and elevated government debt levels. GovInfoSecurity
ECB President Christine Lagarde put the situation in terms that captured the broader unease better than most. "The development we've seen with Anthropic and Mythos is a good example of a responsible company that is suddenly thinking: 'Ah, that could be really good' — but if it falls in the wrong hands, it could be really bad," Bloomberg she told Bloomberg TV. Canada Finance Minister François-Philippe Champagne described it as an "unknown unknown" for policymakers. IMF Managing Director Kristalina Georgieva was even more direct: "We don't have the ability to protect the international monetary system against massive cyber risks." Bloomberg
The governance gap is the part that keeps officials up at night. Lagarde acknowledged: "Everybody is keen to have a framework within which to operate. I don't think there is a governance framework that is there to actually mind those things. We need to work on that." GovInfoSecurity Bailey framed the timing dilemma precisely: "If you go too early you risk missing the target and distorting the evolution, and if you go too late things can get out of control." GovInfoSecurity There is no clean answer, and every major central bank knows it.
One organization that already has access to Mythos is the UK's AI Security Institute, which has become the world's top neutral arbiter of what counts as safe and secure AI — and the US Treasury is now pushing for its own access to the model. Bloomberg The race to evaluate what Mythos can actually do, in controlled hands, is itself becoming a geopolitical process.
For the startup and fintech world, the Mythos story carries a lesson that goes beyond the immediate banking panic. The assumption that capable AI systems can be neatly contained — released carefully, shared selectively, governed through self-regulation — is being stress-tested in real time. Anthropic did what responsible AI development is supposed to look like: it built something powerful, tested it internally, found something alarming, and restricted the release. And the global institutional response was still emergency meetings on three continents within weeks. That's not a critique of Anthropic's choices — most observers have credited the company for transparency. It's a signal of how inadequate existing frameworks are for what's coming next.
Dan Katz, deputy head of the IMF and former chief of staff for Treasury Secretary Bessent, summarized where this lands on the global agenda: "This is really going to be absolutely essential on the international agenda for the next few months." Bloomberg An unreleased AI model — one most people will never interact with — has just become one of the most consequential topics in international financial regulation. That's not a normal thing. And it's probably not going to be the last time it happens.
