FT: Anthropic to brief global regulators on AI-exposed cyber vulnerabilities

Anthropic has agreed to brief leading finance ministries and central banks on vulnerabilities in the global financial system’s cyber defences identified by the US technology company’s latest AI model, according to people familiar with the plan.

Two people familiar with the arrangement told Financial Times it followed a request by Andrew Bailey, governor of the Bank of England, for Anthropic to discuss the capabilities of its new Claude Mythos Preview AI model with members of the Financial Stability Board (FSB), which he chairs.

The FSB is a global watchdog that brings together finance ministry officials, central bankers and securities regulators from G20 countries, including officials from the US, UK, Canada, France, Germany, Japan, Saudi Arabia, Australia and China.

Many members of the body are increasingly concerned about potential risks that Mythos and other AI systems developed by US technology companies could pose to the global banking system by exposing weaknesses in financial institutions’ cyber defences.

Anthropic said last month that Mythos had “found thousands of high-severity vulnerabilities, including some in every major operating system and web browser”. It added: “The fallout — for economies, public safety and national security — could be severe.”

The model has been released only to a limited number of organisations, mostly in the United States, due to concerns over the risks it could pose if widely available. However, this has raised concerns among companies and regulators in other regions about uneven levels of protection.

Anthropic has received numerous requests globally for access to Mythos or briefings on its capabilities and has agreed to provide high-level briefings to some non-US organisations, including the European Commission.

Around 40 organisations currently have access to Mythos, including Amazon, Microsoft and JPMorgan Chase, enabling them to address vulnerabilities identified by the system. However, Anthropic has agreed not to expand distribution further following a request by the White House.

The FSB is preparing a report on “sound practices” for the adoption of AI in the financial system, which it plans to release for consultation next month. Both the FSB and Anthropic declined to comment on recent communication between them.

Regulators have been urging banks and other financial institutions to strengthen cyber security systems and accelerate the deployment of software patches in response to vulnerabilities identified by new AI models.

The UK Treasury and financial regulators have also recently urged City of London institutions to take “active steps” to mitigate cyber security risks in response to “faster and more disruptive frontier AI-driven attacks”.

However, some authorities remain sceptical that a coordinated global response will emerge given ongoing geopolitical tensions.

Earlier this month, the International Monetary Fund (IMF) urged policymakers to strengthen international cooperation in addressing cyber security vulnerabilities exposed by the latest AI models. It warned that the new models “elevate cyber risk to a potential macro-financial shock”.

“Cyber risk does not respect borders,” IMF officials wrote in a blog post. “Emerging and developing countries, which often have more severe resource constraints, may be disproportionately exposed to attackers targeting regions with weaker defences.”

By Sabina Mammadli