Anthropic sparked alarm after announcing that its Mythos model had uncovered widespread vulnerabilities across the financial sector, prompting Japan to launch a consortium to address what officials describe as “a crisis already at hand.”
Earlier this month, Anthropic said a preview of Mythos identified thousands of critical vulnerabilities spanning all major operating systems and web browsers in financial services.
In the wrong hands, a model like Mythos could exploit previously unknown weaknesses faster than organizations can patch them, potentially triggering severe global consequences.
“AI risks and Quantum Day concerns have put cyber teams on high alert, as the acceleration of both AI and quantum computing pose yet-to-be-identified cyber threats to existing structural architectures based on cloud models and encryption algorithms designed to protect sensitive data,” said Tracy Goldberg, Director of Cybersecurity at Javelin Strategy & Research.
“Mythos has uncovered vulnerabilities that have not yet—to our knowledge—been exploited,” she said. “But all these warnings fall under the basic cybersecurity adage, it’s not a question of ‘if’ but ‘when.’”
Restricted Release
Concerns escalated after Anthropic stated that Mythos is too dangerous for broad release. The company has made the model available only to the U.S. government and a select group of American organizations, a decision that has raised concerns the technology could become a form of geopolitical leverage.
There is also growing anxiety that a leak or cyberattack could place Mythos’s capabilities in the hands of malicious actors. These fears intensified after Anthropic disclosed that its next-generation Capybara models were leaked due to human error.
Proactive and Self-Governing
In response, Japan is forming a task force that will include the Financial Services Agency, the Bank of Japan, the National Cybersecurity Office, the country’s three largest banks, and the Japan Exchange Group.
Officials say urgent action is needed because the financial sector’s high level of interconnectedness and reliance on real-time systems amplifies systemic risk. Another concern is that many banks continue to rely on legacy infrastructure, leaving them especially vulnerable and unlikely to modernize until it is too late.
“Sadly, the financial services infrastructure—for as sophisticated as it is—relies on not only antiquated architecture and systems but also antiquated ways of addressing risk,” Goldberg said. “Banks cannot wait for regulators and auditors to tell them what to do. They need to be proactive and self-governing. But, sadly, we’re likely to see something catastrophic before any banks start to take AI cyber risks and Quantum Day predictions seriously.”
