Regulators confront AI-driven cyber risk after Anthropic warning

British regulators are moving quickly to assess the implications of Anthropic’s new AI model, Claude Mythos Preview, after reports that the system has identified thousands of serious software vulnerabilities across widely used digital infrastructure.

AI-driven cyber risk after Anthropic warning

Reuters reported that UK authorities, including the Bank of England, the Financial Conduct Authority and the National Cyber Security Centre, are examining the potential risks to the financial system and preparing to brief major banks, insurers and market infrastructures.

Why payments firms should pay attention

For the payments industry, the concern is obvious. Modern payment ecosystems rely on a dense web of software, cloud services, operating systems and networked endpoints.

If a frontier AI model can uncover previously unknown weaknesses at scale, the threat is not confined to banks’ internal technology stacks; it could extend to payment processors, merchant acquirers, card issuers and the broader critical infrastructure that keeps money moving.

Anthropic says Mythos Preview is being released only as a gated research model under Project Glasswing, an initiative designed to help selected partners secure critical software before hostile actors catch up.

A strategic shift in cyber supervision

What makes this episode notable is not simply the model itself, but the regulatory response. Authorities in both the UK and US appear to be treating advanced AI cyber capability as a matter of financial stability rather than a narrow technology issue.

Reuters also reported that US Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell discussed the risks with leading Wall Street banks, underlining the seriousness of official concern.

Defence, not panic, should shape the next phase

For payments executives, the lesson is clear. This is not yet a story about imminent systemic failure, but it is a warning that AI-enabled cyber defence and AI-enabled cyber offence are now developing in tandem.

Firms that treat this as a distant policy debate risk being caught unprepared by a threat already moving into the regulatory mainstream.