**
Canadian banking executives and regulatory authorities convened on Friday to deliberate the cybersecurity threats linked to Anthropic’s latest artificial intelligence model, Claude Mythos. This powerful tool has sparked significant concern regarding its potential misuse by malicious actors to exploit software vulnerabilities. The meeting, organised by the Canadian Financial Sector Resiliency Group (CFRG), comes on the heels of a similar discussion led by U.S. Treasury Secretary Scott Bessent with top executives from major American banks.
Meeting Overview
The CFRG, chaired by Alexis Corbett, Chief Operating Officer of the Bank of Canada, includes representatives from various regulatory bodies such as the Department of Finance and the Office of the Superintendent of Financial Institutions, alongside executives from Canada’s six largest banks and Desjardins Group. The discussions were prompted by rising apprehensions among regulators and cybersecurity specialists regarding the potential risks posed by AI-enhanced cyberattacks targeting the financial sector and vital infrastructure.
According to Bank of Canada spokesperson Paul Badertscher, the meeting was not classified as an emergency session. “This is not an imminent crisis; it’s more of a situational awareness gathering,” he explained, emphasising the proactive nature of the discussions rather than a reaction to an immediate threat. Notably, neither Bank of Canada Governor Tiff Macklem nor Senior Deputy Governor Carolyn Rogers participated in the meeting.
U.S. Counterpart’s Concerns
Earlier in the week, U.S. officials, including Bessent and Federal Reserve Chair Jerome Powell, convened with CEOs from major American banks such as Bank of America and Goldman Sachs to address similar concerns regarding the implications of Anthropic’s Claude Mythos. The growing unease stems from the model’s dual capabilities; while it can assist organisations in identifying and fixing vulnerabilities in their software, it also poses a risk by enabling malicious actors to exploit these very flaws.
Anthropic has claimed that Mythos has already uncovered thousands of vulnerabilities across all major operating systems and web browsers. Given its potential applications for both defence and offence, the decision was made not to release Mythos publicly. Instead, a preview version has been made available to select organisations involved in maintaining critical digital infrastructure, a programme dubbed Project Glasswing. Participants include tech giants like Amazon, Microsoft, Apple, and Google, as well as financial institutions such as JPMorgan Chase.
Insights from Cybersecurity Experts
Charles Finlay, executive director of the Rogers Cybersecure Catalyst at Toronto Metropolitan University, expressed the dual-edged nature of Mythos. He noted that while it serves as an exceptional defensive tool, its capacity to find and exploit vulnerabilities poses significant challenges to current technological frameworks. “If the claims about Mythos’s capabilities hold true, we may be entering a new era in cybersecurity,” he stated.
David Shipley, CEO of Canadian cybersecurity firm Beauceron Security Inc., highlighted the model’s proficiency in identifying flawed code at an extraordinary scale. “There are trillions of lines of code out there with vulnerabilities, and Mythos can detect patterns much faster than a human could,” he remarked, underscoring the extensive nature of the issue.
Regulatory Responses and Industry Adaptation
In the wake of these developments, Canadian banks have been ramping up their investments in AI to enhance productivity and generate revenue. The country’s banking regulator has outlined guidelines for financial institutions to evaluate and manage risks associated with emerging technologies and cybersecurity threats. While the Office of the Superintendent of Financial Institutions (OSFI) has no immediate plans to amend its existing regulations introduced in 2022, it continues to monitor evolving threats.
Cory Harding, an OSFI spokesperson, noted that the organisation is engaged in ongoing discussions with institutions to raise awareness and assess the potential impact of these technologies. “We closely monitor advanced AI systems and their influence on the cyber resilience of Canada’s federally regulated financial institutions,” he stated.
The Canadian Bankers Association echoed this sentiment, asserting that its members are committed to the responsible utilisation of AI, which is increasingly integral to areas such as cybersecurity, fraud detection, and operational efficiency. CBA spokesperson Ethan Teclu emphasised that banks are managing AI-related risks through established regulatory requirements and internal controls.
Why it Matters
The emergence of Anthropic’s Claude Mythos underscores a critical juncture in the intersection of technology and cybersecurity. As financial institutions increasingly rely on AI to bolster operations, the potential for such powerful tools to be exploited by cybercriminals raises alarms that cannot be ignored. The proactive steps taken by Canadian regulators and banks to engage in dialogue about these threats highlight the need for vigilance in a rapidly evolving digital landscape. With the stakes higher than ever, the financial sector must navigate the delicate balance between leveraging advanced technologies for growth and safeguarding against unprecedented cyber risks.