**
In a significant move to safeguard the financial sector, Canadian banking leaders and regulators gathered on Friday to deliberate on the potential cybersecurity threats presented by Anthropic’s latest AI innovation, the Claude Mythos model. This meeting follows a similar urgent discussion in the United States, led by Treasury Secretary Scott Bessent, which highlighted the growing unease surrounding AI’s role in exacerbating vulnerabilities within critical infrastructure.
Meeting Overview
The Canadian Financial Sector Resiliency Group (CFRG), which is chaired by Bank of Canada Chief Operating Officer Alexis Corbett, hosted the session that included representatives from the Department of Finance, the Office of the Superintendent of Financial Institutions (OSFI), as well as executives from Canada’s six largest banks and Desjardins Group. While the discussions were prompted by rising concerns over AI-driven cyberattacks, a Bank of Canada spokesperson, Paul Badertscher, clarified that the meeting was not convened as an emergency response.
“This was not an imminent crisis situation,” Badertscher stated. “It was a proactive gathering to discuss ongoing risks and ensure we are all aligned on the current landscape.”
Growing Concerns Over AI Threats
The backdrop of the CFRG meeting was marked by alarm from regulators and cybersecurity experts regarding the implications of AI technology in the financial sector. Specifically, Anthropic’s Mythos model has raised eyebrows due to its capacity to uncover and exploit software vulnerabilities, leading one expert to describe it as “exceptionally dangerous.”
In the U.S., earlier this week, Bessent convened an emergency meeting with key financial leaders, including the CEOs of major banks like Bank of America, Citigroup, and Goldman Sachs, to explore similar concerns regarding Mythos’ potential impact on the financial landscape.
Anthropic’s Dual-Use Model
Anthropic has characterised the Mythos AI as a double-edged sword, capable of both defensive applications—helping firms to identify and rectify software weaknesses—and offensive uses, potentially in the hands of malicious actors. The company has reported that Mythos has already identified thousands of vulnerabilities across “every major operating system and web browser.”
In a move to ensure controlled access, Anthropic has opted not to release Mythos to the general public. Instead, a preview version has been shared with selected organisations involved in critical digital infrastructure, under a programme dubbed Project Glasswing. Participants include tech giants such as Amazon, Microsoft, Apple, and JPMorgan Chase, which are tasked with enhancing their security measures using the AI’s capabilities.
Expert Insights
Cybersecurity experts are keenly analysing the ramifications of Anthropic’s model. Charles Finlay, executive director of Rogers Cybersecure Catalyst at Toronto Metropolitan University, pointed out the unprecedented challenges posed by such powerful technology. He acknowledged the difficulties in separating the hype around Mythos from its actual capabilities but warned that if its features are as potent as advertised, “we may be in an entirely new world when it comes to cybersecurity.”
David Shipley, CEO of Beauceron Security Inc., echoed these sentiments, stating that the model can discover “extraordinary levels of flawed code” by recognising patterns far quicker than human developers. “It turns out there’s a lot of holes in our code, like trillions of lines of code with problems in it,” Shipley noted.
Regulatory Responses and Future Considerations
As Canadian banks increasingly incorporate AI to enhance operational efficiencies and drive revenue, the OSFI has established guidelines for assessing and managing risks associated with emerging technologies. Although no immediate changes to existing regulations are anticipated, OSFI spokesperson Cory Harding confirmed that ongoing conversations are taking place with financial institutions to raise awareness of evolving threats.
“The financial sector must remain vigilant as we continue to monitor advanced AI systems that could affect the cyber resilience of federally regulated institutions,” Harding stated.
The Canadian Bankers Association has expressed its commitment to the responsible deployment of AI, highlighting its role in enhancing cybersecurity, fraud detection, and customer service. CBA spokesperson Ethan Teclu remarked, “Banks currently manage the risks associated with AI and other technologies responsibly through long-standing regulatory frameworks, including model risk management and cyber risk controls.”
Why it Matters
The discussions surrounding Anthropic’s Mythos model underscore the urgent need for a robust regulatory framework in the face of rapid technological advancements. As AI capabilities expand, so too does the landscape of potential cyber threats, prompting financial institutions to reevaluate their security measures. Proactive engagement from Canadian regulators and banking leaders is crucial in navigating this evolving risk environment, ensuring that the financial system remains resilient in the face of emerging challenges.
