In a recent earnings call, David Solomon, CEO of Goldman Sachs, expressed serious concerns regarding the cybersecurity threats posed by Anthropic’s latest AI model, Mythos. As advancements in artificial intelligence accelerate, Solomon emphasised the bank’s proactive stance in collaborating with Anthropic to bolster its cyber defences. This dialogue comes in the wake of heightened scrutiny from US regulators, who are increasingly alarmed by AI’s capability to compromise financial stability.
Understanding the Threat of AI
The emergence of sophisticated AI models, particularly large language models (LLMs), has transformed the cybersecurity landscape. Solomon highlighted that the capabilities of these technologies have advanced to a point where they can potentially outsmart even the most adept human programmers. “We’re hyper-aware of the enhanced capabilities of these new models,” he stated, reflecting the urgency of the situation.
Anthropic, the company behind the Claude AI tools, recently raised alarms about Mythos, claiming it could expose vulnerabilities within IT infrastructures with alarming efficacy. The firm noted that the coding capabilities of AI models have reached a level that could surpass human expertise in identifying and exploiting software flaws. This reality presents significant implications not only for financial institutions but also for public safety and national security.
Goldman Sachs’ Strategic Response
In light of these developments, Goldman Sachs is not merely spectating; it is actively engaged in mitigating potential risks. Solomon confirmed that the bank has access to the Mythos model and is working hand-in-hand with Anthropic and various security vendors. “We are very focused on supplementing our cyber and infrastructure resilience,” he affirmed, underscoring the bank’s commitment to enhancing its cybersecurity framework. The firm is accelerating its investments in this area, recognising the urgent need to adapt to the evolving threat landscape.
The dialogue surrounding AI and cybersecurity has also garnered attention from policymakers. Last week, Scott Bessent, the US Treasury Secretary, convened a meeting with key banking executives, including Solomon, to address the implications of the Mythos model. This gathering of leaders from systemically important banks underscored the potential risk to financial stability should these institutions face significant operational disruptions.
Global Perspectives on AI Cybersecurity
Across the Atlantic, the UK government’s AI Security Institute (AISI) has echoed similar concerns, categorising Mythos as a “step up” from earlier models in terms of cyber threats. AISI’s analysis suggests Mythos can execute complex cyber-attack simulations autonomously—tasks that would ordinarily require days of human effort. Notably, Mythos was the first AI model to navigate a 32-step cyber-attack simulation designed by AISI, completing the challenge successfully in three of ten attempts.
However, AISI also cautioned that while Mythos appears proficient at targeting poorly defended systems, it remains uncertain whether it could breach well-fortified networks. This ambiguity highlights the necessity for ongoing investment in robust cybersecurity measures, as future AI models are likely to enhance their capabilities further.
As the UK prepares for discussions surrounding Mythos and its implications, the Cross Market Operational Resilience Group (CMorg) will convene with bank leaders and government officials in the coming weeks. This coalition includes executives from the Treasury, Bank of England, Financial Conduct Authority, and National Cyber Security Centre, all working together to address the pressing challenges posed by AI advancements.
Why it Matters
The evolving landscape of artificial intelligence poses unprecedented challenges for cybersecurity, particularly within the financial sector. As Goldman Sachs and other institutions navigate this complex terrain, the stakes are high. The integration of advanced AI into cyber-attacks not only threatens the integrity of financial systems but also raises critical questions about regulatory frameworks and the need for collective action. The proactive measures taken by industry leaders and regulators alike will be pivotal in safeguarding against the next generation of cybersecurity threats, ensuring the resilience of both economic and public safety infrastructures.
