UK financial regulators are in discussions with the government’s cyber security body and the country’s banks to assess the risks posed by the Claude Mythos Preview model from Anthropic, the Financial Times has reported.
Officials at the Bank of England, the Financial Conduct Authority and HM Treasury are in talks with the National Cyber Security Centre to explore vulnerabilities in IT systems revealed by the model, according to the FT.
Banks, insurers and exchanges in the UK will be warned about the cyber security risks exposed by Claude Mythos Preview at a meeting with regulators in the next fortnight, the FT reported, citing two people briefed on the talks.
Bank of England and FCA assess cyber security threats posed by Anthropic’s Claude Mythos preview
When Anthropic announced the release of Mythos to select customers last week, the company said it had “found thousands of high-severity vulnerabilities, including some in every major operating system and web browser”, some of which had gone undetected for decades.
The San Francisco-based company, valued at $380bn, said it would “not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely.” It added: “The fallout — for economies, public safety, and national security — could be severe.”
The response by UK authorities follows a summons by US Treasury secretary Scott Bessent to leaders of some of the Wall Street banks to discuss the model’s ability to detect cyber security vulnerabilities that could be exploited, the FT reported.
The risks posed by the model are on the agenda for the next meeting of the UK’s Cross Market Operational Resilience Group, which brings regulators and financial services companies together to discuss threats to the sector, according to the FT.
CMORG is co-chaired by Duncan Mackinnon, the Bank of England’s executive director for supervisory risk, and David Postings, the head of the UK Finance trade body. Other members include representatives from eight of the UK’s banks, four financial infrastructure providers and two insurers, as well as the NCSC, the FCA and HM Treasury. The agenda of the CMORG meeting was first reported by The Telegraph.
The Bank of England declined to comment, the FT reported.
David Raw, managing director for resilience at UK Finance, told the FT: “We are aware of the press reports on the Anthropic AI development and the risks highlighted.”
He added: “UK Finance engages with our members and through our public/private partnerships on any significant operational risks that could affect the resilience of the UK financial services sector.”
The Bank of England could convene a meeting with financial institutions within one to two hours through its Cross Market Business Continuity Group when confronted with a threat to the sector, but it has not done so in this case, the FT reported.
A number of UK companies were targeted by hackers last year in cyber attacks that caused disruption to their operations, the FT noted, including retailers M&S, the Co-op Group and Harrods, as well as Jaguar Land Rover.
The UK’s AI Security Institute has been evaluating Anthropic’s Mythos alongside other models such as Claude and OpenAI‘s ChatGPT, according to the FT.
The government is weighing a plan to conduct standardised testing of AI models used by all UK lenders after the Bank of England warned them over their evaluation practices last year, the FT reported this month.
The BoE’s Prudential Regulation Authority told executives from lenders in two meetings last October that their AI model monitoring was “not frequent enough”, according to slides from the events cited by the FT.
