One thing the banks have learned is that Mythos can create a high-risk vulnerability by bringing together several lower risk weaknesses, according to the report.
The number of low- to moderate-ranked vulnerabilities found in banks’ tech by Mythos numbers between several hundred and thousands.
In response, banks are patching vulnerabilities in days rather than the weeks they used to take and are upgrading technology that is at the end of its software support, per the report.
Some banks may take their systems offline more often to handle the new workload but will do so in the least disruptive ways.
The testing banks are now doing with Mythos is likely to be repeated with other new AI products on a continuous basis.
Advertisement: Scroll to Continue
For banks that don’t have access to Mythos, Anthropic has released recommendations for improving their defenses and is offering another program called Claude Security that scans for vulnerabilities and is available to a greater number of organizations, per the report.
Anthropic CEO Dario Amodei said May 5 that financial services companies and other organizations have six to 12 months to fix vulnerabilities in their software before Chinese AI models develop capabilities equal to those of Mythos.
Amodei said that Mythos had uncovered tens of thousands of vulnerabilities and that if code is rewritten with models like Mythos, “we could be in a better position than we started in because we fixed all these bugs.”
On May 3, Treasury Secretary Scott Bessent said that American banks are working to safeguard against AI-related cyberthreats and that he told them that they should take the Mythos model seriously and use it to find holes in their defenses.
“What we’ve had in the past month was a step change in the power of one large language model, but we’re going to see it from the other AI companies, and it’s important that the U.S. stays ahead here,” Bessent said.
