NEW YORK—U.S. banks are scrambling to repair scores of information technology weaknesses uncovered by Anthropic’s powerful but costly Mythos artificial intelligence tool, triggering urgent software upgrades and raising concerns over potential customer disruptions, according to a new report from Reuters.
Reuters reported that several of the nation’s largest banks now using Mythos are finding the model particularly effective at linking together multiple low-risk vulnerabilities into far more serious threats, forcing institutions to accelerate patching schedules and modernize aging systems. One source told Reuters some banks are now repairing vulnerabilities within days that previously may have remained unresolved for weeks.
“This is a wake-up call because cyber risk is moving to machine speed, while much of bank defense still operates at human speed,” Nitin Seth, co-founder and CEO of Incedo, told Reuters. Reuters said the tool is especially effective at identifying weaknesses in both proprietary and open-source code, increasing pressure on financial institutions still relying on legacy technology nearing the end of vendor support.
Reuters further reported that the heightened remediation workload could force banks to temporarily take systems offline more frequently while fixes are implemented, though institutions are attempting to minimize customer disruption. Larger banks are also reportedly sharing findings with smaller financial institutions that do not yet have direct access to Mythos, as many community banks lack the computing resources and budget needed to operate the system.
According to Reuters, Mythos access has initially been limited to participants in Anthropic’s Project Glasswing initiative and roughly 40 additional organizations. Reuters previously reported that JPMorgan Chase, Goldman Sachs, Citigroup, Bank of America and Morgan Stanley are among the institutions with access to the tool. A senior bank regulatory official told Reuters the system has proven highly effective at rapidly connecting disparate vulnerabilities that might have taken human analysts far longer to identify.