Anthropic's AI security model Mythos can identify and exploit vulnerabilities in banking systems within minutes, posing a systemic risk to financial institutions that rely on hybrid technology stacks mixing legacy and modern software. The model has already uncovered thousands of critical bugs, including security flaws dormant for over a decade, such as a 16-year-old vulnerability in FFmpeg.
Banks operating on hybrid systems—where outdated platforms coexist with contemporary solutions—present optimal targets for AI-driven exploitation. The widespread use of identical vendors and software across institutions amplifies risk concentration, as a single exploit could theoretically scale across multiple major banks simultaneously. This vulnerability profile has prompted regulatory attention, with authorities in the United States, Canada, and the United Kingdom conducting closed-door briefings with financial sector leaders.
Major institutional players including JPMorgan Chase are already running closed-loop tests of Mythos to develop defensive countermeasures. The revelation follows earlier concerns about similar AI threats targeting decentralized finance protocols, signaling a broader vulnerability across traditional and emerging financial infrastructure as artificial intelligence capabilities accelerate.