(Credit: Thapana Studio - stock.adobe.com)

Officials from the Bank of England, the Financial Conduct Authority (FCA) and HM Treasury are co-ordinating with the National Cyber Security Centre (NCSC) to assess potential weaknesses exposed by the model. Leading banks, insurers and exchanges are expected to be briefed on the risks at a meeting within the next fortnight.

The response mirrors action taken in the United States, where US Treasury Secretary Scott Bessent summoned Wall Street bank leaders to discuss the model’s advanced ability to identify security flaws that could be exploited by malicious actors.

When Anthropic released Mythos to select customers last week, the San Francisco company disclosed that the model had already identified thousands of high-severity vulnerabilities across major operating systems and web browsers.

The $380 billion firm cautioned that such capabilities could soon spread “beyond actors who are committed to deploying them safely”, warning that the consequences for economies, public safety and national security could be severe.

The matter is now on the agenda for the UK’s Cross Market Operational Resilience Group, a body that brings together regulators and financial services firms to address systemic threats. CMORG is co-chaired by the Bank of England’s executive director for supervisory risk, Duncan Mackinnon, and David Postings, head of the UK Finance trade body. Its membership includes senior representatives from eight of the country’s largest banks, four financial infrastructure providers, two insurers, the NCSC, the FCA and HM Treasury.

David Raw, managing director for resilience at UK Finance, confirmed awareness of the issue, saying the organisation engages with members and public-private partners on “any significant operational risks that could affect the resilience of the UK financial services sector”.

Should the threat escalate, the Bank of England could also convene an emergency meeting with financial institutions within one to two hours through its separate Cross Market Business Continuity Group – though it has not yet done so.

The development comes amid broader concerns about cybersecurity in British industry. Several major UK companies, including Marks & Spencer, the Co-op Group, Harrods and Jaguar Land Rover, suffered significant disruption from cyberattacks last year.

The UK government’s AI Security Institute has been evaluating Mythos alongside other frontier models. Separately, the Bank of England’s Prudential Regulation Authority warned lenders as recently as last October that their AI model monitoring was “not frequent enough”, and the government is now considering standardised testing requirements for AI models used across the UK banking sector.