Canada’s OSFI Warned Banks About Anthropic’s Mythos Months Ago

Canada’s banking regulator told the country’s biggest banks in April that Anthropic’s Claude Mythos could shrink their window to patch dangerous software flaws to almost nothing. The warning sat inside a private email for more than two months before the public saw a word of it.

Reuters pried the message loose through a records request. It names one Anthropic model, but the problem it describes, a shrinking gap between when a flaw surfaces and when someone weaponizes it, is bigger than Mythos and shows no sign of closing.

A Private Warning Surfaces After Months of Silence

The Office of the Superintendent of Financial Institutions, Canada’s federal regulator for banks, insurers and pension funds, sent the email on April 29 to chief technology officers, chief information security officers and chief risk officers across the industry, big banks and insurers included, according to documents obtained through an access to information request.

“Advanced artificial intelligence models, such as Anthropic Claude Mythos, significantly compress the timeframe for effective risk mitigation,” OSFI said in the email. “Accordingly, this bulletin is grounded in our existing guidance and outlines sound practices that institutions can adopt to enhance the speed and effectiveness of risk identification, mitigation and response.”

Additional contents of the email were redacted under Canada’s Access to Information Act. OSFI regulates the stability of the country’s financial sector, from banks to pension funds, and tracks risks that emerge from foreign interference, geopolitics and new technology.

OSFI is the same regulator that trimmed Canadian banks’ mandatory capital buffer for the first time since 2023 earlier this year. This time its message ran the other way, tightening expectations instead of loosening them.

After Reuters sent questions to OSFI last week, the regulator posted a public bulletin on generative and agentic artificial intelligence, on Monday. “OSFI takes a technology neutral, risk focused approach to emerging technologies, including advanced artificial intelligence models such as Mythos,” the regulator said. “Our focus is not the technology itself, but how federally regulated financial institutions govern and manage the risks associated with its use.”

What Makes Claude Mythos Different From Other AI Models?

Claude Mythos is Anthropic’s cybersecurity specialized frontier model, first previewed on April 7. Unlike a chatbot that describes a flaw, Mythos hunts for one, builds a working exploit, and checks whether it actually works, largely without a human steering each step. Anthropic never released it broadly because of exactly that ability.

Anthropic says it and roughly 50 partner organizations have used Mythos to find more than ten thousand vulnerabilities rated high or critical severity, in software that underpins much of the world’s critical infrastructure.

Independent testing backed that up. The UK’s AI Security Institute (AISI), a government body that has tracked AI cyber capability since 2023, found Mythos could solve 73% of expert level cyber challenges, a tier no earlier model had cracked at all.

On a simulated 32 step corporate network takeover, Mythos completed an average of 22 steps and finished the entire chain in three of ten attempts. Claude Opus 4.6, the next best model, averaged 16 steps and never finished.

Model Expert Level CTF Success Rate Average Steps Completed (of 32) on Network Takeover Test
Claude Mythos Preview 73% 22 (solved fully in 3 of 10 runs)
Claude Opus 4.6 Second best overall 16
GPT-5.4 and GPT-5.3 Codex Tied for third overall Not disclosed

When outside contractors manually reviewed a sample of the findings, they matched 89% of Claude’s severity calls exactly and agreed within one level on nearly all the rest, Anthropic said in its technical write up.

The targets included software long considered hardened. Testers cited a 27 year old bug in OpenBSD, an operating system built around a security first design, and a remote code execution flaw in FreeBSD’s network file sharing server that Anthropic catalogued as CVE-2026-4747.

Canada’s Big Banks Carry Decades-Old Code Into a New Race

Three of Canada’s big six banks, Royal Bank of Canada, TD Bank and BMO, have laid out plans to make money from AI investments as they shift from pilot projects toward chatbots, internal tools and less reliance on outside vendors. Bank of Nova Scotia, CIBC and National Bank have disclosed AI initiatives of their own.

None of the big banks would say whether they sit inside Project Glasswing, the vetted access program built around Mythos. Ottawa has confirmed it holds access to the program; which Canadian banks, if any, use it remains undisclosed.

The scramble followed Washington’s own. The pushed major banks toward Anthropic’s tools weeks before OSFI’s email went out, after the Treasury and Federal Reserve convened an emergency meeting of bank chief executives in Washington.

Some banks referred questions to the Canadian Bankers Association, which said the industry has invested heavily to protect the financial system and complies with OSFI’s cyber risk management and incident reporting rules.

The way we’re, the industry, dealing with it is building our own AI defenses. We’ll continue to do that.

Bruce Ross, RBC’s AI Group Head, said in a June interview that Mythos pointed to a shift in the cyberattack landscape, one where a fast response becomes essential because new attack methods can surface as soon as a vulnerability is identified.

Bank of Canada Governor Tiff Macklem said global financial systems need to “come to grips” with the risks posed by rapid advances in AI models like Mythos, a comment that followed his own financial sector resiliency group discussing the model with major banks and the finance department.

Skeptics Call the Scare Overblown

Cybersecurity researchers argue the panic is aimed at the wrong target. Global banks, tech firms and governments scrambled last spring to contain Mythos, yet the capability behind the alarm was arguably already loose.

“What we are seeing across the industry now is that people are able to reproduce the vulnerabilities found with Mythos through clever orchestration of public models to get very, very similar results,” said Ben Harris, chief executive of cybersecurity firm watchTowr.

Justin Herring, a partner at law firm Mayer Brown and a former cybersecurity deputy at New York’s financial regulator, focused on what Mythos has not delivered. “You have a significant increase in the volume of vulnerabilities discovered, but they don’t seem to have deployed a tool that helps you fix them,” Herring said.

JPMorgan Chase CEO Jamie Dimon said AI tools could eventually help banks defend themselves, but for now they are making companies more vulnerable, not less. The pattern predates Mythos: CrowdStrike’s 2026 Global Threat Report found AI enabled cyberattacks rose 89% year over year in 2025, before Mythos existed.

Some of the noise traces back to corporate rivalry as much as raw risk. Anthropic and OpenAI are racing each other toward competing stock listings, and weeks after Mythos arrived, OpenAI answered with its own cybersecurity model, GPT-5.5-Cyber, opening limited access to vetted security teams.

  • Ben Harris, CEO of cybersecurity firm watchTowr – says the vulnerabilities Mythos surfaced are already reproducible by combining public models anyone can access today.
  • Anthropic and financial regulators including OSFI, the IMF and the Bank of England – treat Mythos as a distinct threshold that justifies gated access and new supervisory guidance.
  • David Sacks, former White House AI and crypto czar – questions whether Anthropic is exaggerating for effect but says the underlying cyber risk is real.

Gary Marcus, an AI researcher and longtime Anthropic critic, described the company’s pattern in three words: “Scare, hype, release.”

A Regulatory Cascade Spans Five Continents

OSFI was not alone, and it was not first. Within days of the April 7 announcement, regulators on nearly every continent scheduled their own emergency sessions.

  • United States – Treasury Secretary Scott Bessent and then Federal Reserve Chair Jerome Powell convened the CEOs of Citigroup, Bank of America, Morgan Stanley, Wells Fargo and Goldman Sachs in Washington to discuss Mythos.
  • United Kingdom – The Bank of England’s Cross Market Operational Resilience Group briefed major banks, insurers and exchanges with the Financial Conduct Authority and the National Cyber Security Centre, after Governor Andrew Bailey said cyber risk had climbed the regulator’s rankings faster than any other category in recent years.
  • India – Finance Minister Nirmala Sitharaman convened banks and government officials on April 23, saying the country needs new and more versatile measures to counter emerging threats.
  • Japan – The Financial Services Agency hosted a joint public private meeting on April 24 and formed a working group to counter Mythos related threats.
  • Australia – The Securities and Investments Commission wrote to the financial services industry telling firms to fortify their cybersecurity systems.

The Financial Stability Board, the G20’s coordinating body for financial regulators chaired by Bailey, began drafting its own report on AI use in the financial system. The International Monetary Fund (IMF) went further, warning that AI cyber tools could turn into a macro-financial shock if regulators treated the issue as a narrow technical problem rather than a systemic one.

An analysis from the Cloud Security Alliance, an industry nonprofit focused on cloud and AI security, found Mythos wrote 181 working exploits in a Firefox benchmark alone, calling the jump from prior models a qualitative threshold rather than an incremental gain.

A separate assessment from the Bloomsbury Intelligence and Security Institute, a London based policy research group, warned that cyber operations are inherently asymmetric because attackers need one successful opening while defenders must secure everything at once. Its researchers pointed to a bug in the video tool FFmpeg that survived five million automated tests for 16 years before Mythos caught it.

Access to the defense is not equal, either. Euro zone banks remain excluded from Mythos entirely, European Central Bank President Christine Lagarde has praised Anthropic for limiting the rollout, and French AI firm Mistral began building its own rival model in response.

OSFI’s Bulletin Lands Right After Reuters Starts Asking Questions

Anthropic has been widening the circle since. On June 2 the company expanded Project Glasswing, its vetted coalition built around Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase and the Linux Foundation, to roughly 150 organizations across more than 15 countries.

On June 9 it released Claude Mythos 5 alongside a safeguarded sibling, Claude Fable 5, built for customers who need similar coding strength without the riskiest capabilities switched on. The U.S. Department of Commerce lifted restrictions on both models on June 30, and Anthropic restored broader access to Fable the next day.

Mythos 5 remains capped to a small group of vetted partners with a stated goal of opening up more broadly later, the company says on its product page.

None of that answers the question OSFI’s own bulletin leaves open: which Canadian institutions, if any, sit inside Project Glasswing right now. Ottawa says it has access. The banks are not saying whether they use it.

OSFI’s bulletin restates guidance the regulator already had on the books, this time updated for a model it once discussed only in private. The email that prompted it took more than two months to reach the public. The vulnerabilities Mythos found are still working through banks’ patch queues today.

Frequently Asked Questions

What Is Claude Mythos?

Claude Mythos is Anthropic’s cybersecurity focused frontier model, first previewed on April 7. It searches software for vulnerabilities, builds working exploits and tests whether they succeed largely on its own, which is why Anthropic chose not to release it broadly the way it releases its consumer Claude chatbot.

Which Companies Have Access to Claude Mythos?

Roughly 50 organizations got early access through Project Glasswing, including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase and the Linux Foundation. Anthropic expanded that to about 150 organizations across more than 15 countries by June 2. Canada’s government has confirmed it holds access, though it has not said which Canadian banks, if any, use it.

Is Claude Mythos Available to the Public?

No. Anthropic sells a safeguarded version called Claude Fable 5 to general customers, while Mythos 5 stays limited to vetted partners. Mythos 5 pricing runs $10 per million input tokens and $50 per million output tokens for those approved partners, and using it requires accepting a 30 day data retention policy for safety monitoring.

Why Did It Take Months for the Warning to Become Public?

OSFI sent its email to bank executives privately on April 29 through routine supervisory channels, with some sections later redacted under Canada’s Access to Information Act once Reuters requested the record. The regulator only posted a public bulletin covering the same ground after Reuters asked questions about the email, more than two months after it was first sent.

What Is Project Glasswing?

Project Glasswing is the vetted access and defense coalition Anthropic launched alongside Mythos, backed by about $100 million in Anthropic usage credits for partners hunting vulnerabilities in critical software before criminals find them. It has grown from an initial roughly 50 partners to about 150 organizations in more than 15 countries since April.

Leave a Reply

Your email address will not be published. Required fields are marked *