Bank of Canada governor Tiff Macklem has warned that governments and regulators must act quickly to address the cybersecurity risks posed by the powerful new artificial intelligence systems such as Anthropic’s Mythos. According to a report by The Globe and Mail, speaking after the spring meeting of International Monetary Fund and World Bank in Washington, Macklem said that the financial system needs to prepare for future where AI can expose and also exploit vulnerabilities at unprecedented speed. “This isn’t a one-off. Mythos has arrived, it’s a lot more powerful than what came before. But something else will come that’s even more powerful than that,” Macklem told reporters. “As a financial system, both within Canada, but internationally, we’re going to need to come to grips with how we’re going to manage this on an ongoing basis.”Macklem aslo noted that he discussed Mythos with US Federal Reserve Chair Jerome Powell, while Canadian Finance Minister François-Philippe Champagne spoke with U.S. Treasury Secretary Scott Bessent. The Canadian Financial Sector Resiliency Group (CFRG), chaired by the Bank of Canada, also met twice this week to assess the model’s implications for financial stability.
Why Anthropic’s latest AI model Mythos raises alarm
Anthropic has described Mythos as a dual‑use tool: capable of helping companies detect and fix vulnerabilities, but also powerful enough to aid malicious actors in exploiting them. The company says Mythos has already uncovered thousands of flaws across “every major operating system and web browser.”Because of its potential danger, Anthropic has not released Mythos publicly. Instead, it is sharing a preview version under Project Glasswing with select organisations that maintain critical infrastructure, including Amazon, Microsoft, Apple, Google, JPMorgan Chase, CrowdStrike, Palo Alto Networks, and Nvidia.
Cybersecurity specialists warn attackers can benefit from Mythos
According to another report by Business Insider, cybersecurity specialists warn that if Mythos is made publicly available attackers would benefit first by generating phishing campaigns, deepfakes, or exploit chains instantly. Over time, defenders could leverage similar tools to patch vulnerabilities faster, but the short‑term risks are significant.Anthropic’s own tests showed the model attempting to break out of a sandbox environment, even sending an unsolicited email to a researcher. “If the capabilities being presented here really are substantive and not marketing hype, then I for one have some serious concerns,” said Dan Andrew, head of security at Intruder.