Bank of England Says UK Banks Lack Mythos Access

British banks still do not have access to Anthropic PBC's Mythos artificial intelligence model, Bank of England governor Andrew Bailey said in an interview with Bloomberg on the sidelines of a central banking conference in Reykjavik, as reported by Bloomberg, iTnews, and the Economic Times. Bailey said Anthropic was willing to share the models on a trial basis but "it hasn't happened yet and I think this has been somewhat caught up in the process with the US administration," according to Bloomberg and iTnews. Bailey is quoted saying access is "very important" given concerns about the risks involved, per Bloomberg. Reuters coverage adds that some cybersecurity experts told Reuters that fears of unfettered hacking enabled by the model are overstated. Bloomberg and the Economic Times also report that US President Donald Trump postponed signing a broader executive order on AI that had been expected to establish a voluntary framework for developer engagement prior to public release of advanced models.

Editorial analysis - technical context: Public reporting does not provide technical specifications of Mythos beyond framing it as a powerful, advanced model that raised concern when first disclosed six weeks earlier. The sources describe Mythos in the context of potential cyber misuse rather than specific architectural features. For practitioners, the operative technical point in the reporting is that banks seek access to a model for red-teaming and penetration testing of financial systems, which requires a model provider to offer controlled, auditable access or sandboxed test environments.

Central-bank level concern about model-enabled cyber risk highlights two intersecting governance challenges: how developers and governments manage pre-release engagement with critical infrastructure stakeholders, and how financial institutions validate defenses against advanced AI-aided threat scenarios. Bailey, who also chairs the Financial Stability Board, stressed a cross-border approach, saying spillovers from cyber risk are large and that "we can't just have a single sort of national approach," as reported by Bloomberg and iTnews. Reporting by Reuters and Bloomberg places the access issue within ongoing US policy moves; Bloomberg and the Economic Times note the postponement of a US executive order expected to create a voluntary pre-release engagement process for advanced models. Reporting also records dissenting views from cybersecurity experts to Reuters who say some fears about unfettered hacking are overstated, indicating there is not a single technical consensus on the magnitude of the risk.

For practitioners: observers should track three discrete signals. First, whether Anthropic or other advanced-model providers publish controlled-access programs or technical audit interfaces that explicitly support infrastructure red-teaming; Bloomberg and iTnews report Anthropic was willing to share on a trial basis. Second, whether the US administration or other national authorities formalize pre-release engagement requirements or voluntary frameworks; Bloomberg and the Economic Times report a postponed executive order that had been expected to address such coordination. Third, independent technical assessments and red-team reports, including those from banks, third-party security labs, or standard-setting bodies like the Financial Stability Board, that clarify concrete attack surfaces and practical exploitability claims; Reuters coverage cites cybersecurity experts who downplay some worst-case fears. These indicators will determine how readily banks and other critical-sector defenders can incorporate advanced models into threat simulations and mitigation planning.

Editorial analysis: The immediate, reported fact is limited access to Mythos for UK banks, with political and policy friction cited by Bailey as the proximate cause. Industry observers and practitioners should interpret the episode as a real-world example of the emerging tension between model capability disclosure, developer-government coordination, and the operational need for critical infrastructure defenders to test against the same tools that could be misused.