ECB Questions Banks on Risks from Anthropic's Mythos
European Central Bank supervisors are actively gathering information from banks about the risks posed by Anthropic's new AI model, Mythos. The ECB plans to quiz banks during its regular supervisory dialogue to assess preparedness for cyberthreats that experts say could be amplified by the model's advanced coding and vulnerability-discovery capabilities. Anthropic is limiting general access to the current Claude Mythos Preview and has launched Project Glasswing, inviting major tech firms, cybersecurity vendors and several banks to run private evaluations. U.S. and U.K. authorities have also sounded alarms, and U.S. central bankers and Treasury officials are engaging with the industry on safeguards and resilience.
What happened
The European Central Bank is gathering information and will question banks about potential cyber risks arising from Anthropic's new AI model, Mythos. ECB supervisors will use their routine supervisory dialogue to probe bank preparedness rather than convene a special meeting with top executives. The move follows industry warnings that Claude Mythos Preview can generate high-level code and identify system vulnerabilities, elevating cyberattack risk for financial institutions.
Technical details
Anthropic has restricted broad access to Claude Mythos Preview and launched Project Glasswing to coordinate private testing with selected partners. Key practical points for practitioners:
- •Participants invited to Project Glasswing include major tech companies, cybersecurity vendors, JPMorgan Chase, and several dozen other organizations
- •The core concern is Mythos's ability to produce exploit code, reconnaissance scripts, and high-level attack plans by synthesizing system-specific prompts and code templates
- •Regulators are focused less on model architecture and more on operational exposures: legacy system patching, automated incident-response tooling, vendor risk, and detection blind spots
Context and significance
This is a clear escalation in regulatory attention to frontier models that can automate cyber offense techniques. The ECB action mirrors engagements by U.S. authorities; U.S. Treasury and Federal Reserve officials have recently convened bank leaders to discuss AI-related cyber risk, and national security and technology ministries in the U.K. have issued warnings. Anthropic's containment approach, using invitation-only testing and Project Glasswing, acknowledges the asymmetric risk of releasing powerful code-generation models into the wild. For banks, the episode highlights persistent vulnerabilities from legacy stacks and the need to treat advanced generative models as a new threat vector rather than only a productivity tool.
What to watch
Expect supervisory questionnaires probing patch management, incident response, red-team capabilities, vendor controls, and threat-hunting readiness. Private-sector participation in Project Glasswing and regulator-industry dialogues will shape guardrails for access controls, disclosure norms, and potential restrictions on model features that demonstrably enable exploitation.
Scoring Rationale
Regulatory engagement by the ECB and parallel U.S./U.K. actions makes this a notable development for practitioners, elevating operational and compliance priorities. The story affects risk management and vendor policies across banking, but it is not an industry-defining paradigm shift.
Practice with real Banking data
90 SQL & Python problems · 15 industry datasets
250 free problems · No credit card
See all Banking problemsStep-by-step roadmaps from zero to job-ready — curated courses, salary data, and the exact learning order that gets you hired.
