Canadian and global regulators rush to test their own defences as only a few players touch the model
Mythos, Anthropic’s new artificial intelligence model, can find hidden flaws in the software that runs banks, markets, and governments with a speed no human team can match — and Canadian regulators are openly wondering if that demands a “whole of government” response.
According to the Financial Post, Ontario Securities Commission (OSC) chief executive Grant Vingoe said he “wonder[s] if the technology is so transformative that we need a different approach,” adding that AI might need its own “bespoke” regulatory regime.
He said fast‑developing AI is poised to reshape capital markets functions, from pricing investments and synthesizing information to conducting asset management.
Until now, the OSC has applied traditional securities principles in a “technology neutral” way, setting rules so that “same risks (and) same activities” face the same regulation.
But Vingoe said he now sees “fear” when he speaks to investment professionals and asset managers, who worry that AI could overhaul the entire investment process and displace the skilled professionals who run it.
According to the Financial Post, Vingoe suggested that if Canada does adopt a different approach, it “likely” will not come from securities regulators alone.
He said it would “require a whole of government approach when you consider the potential economic consequences, where whole areas of work might disappear.”
Canada has already escalated Mythos to a system‑level risk.
The Financial Post reported that government, regulatory and industry bodies, including the Canadian Financial Sector Resiliency Group chaired by the Bank of Canada, have held closed‑door meetings on the model.
The group’s members include the Autorité des marchés financiers (AMF), the Office of the Superintendent of Financial Institutions (OSFI), the federal Finance Department, the Canadian Centre for Cyber Security, and technology experts from the big banks.
Sources in Canada’s financial sector told the Financial Post that officials are keen for the Bank of Canada, which oversees the payments system, and OSFI, which oversees the banks, to take the lead.
Bank of Canada governor Tiff Macklem said the resiliency group has already met twice this month to discuss Mythos, and that he has been in touch with US Federal Reserve chairman Jerome Powell about the risks.
Macklem added that the Minister of Finance has been speaking with the US Secretary of the Treasury about the American approach.
The New York Times reported that Anthropic described its new AI model as “too dangerous to release widely.”
That warning prompted Mythos to respond.
The company named 11 partner organisations — all US‑based — to help mount a defence.
Anthropic has said Mythos is uncannily capable of finding and exploiting “hidden flaws” in critical software and has restricted access to a small set of large banks, technology companies, and infrastructure providers.
When Anthropic made Mythos available to select customers, it said the model had already “found thousands of high-severity vulnerabilities,” including some in “every major operating system and web browser.”
The Financial Times reported that some of those flaws had gone undetected for decades.
The company warned it would “not be long before such capabilities proliferate” and that the fallout for economies, public safety, and national security “could be severe.”
Britain’s AI Security Institute tested Mythos and confirmed that it could carry out complex cyberattacks no previous AI model had completed, which UK AI minister Kanishka Narayan called “a step up in AI cyber capabilities,” according to The New York Times.
Banks meanwhile are racing for controlled access.
Reuters reported that Anthropic has restricted Mythos to partners in its Project Glasswing and about 40 organisations that build or maintain critical software infrastructure.
JPMorgan is the only bank Anthropic has publicly confirmed as a partner, while Bank of America has been testing the technology internally.
According to the outlet, Morgan Stanley chief executive Ted Pick told analysts the bank “is permissioned on Claude Mythos Preview.”
Goldman Sachs CEO David Solomon said “we have the model” and are working closely with Anthropic and security vendors “to kind of harness frontier capabilities wherever it’s possible,” while Citigroup is using Mythos for internal tests.
Some banks without access have questioned whether Mythos should be opened more broadly and whether JPMorgan gained an advantage, a topic likely to be raised with the US Treasury.
Multiple senior banking and regulatory sources in Europe told Reuters they were not aware of any European financial institution with access yet.
Deutsche Bank CEO Christian Sewing said Mythos is “not something that’s causing panic or setting off any alarm bells” but still needs to be factored into “day-to-day risk management.”
He told the outlet that everyone wants access to the system but that tight controls remain appropriate for now.
Barclays CEO CS Venkatakrishnan described Mythos as “a serious threat to the global banking system” that is likely to be followed by similar, more powerful cyberthreats.
