New Regulatory Model May Be Needed to Address AI Threats Like Those Posed by Anthropic's Mythos, OSC's Vingoe Says

Anthropic’s Mythos model represents a new class of generative AI that can rapidly identify software vulnerabilities and generate exploit code, raising alarms across the financial sector. Its ability to automate threat discovery and accelerate decision‑making in pricing or risk assessment means that both cyber‑security teams and market participants must confront unprecedented speed and scale. Regulators are therefore grappling with whether existing securities rules—designed for human‑driven processes—can contain an AI that operates at machine speed.

In Canada, the response has evolved into a whole‑government effort. The OSC, Bank of Canada, Office of the Superintendent of Financial Institutions (OSFI), the finance ministry, and the Canadian Centre for Cyber Security have met repeatedly to map out a coordinated strategy. The Bank of Canada’s governor, Tiff Macklem, has even consulted with U.S. Federal Reserve Chair Jerome Powell, signaling that cross‑border dialogue is essential when AI risks can spill over national financial systems. This multi‑agency collaboration reflects a shift from siloed oversight to a unified front capable of addressing systemic threats.

Globally, Mythos could reshape regulatory philosophy. The traditional "technology‑neutral" stance—applying the same securities rules regardless of the underlying tech—may give way to AI‑specific mandates such as mandatory model documentation, audit trails, and real‑time integrity checks. Financial firms that adopt AI for pricing, portfolio construction, or client communication will need to embed compliance into their development pipelines. As AI becomes integral to capital markets, the precedent set by Canada’s whole‑government model may influence how regulators worldwide balance innovation with stability.