UK Regulators Rush to Assess Risks of Latest Anthropic AI Model, FT Reports

The UK’s rapid convening of the Bank of England, FCA and the National Cyber Security Centre reflects a growing consensus that generative AI models pose more than just operational challenges—they introduce novel attack surfaces. By focusing on Claude Mythos Preview, regulators are probing how an AI trained to identify software flaws could inadvertently expose those same weaknesses to malicious actors. This proactive stance aligns with broader European efforts to embed AI risk assessments within existing cyber‑security frameworks, signaling a shift toward pre‑emptive governance rather than reactive remediation.

Anthropic’s Project Glasswing positions the Claude Mythos Preview as a defensive tool, granting limited access to select institutions for vulnerability discovery. While the model’s claim of detecting thousands of flaws suggests a powerful augmentation of traditional pen‑testing, the opacity around its training data and decision‑making raises concerns about false positives, model bias, and potential over‑reliance. Financial firms that integrate such AI must balance the speed of automated discovery with rigorous validation processes, ensuring that identified issues do not become new vectors for exploitation.

Cross‑border coordination is already evident, with the U.S. Treasury Secretary consulting Wall Street banks on the same AI risk profile. This transatlantic dialogue could pave the way for harmonized standards, influencing future policy such as the UK’s AI Regulation Bill and the EU’s AI Act. For the financial sector, the outcome may dictate mandatory AI‑risk audits, disclosure requirements, and possibly the certification of AI tools before deployment, reshaping how banks, insurers and exchanges approach both innovation and resilience.