Accessing Mythos: It’s barely three weeks since Anthropic made Claude Mythos public on April 7 and it’s hard to recall a development that’s caused as much cybersecurity alarm in such a short space of time.Earlier this week, Michael Theurer, the chief supervisor of Bundesbank, Germany’s financial regulator, echoed APRA’s concern, telling Reuters that European banks need access to Claude Mythos to defend themselves against the sort of cyberattacks this type of model could make possible.”I consider “‹it necessary that the European Commission and governments in Europe now also approach the company, or rather the United States, to request that the technology be shared. There has to “‹be an official request so that we in Europe can also benefit from the insights,” Theurer said.Anthropic has reportedly privately indicated that it will soon give banks outside the US access to Claude Mythos. However, the reference to the US in Theurer’s remarks alludes to the possibility that the timing of this access might be affected by the political relationship between the EU and the Trump administration.Given the interdependence of global banks, it seems unlikely that the US administration would delay wider access to Claude Mythos, even as it negotiates to resolve its recent public spat with Anthropic over the company’s designation as a supply chain risk. However, given recent complaints that only US tech companies have so far been given access via the Claude Mythos industry program, Project Glasswing, it’s clear there is some unease.
Targeting will ‘skyrocket’: The underlying worry, of course, is institutional interconnectedness; an attack on one financial organization could easily turn into a wider systemic problem if the flaw is severe enough.According to Joe Brinkley of penetration testing firm Cobalt, “the barrier to entry for state-level cyber capabilities has now been lowered to the cost of an API key.” And given that banks currently take weeks to fix high-severity vulnerabilities, this underscores the need for change, he pointed out.”Organizations that continue to treat offensive security as a periodic check-box exercise rather than a continuous, AI-integrated function are effectively waiting for the inevitable,” Brinkley said. “If the banking sector doesn’t automate its defense to match the speed of the attack, the targeting of financial services will skyrocket as the easy wins become fully automated.”Additionally, according to Steve Tait, CTO at cloud security company Skyhigh Security, AI models such as Claude Mythos represent an opportunity as well as a threat. “Cybersecurity has always been an arms race, and pairing security expertise with advanced AI solutions will help teams fight AI with AI,” he said. “If both attacker and defender have access to the same models, then the playing field will be the same as it is today: broadly equal but moving at a thousand miles an hour.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4165751/bank-regulator-sounds-warning-over-cybersecurity-threat-posed-by-ai-models.html
