The Australian Securities and Investments Commission (ASIC) warned financial firms to strengthen cyber defenses, citing advanced AI models such as Anthropic’s Mythos as exposing software flaws, according to Reuters. ASIC Commissioner Simone Constant said firms should act before the threat becomes clearer and focus on basic cyber resilience measures.
Regulatory Context
The warning came a month after the Australian Prudential Regulation Authority issued its own alert about security practices struggling to keep up with AI. Separate research from the Cambridge Centre for Alternative Finance found only 20% of regulators had advanced AI adoption and that supervisors lagged financial firms in tracking emerging harms.
Mythos Exploit Capabilities
Anthropologic’s Mythos Preview extends beyond identifying vulnerabilities—it can write working exploits for software flaws. The model independently found and exploited a 27-year-old bug in OpenBSD, an open-source operating system built for security. Mythos also used CVE-2026-4747 to achieve remote code execution as root through Network File System (NFS) on FreeBSD, another open-source operating system.
Anthropic stated the model found thousands of high-severity vulnerabilities in major operating systems and web browsers, many of which had gone undetected for years or decades. Access to Mythos Preview is limited, and Project Glasswing brings together Amazon Web Services, Apple’s security teams, Google, Microsoft, NVIDIA, and others to secure widely used software before similar tools spread.
Impact on Cybersecurity Economics
The capability significantly alters the cost and timeline for launching cyberattacks. Bugs once treated as low risk now pose greater concern because Mythos Preview can build exploits in hours—work that expert penetration testers said would have taken weeks using traditional methods. This shift means financial firms and other organizations may need quicker patch cycles and more automated defenses.
Tests on other frontier AI models suggest advanced cyber skills accompany broader AI progress, indicating the threat is likely to grow.
FAQ
What is Mythos and why is it a concern for financial firms?
Mythos is Anthropic’s advanced AI model that can identify software vulnerabilities and write working exploits. ASIC warned financial firms because Mythos can expose security flaws in widely used systems, reducing the time and cost required to launch cyberattacks to the price of an API key. The model has demonstrated the ability to find thousands of high-severity vulnerabilities in operating systems and web browsers.
How quickly can Mythos generate exploits compared to traditional methods?
Mythos can build exploits in hours, whereas expert penetration testers said the same work would have taken weeks using traditional methods. This acceleration fundamentally changes cybersecurity economics and the urgency of patching vulnerabilities.
What are regulators doing to address AI-driven cyber risks?
ASIC advised financial firms to strengthen cyber defenses and focus on basic cyber resilience measures before threats become clearer. The Australian Prudential Regulation Authority issued a similar warning about security practices lagging AI development. Project Glasswing, involving major technology and cloud companies, works to secure widely used software before similar exploit-generation tools become widespread.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
