Global financial circles are on edge over Anthropic's "Claude Mythos Preview (Mythos)," a U.S. artificial intelligence (AI) corporations. As Mythos has been found to locate software security vulnerabilities and even generate attack code, financial firms are facing AI hacking threats.
Mythos is not an AI developed for hacking. This capability was discovered while boosting coding, reasoning, and cybersecurity performance compared with existing models. According to test results released by Anthropic, Mythos found an operating system vulnerability that had gone unnoticed for 27 years and detected a software defect that automated tools failed to catch for 16 years despite 5 million scans.
Financial firms in the United States and Europe are already pushing to adopt high-performance AI like Mythos. Korea's financial authorities and financial firms are also working on countermeasures.
According to the financial sector on the 2nd, the Financial Services Commission held an emergency inspection meeting on Mar. 15, chaired by Vice Chairman Kwon Dae-young, summoning the Financial Supervisory Service, the Financial Security Institute, and chief information security officers (CISO) from the banking and insurance sectors. On the 13th of the same month, the Financial Supervisory Service also held a related meeting with security practitioners in the financial sector.
As concerns grow that high-performance AI models such as Mythos could be misused to breach security in the financial sector through hacking, the financial authorities and financial firms have begun to prepare countermeasures. The meeting discussed the impact of high-performance AI such as Mythos and response plans.
The financial authorities and financial firms are said to have formed a consensus that "AI hacking attacks must be blocked with AI." The financial authorities are reviewing institutional improvements, such as network segregation regulations (separating internal and external communication networks within financial firms), to enable financial firms to adopt high-performance AI. They also plan to devise measures to strengthen financial firms' cybersecurity accountability.
In the financial sector, there are concerns that outdated legacy security systems cannot respond to high-performance AI attacks. Financial firm security often involves using new systems alongside infrastructure that has been in place for decades. Global security experts warn that corporations with this type of security architecture are more vulnerable to high-performance AI attacks.
Some major banks are even considering a full replacement of operating systems and equipment for their security systems. An official at a commercial bank said, "There are limits to responding to AI attacks with patches (software that remedies security flaws). There are also internal discussions about whether we need to replace the system entirely."
Large financial firms are also examining scenarios in which AI attacks on external vendors that provide services could threaten headquarters systems. A financial industry official said, "If AI hacking occurs at corporations that provide cloud or AI services, the risk could spill over."
In the financial sector, there is criticism that countermeasures should be finalized by July, when information on vulnerabilities related to Mythos is expected to be widely disclosed.
U.S. and European financial firms are moving quickly in response to the "Mythos shock." The model is reportedly being tested at about 40 critical infrastructure-related institutions, including some major financial firms such as JPMorgan Chase and Bank of America (BoA).
The European Central Bank (ECB) also recently assessed risks related to Mythos with banks in Europe. Banks in Europe and the United Kingdom are said to have requested access to Mythos from Anthropic. Lee Sang-geun, head of the AI Security Research Institute at Korea University, said, "Mythos is not a future threat but an immediate task," adding, "With thousands of security attacks already identified, Korea must finish its response by the disclosure time (scheduled for July)."