Anthropic has briefed the Financial Stability Board on its unreleased Claude Mythos AI model after the system demonstrated unprecedented cybersecurity capabilities that have alarmed global financial regulators. The FSB, chaired by Bank of England governor Andrew Bailey and including officials from the US, UK, Australia and China, received the emergency briefing as authorities scramble to assess systemic risks from AI systems that can exploit previously unknown IT vulnerabilities. **Key Facts** • Claude Mythos completed the "cooling tower" cybersecurity test in 3 out of 10 attempts — the first AI model ever to pass this benchmark • UK's AI Security Institute reported a "notable capability jump" from the previous month's version in its May 2026 assessment • Only select partners including Apple and JP Morgan have received access to the unreleased model • MorrowReport original: At current advancement pace, cyber task completion capabilities are doubling "on the order of months, not years" **Background** The Financial Stability Board's intervention represents the first time international regulators have directly engaged with an AI company over cybersecurity implications for global financial infrastructure. Anthropic declined to release Claude Mythos publicly, instead granting access to a limited group of technology companies and financial institutions. The timing reflects mounting concern among financial leaders about AI-enabled cyber threats. Goldman Sachs CEO David Solomon said he was "hyper-aware" of Mythos capabilities in April, while JP Morgan's Jamie Dimon warned that AI made cyber defence "harder" during the same period. The International Monetary Fund issued its own warning about AI financial stability risks this month, signaling coordinated regulatory attention across multiple institutions. The FSB's composition — spanning Western allies and China — indicates the global scope of concern. Unlike traditional cybersecurity threats that emerge from specific geographic regions, advanced AI capabilities can be deployed from anywhere with sufficient computing resources. **Critical Infrastructure Vulnerability Assessment** Claude Mythos represents a fundamental shift in the cyber threat landscape. The model's ability to identify previously unknown system flaws suggests it can discover vulnerabilities that human security researchers have missed. The "cooling tower" test, which Mythos passed 30% of the time, simulates attacks on critical infrastructure control systems. Financial institutions face particular exposure because their systems interconnect globally through payment networks, clearing systems, and trading platforms. A vulnerability discovered by Mythos in one major bank's infrastructure could potentially be exploited across multiple institutions using similar technology stacks. Traditional cybersecurity assumes human-level threat actors with finite time and resources. AI systems operate without these constraints, potentially scanning for vulnerabilities across thousands of systems simultaneously. The capability advancement timeline — measured in months rather than years — compresses the window for defensive responses. Industry observers suggest the regulatory response has been reactive rather than proactive. While Anthropic briefed the FSB voluntarily, no formal framework exists for governing AI systems with advanced cybersecurity capabilities. The selective access model creates information asymmetries that could disadvantage smaller financial institutions lacking relationships with major technology partners. **What To Watch: Three Indicators** Monitor FSB policy announcements through the remainder of May 2026 for new guidelines on AI cybersecurity risk management. Any formal recommendations will likely influence national regulatory approaches across member jurisdictions. The next G20 meeting agenda will indicate whether AI cybersecurity rises to head-of-state level discussions. Track access expansion beyond the current Apple-JP Morgan circle. Additional partnerships will signal whether Anthropic plans broader commercial deployment or maintains restrictive access controls. Financial institutions announcing new AI security partnerships may indicate underground capability sharing arrangements. Observe Bank of England monetary policy communications for cybersecurity risk assessments. Andrew Bailey's dual role as FSB chair and BoE governor positions him to integrate AI cyber risks into broader financial stability frameworks. Any stress testing scenarios incorporating AI-enabled attacks would represent a significant policy evolution. **How Will AI Cybersecurity Capabilities Affect Global Financial Systems in 2026?** AI systems like Claude Mythos will likely accelerate the arms race between cyber attackers and defenders. Financial institutions must invest heavily in AI-powered defensive systems to match emerging threat capabilities. This creates competitive advantages for institutions with access to advanced AI models while potentially destabilizing smaller players lacking such resources. Regulatory frameworks will probably emerge requiring disclosure of AI system capabilities that could affect systemic stability. **Three Ways AI Cyber Threats Are Already Reshaping Banking Security** Major banks are restructuring cybersecurity budgets to account for AI-enabled attacks, with JP Morgan and Goldman Sachs leading industry conversations about defensive capabilities. Traditional penetration testing methodologies may become obsolete as AI systems can identify vulnerabilities faster than human security teams can patch them. Regulatory compliance frameworks are evolving to incorporate AI-specific risk assessments. **Frequently Asked Questions** **Q: Why didn't Anthropic release Claude Mythos publicly like other AI models?** A: The model's advanced cybersecurity capabilities pose systemic risks if widely available. Anthropic chose selective access to prevent malicious exploitation while allowing security research. **Q: How does this affect smaller banks without access to advanced AI security tools?** A: Smaller institutions may face competitive disadvantages and higher cyber insurance costs. Regulatory authorities may need to provide shared defensive resources or mandate technology sharing agreements. **Q: What happens if other AI companies develop similar cybersecurity capabilities?** A: The FSB briefing sets precedent for regulatory engagement before public release. Multiple companies with such capabilities would likely trigger formal international coordination frameworks within months.