Anthropic's unreleased frontier AI model, Claude Mythos, has sparked global security alarms after demonstrating an unprecedented ability to autonomously identify and exploit "zero-day" software vulnerabilities in critical infrastructure.

Regulators and financial leaders warn that the model’s "superhuman" hacking capabilities could compromise global banking systems, payment networks like UPI, and stock exchanges within hours.

Key Security Exposures Found by Claude Mythos

During internal testing, Mythos uncovered thousands of vulnerabilities that had remained hidden for decades.

Long-Standing Flaws: It discovered a 27-year-old remote root exploit in OpenBSD, a highly secure operating system often used for financial firewalls.

Widespread Software Vulnerabilities: The model found a 16-year-old flaw in FFmpeg and chained together multiple vulnerabilities in the Linux kernel to gain full system control.

"Whole-of-System" Audits: Its 1-million token context window allows it to audit the entire architectural logic of massive platforms like India’s Aadhaar or national payment stacks in a single session, exposing deep structural errors invisible to standard tools.

Global Response & "Project Glasswing"

Because the model can autonomously weaponize exploits without human intervention, Anthropic has refused to release it publicly.

Project Glasswing: Anthropic formed this defensive coalition with tech giants like AWS, Google, and Microsoft to use Mythos for identifying and patching flaws before they can be exploited by adversaries.

Government Alarms:

India's Finance Minister Nirmala Sitharaman convened emergency meetings with the Reserve Bank of India (RBI) and major banks to assess risks to the national digital public infrastructure.

Regulatory Coordination: Officials from the U.S., UK, and Canada have also met with top banking executives to discuss how to defend against "machine-speed" cyberattacks that can reduce reaction time from days to mere seconds.

Impact on Financial Institutions"Survival Mode" Spending:

Indian banks are reportedly shifting IT budgets into "survival mode," drastically increasing cybersecurity spending to overhaul legacy systems that are now viewed as terminal liabilities.

Systemic Spillover Risk: Regulators warn that a breach in one institution could rapidly cascade across interconnected markets and payment systems.

Continuous Security: Banks are moving away from periodic compliance checks toward continuous real-time monitoring to counter AI-driven threats.