UK financial regulators are holding urgent talks with banks and cyber security officials after Anthropic’s latest artificial intelligence model revealed widespread vulnerabilities in critical systems.

According to the Financial Times, officials from the Bank of England, Financial Conduct Authority and HM Treasury are working with the National Cyber Security Centre to examine risks linked to the model, Claude Mythos Preview. Two people briefed on the discussions said major banks, insurers and exchanges will be warned about the findings at a meeting within the next fortnight.

The response follows action in the US, where Treasury secretary Scott Bessent convened Wall Street bank leaders to discuss the tool’s capabilities. Authorities on both sides of the Atlantic are assessing how the technology could expose weaknesses that might be exploited by malicious actors.

Anthropic said last week that the model had already identified “thousands of high-severity vulnerabilities, including some in every major operating system and web browser”. The company added that some of these flaws had remained undetected for decades and warned that “the fallout – for economies, public safety, and national security – could be severe.”

The issue is set to be discussed at the next meeting of the Cross Market Operational Resilience Group, which brings together regulators and financial firms to assess systemic threats. The group is co-chaired by Duncan Mackinnon, the Bank of England’s executive director for supervisory risk, and David Postings, chief executive of UK Finance.

David Raw, managing director for resilience at UK Finance, said “We are aware of the press reports on the Anthropic AI development and the risks highlighted.” He added that the organisation engages with members and public sector partners on “any significant operational risks that could affect the resilience of the UK financial services sector”.

The Bank of England has not yet triggered its rapid-response Cross Market Business Continuity Group, which can convene within hours during acute threats. Officials have instead continued monitoring developments as part of existing resilience frameworks.

Separately, Bloomberg reported that the UK’s AI Security Institute is testing Mythos alongside other leading models, while policymakers consider introducing standardised testing for AI systems used by lenders. The move follows earlier warnings from the Bank’s Prudential Regulation Authority that banks were not reviewing AI models frequently enough.

Recent cyber attacks on major UK companies, including retailers and manufacturers, have heightened concern among regulators about emerging threats to operational resilience.

---