Mythos AI can hack banks in seconds:Governments worldwide on alert; is your money at risk?

AI company Anthropic’s chief, Dario Amodei, has warned about the risks of its new AI model ‘Claude Mythos’. It is considered so dangerous that the company did not release it for public use after developing it, but it somehow got leaked. Governments across the world are worried about Mythos. On 23 April, Finance Minister Nirmala Sitharaman convened a high-level meeting to discuss how to protect India’s banks from Mythos. According to The Indian Express, the government is in talks with senior officials at Anthropic. So what exactly is Mythos, is it really so powerful that it has triggered global panic, and could your bank deposits be at risk? Let’s understand in today’s explainer. What exactly is Mythos, and why are governments around the world worried? Just as OpenAI created its AI tool ChatGPT, Anthropic has developed Claude. Its job is to answer questions or perform tasks like coding within seconds. In simple terms, it is trained on vast amounts of data available globally and generates responses based on that. Now, Anthropic has developed a much more powerful version of Claude called ‘Claude Mythos’. The main reason it is in the spotlight is its ability to detect vulnerabilities in software used worldwide. For example, imagine a payment app like Google Pay on your phone. If payments slow down when connected to Wi-Fi due to a software flaw, engineers may take hours or even months to identify it. Mythos can detect such flaws almost instantly. The concern is that while this ability can be used to fix issues, in the wrong hands it can be exploited. Hackers could use the same vulnerabilities to cause damage. For instance, in recent years, hackers have breached trading and finance apps and siphoned off thousands of crores by exploiting software weaknesses. Is Mythos really the most powerful AI tool so far? Anthropic claims that Mythos has identified serious vulnerabilities in nearly all major operating systems like Android and Windows, as well as web browsers such as Google’s. One flaw it reportedly found had gone unnoticed for 30 years. To test its capabilities, several experiments were conducted. When an AI tool enters software, finds a flaw, and uses it to take control, it is called ‘autonomous exploit development’. Claude’s earlier model ‘Opus 4.6’ attempted this hundreds of times on Mozilla’s browser software but succeeded only twice. In contrast, Mythos attempted ‘exploit development’ 181 times and succeeded in taking control of the CPU in 29 cases. In another experiment called ‘Mythos Preview’, engineers asked it overnight to find a way to remotely control a computer. By morning, Mythos had built a complete system. The UK’s AI Safety Institute (AISI) also tested these claims through a trial called ‘The Last Ones’. Mythos completed up to 73% of real-world hacking tasks—far higher than previous AI models. In another test involving 32 steps to fully control a system, Mythos succeeded 3 out of 10 times and completed an average of 22 steps. According to AISI, this would take a human around 20 hours—and no previous AI had achieved it. Unlike other AI models that struggle as tasks become more complex, Mythos showed no such limitation. Why is Mythos being called the most dangerous AI model yet? A key factor is its ‘agentic behaviour’. This means the AI can make decisions, plan tasks, and execute them independently without human supervision. Mythos excels at this. This raises concerns that even someone with no technical knowledge could use Mythos to carry out hacking. It does not require step-by-step instructions like earlier systems. Anthropic stated on 7 April:
“We did not intentionally teach Mythos these capabilities. It developed them through its coding, reasoning, and autonomy. These abilities make it better at both fixing and exploiting vulnerabilities.” The concern deepens because Mythos was not officially launched, yet it has been leaked. If Mythos was not released, how did it get leaked? Anthropic had restricted Mythos from commercial release due to safety concerns. Meanwhile, it launched ‘Project Glasswing’. The aim was to allow companies like Apple, Google, and Nvidia to use Mythos internally to strengthen their systems against future threats. According to a Bloomberg report, on 27 March—the day Mythos was announced—some users accessed it via a private chat despite restrictions. Another report suggested that a draft blog post announcing Mythos was accidentally left in a publicly accessible online data store. Along with it, nearly 3,000 digital assets were also exposed. This data was discovered by researcher Roy Paz and later removed. Anthropic said the leak occurred due to human error. The leaked data also revealed that the company is working on another AI model named ‘Capybara’. Can Mythos really drain your bank account instantly? Banks, financial firms, and trading platforms operate through online software systems and are frequent targets for hackers. If a tool like Mythos falls into the wrong hands, it could potentially hack entire systems and manipulate transactions. This is why multiple countries are concerned. In the US, Federal Reserve Chair Jerome Powell and Treasury Secretary Scott Bessent held a closed-door meeting with bank CEOs to discuss cybersecurity risks posed by Mythos. In India, Nirmala Sitharaman has instructed banks to strengthen monitoring systems and develop mechanisms to counter such threats. The IT Ministry has also formed an ‘AI Governance and Economic Group’ to strengthen policy frameworks. Canada’s Finance Minister François-Philippe Champagne said the issue was discussed at the IMF meeting, calling it serious enough to demand global attention. Bank of England Governor Andrew Bailey also stated that the impact of such AI models on cybercrime must be closely examined. The European Union has raised its concerns with Anthropic as well. What does Anthropic say about the risks posed by Mythos? Anthropic says that until recently, AI models could only detect minor software issues. Now, advanced models can identify major vulnerabilities and either fix or exploit them. The company believes that defensive capabilities, detecting and fixing flaws, will eventually dominate, making systems more secure. However, experts remain cautious. Former head of the UK’s National Cyber Security Centre, Ciaran Martin, said: “Mythos’s capabilities have shaken people. Existing software vulnerabilities have not been adequately addressed, and Mythos can easily exploit them.” That said, the UK’s AISI noted that systems with strong cybersecurity measures are less likely to be affected. Systems with weak security remain the most vulnerable.