Anthropic web page is seen in this illustration taken March 1, 2026. REUTERS/Dado Ruvic/Illustration
Anthropic web page is seen in this illustration taken March 1, 2026. REUTERS/Dado Ruvic/Illustration
Home » News » Business & Economy » Canada regulator cited Anthropic's Claude Mythos in warning to banks on cyber risks, email shows
Business & Economy

Canada regulator cited Anthropic's Claude Mythos in warning to banks on cyber risks, email shows

By Nivedita Balu

TORONTO, July 13 (Reuters) – Canada’s federal banking regulator warned the country’s largest financial institutions about the risks of Anthropic’s Claude Mythos and other advanced AI models, saying the new technology could increase cyber threats and reduce the time institutions have to identify and fix vulnerabilities, according to an email sent in April.

Video Thumbnail

The regulator, the Office of the Superintendent of Financial Institutions, sent the email to chief technology officers, chief information security officers, and chief risk officers across the financial industry, including the big banks and insurers, according to documents Reuters obtained through an access-to-information request. 

Regulators globally are trying to assess cybersecurity risks such as Anthropic’s frontier AI model Mythos. Cybersecurity experts say Mythos, an AI model described as extremely capable at finding and exploiting cybersecurity vulnerabilities, poses significant challenges to the banking industry and its legacy technology systems. 

“Advanced artificial intelligence models, such as Anthropic Claude Mythos, significantly compress the timeframe for effective risk mitigation,” OSFI said in the email.

“Accordingly, this bulletin is grounded in our existing guidance and outlines sound practices that institutions can adopt to enhance the speed and effectiveness of risk identification, mitigation and response.” 

Additional contents of the email were redacted due to some sections of the Access to Information Act. An acknowledgment of the risks of Mythos from OSFI could ensure Canadian banks, insurers and other regulated institutions invest in technology to protect clients from cyber risks. 

After Reuters sent questions to OSFI last week, the regulator on Monday posted a public bulletin on generative and agentic artificial intelligence online.

“OSFI takes a technology‑neutral, risk‑focused approach to emerging technologies, including advanced artificial intelligence models such as Mythos. Our focus is not the technology itself, but how federally regulated financial institutions govern and manage the risks associated with its use,” the regulator said in an emailed response to Reuters questions.

In early April, Canadian bank executives met with regulators to discuss the risks posed by Mythos shortly after U.S. Treasury Secretary Scott Bessent and then-Federal Reserve ​Chair Jerome Powell convened an urgent meeting with bank CEOs to warn of ‌cyber risks posed by Anthropic’s latest artificial intelligence model. 

OSFI sent the email to company executives on April 29.

RAPIDLY CHANGING LANDSCAPE

OSFI is responsible for regulating and maintaining the stability of Canada’s financial sector, from banks to pension funds, and identifying risks emerging from foreign interference, geopolitics and new technology.

The cyber capabilities of some frontier AI systems are considered so powerful that access has been restricted, with euro zone banks currently excluded from Mythos. 

Anthropic has also had a tumultuous relationship with the U.S. government. A judge blocked its initial blacklisting by the Pentagon in March, and the conflict has eased following the private release of Anthropic’s Mythos.

Three of Canada’s big six banks – Royal Bank of Canada, TD Bank and BMO – have outlined a plan to earn millions from their investments in AI as the banks moved from experimental AI projects to applying them in chatbots, building internal tools and lowering their reliance on third-party tools.

Bank of Nova Scotia, CIBC and National Bank have also disclosed several AI initiatives.

The Canadian government has said it has access to Anthropic’s Project Glasswing, which allows companies to have access to Mythos. It is not clear which, if any, banks in Canada are using it. Some banks deferred comments to the Canadian Bankers Association, which said banks have invested heavily to protect the financial system and are complying with robust requirements from OSFI on cyber risk management and incident reporting.In an interview in June, RBC’s chief technology officer Bruce Ross said Mythos underscored a shift in the cyberattack landscape, making it imperative for organizations to respond rapidly since attack methods can emerge as soon as new vulnerabilities are identified.

“The way we’re (the industry) dealing with it is, building our own AI defenses… we’ll continue to do that,” Ross said. 

 

(Reporting by Nivedita Balu in Toronto; Editing by Caroline Stauffer and Deepa Babington)

Image

Image

By Nivedita Balu | Reuters | © Copyright Thomson Reuters 2026.

Related posts

Leave a Comment