IMF Warns AI Cyber Risks as Anthropic's Mythos Model Accessed by Unauthorized Users

The International Monetary Fund has warned that artificial intelligence systems, while enhancing cyber defences, could also dramatically lower the barrier to launching sophisticated cyberattacks, citing Anthropic's Claude Mythos Preview as a case in point. The alert follows confirmation by Anthropic that it is investigating reports of unauthorized access to Mythos, a large language model capable of identifying and exploiting software vulnerabilities without explicit training for such tasks.

Mythos can detect zero-day flaws in open-source code and reverse-engineer exploits in closed systems, turning known vulnerabilities into attack tools autonomously. Anthropic stated the capabilities emerged unexpectedly from general-purpose reasoning and coding improvements, not targeted training, and noted the model produced a working exploit within hours. The company decided in April not to release the model publicly due to its potential misuse.

The risks are particularly acute for the financial sector, where interconnected digital infrastructure and legacy systems make rapid patching difficult. The IMF urged governments to treat AI-driven cyber threats as systemic risks requiring coordinated regulatory oversight, not just technical issues. Financial authorities worldwide are now assessing how AI could amplify cyber vulnerabilities in critical systems.

In India, Finance Minister Nirmala Sitharaman held an emergency meeting with the IT minister, bankers, and cybersecurity officials following the reports. Banks were directed to strengthen real-time threat intelligence sharing with CERT-In and report incidents proactively. A committee under SBI Chairman C.S. Setty was formed to evaluate the risks posed by AI models like Mythos.

The Reserve Bank of India has already introduced a 2025 framework for responsible AI adoption in finance. Anthropic continues its investigation into the unauthorized access, while Indian authorities await further risk assessments. The committee is expected to submit recommendations within six weeks.