Anthropic’s latest AI tools could disrupt the market, but not for the reasons investors are used to these days.
The AI giant, which has announced new tools and updates that have shaken up parts of the market this year, recently developed a new model aimed at improving cybersecurity. But the model risks exploiting key vulnerabilities in the financial sector, posing risks ranging from widespread identity theft to financial system instability, the Securities Institute said.
In an open letter to the Treasury Secretary on Thursday, the industry group expressed concerns about Claude Mythos, a “general purpose” AI model announced by Anthropic in early April.
The model falls under Project Glasswing, the company’s broader cybersecurity initiative, which can discover “thousands of high-severity vulnerabilities” in the code of “all major operating systems and web browsers,” the company said on its website.
If used by a malicious actor, the ASA speculates that the tool could be used to hack into the Securities and Exchange Commission’s unified audit trail, a centralized database containing investors’ personal information.
The group’s letter comes about a week after it was reported that Treasury Secretary Scott Bessent and Federal Reserve Chairman Jerome Powell had convened an emergency meeting of CEOs from major U.S. banks to warn them of the cyber risks posed by Mythos.
“The subject matter of this meeting confirms what the ASA has been warning for years: The U.S. Securities and Exchange Commission’s (SEC) Consolidated Audit Trail (CAT) is a critical cybersecurity vulnerability waiting to be exploited. This is no longer a hypothesis. The threat is here, it has been identified, and it has a name,” the letter said, referring to Mitos.
The ASA has long opposed the use of unified audit trails, citing data privacy concerns.
The group outlined six specific risks it believes Mythos may pose to investors.
- mass identity theft. The letter states that private investors’ personal information could be compromised “in a single breach.”
- Trading strategies and portfolio exposures. This breach could also expose sensitive information about investors’ positions.
- Leverage financial market intelligence. This data could be used as a “special weapon” by foreign countries such as China and Russia.
- Exploitation of software vulnerabilities. “Mythos excels at finding exactly the kind of decades-old dormant flaws that permeate the middleware, data feeds, browsers, and operating systems that underpin CAT’s vulnerable architecture,” the group said.
- Insider threat risk. The letter says this data could be used by “malicious insiders” at the company.
- “Systematic disruption of financial markets.” The group estimates that if a malicious actor were to access the information, it could trigger a mass liquidation of risky assets, leading to a cascading “failure of the entire financial system.”
The group outlined steps that regulators could take, including suspending CAT and deleting data collected by the platform.
Anthropic described Mythos as a work in progress on its website, and also mentioned the potential implications if the technology were used by bad actors.
“Given the speed at which AI is advancing, it will not be long before such capabilities proliferate beyond the actors dedicated to securely deploying them. The economic, public safety, and national security implications could be profound,” the group said on its website.
Anthropic and the U.S. Treasury Department did not immediately respond to requests for comment from Business Insider.