Australia’s market regulator has publicly acknowledged that it, along with regulators around the world, is closely monitoring the development of Anthropic’s Mythos model, spurring a rapidly expanding international regulatory response starting with the Bank of England, the US Federal Reserve and the Treasury. ECB President Lagarde warned that the governance framework was not yet in place.
The Australian Securities and Investments Commission (ASIC) confirmed on Monday that it is monitoring the development of Anthropic’s frontier AI model Mythos and its potential impact on Australian financial markets, Reuters reports.
“ASIC is closely monitoring these developments with fellow regulators to assess the potential impact on the Australian market.” An ASIC spokesperson said:
“ASIC works closely with other regulators, government agencies and the financial sector to understand and respond to changing technology.”
EU technology 💜
The latest rumors from the EU tech industry, the story of the wise founder Boris, and some questionable AI art. Delivered to your inbox for free every week. Sign up now!
The regulator added that it expects financial services licensees to “take the lead” in protecting their customers and clients.
ASIC’s statement is the latest in a series of global regulatory responses to Mythos, an advanced AI model that Anthropic launched on April 7, 2026 under a restricted access program called Project Glasswing.
Anthropic claimed that its model successfully identified and exploited zero-day vulnerabilities in all major operating systems and web browsers. According to the company, this feature is intended to accelerate defensive security efforts, but regulators have identified this vulnerability as a potential system risk if a threat actor gains access to the model’s functionality.
The response from financial regulators has been swift, with unusual coordination for a technology event. Speaking at Columbia University in New York, Bank of England Governor Andrew Bailey warned that Mythos could “poke a hole in the entire world of cyber risk” and called on regulators to urgently assess the extent to which the model can identify and exploit vulnerabilities in financial infrastructure.
The Bank of England’s Cross Market Operational Resilience Group (CMORG) and its AI Taskforce then scheduled a meeting to discuss Mythos in the coming weeks. European Central Bank President Christine Lagarde told Bloomberg TV that there is currently no governance framework that “can actually take these things into account” and frankly acknowledged that regulatory infrastructure has not kept pace with technology.
In the US, Treasury Secretary Scott Bessent and Federal Reserve Chairman Jerome Powell convened an emergency meeting of major bank CEOs to discuss the cyber risk implications of Mythos.
The meeting was held while bank leaders were already in Washington to attend a Financial Services Forum board meeting, CNBC confirmed. JPMorgan Chase CEO Jamie Dimon was the only major bank CEO not to attend.
A Treasury spokesperson subsequently confirmed the meeting and said the ministry will continue to lead further meetings with regulators and agencies.
On the commercial side, a major US bank has begun internal testing of Mythos for defensive purposes. Goldman Sachs CEO David Solomon told analysts on a quarterly earnings call that the bank has access to models and is “hypersensitive” to the enhanced capabilities of the new AI system.
JPMorgan Chase was named as an initial partner in Project Glasswing, along with about 40 companies including Amazon, Apple, Google, Microsoft, and Nvidia.
Anthropic has committed $100 million in credits to these partners and $4 million in credits to open source security organizations, with the express goal of building defensive capabilities prior to the release of public features.
The core risks that regulators are assessing are structural rather than individual. Financial institutions operate technology stacks that layer decades-old legacy systems with modern cloud infrastructure, creating accumulated technical debt and undiscovered vulnerabilities.
Because the banking sector relies heavily on a small number of integrated cloud providers, AI models well-equipped to exploit vulnerabilities in these providers’ systems could be cascaded across the financial system.
IBM Senior Vice President Rob Thomas publicly criticized Anthropic’s approach to restricting access, arguing that: “Security is often improved through scrutiny rather than concealment.”
Anthropic CEO Dario Amodei defended the limited rollout, writing: “It’s clear that getting this wrong is dangerous, but if we get it right, we have a real opportunity to build a fundamentally safer internet and world.”
Relations between Anthropic and the U.S. government remain complicated by other disputes. The Department of Defense designated Anthropic as a supply chain risk to national security, but the company challenged this classification in court.
A federal appeals court denied Anthropic’s request for a temporary designation injunction, barring it from contracts with the Department of Defense, but a separate preliminary injunction allows the company to continue working with other government agencies while legal challenges proceed.
