TechTarget and Informa Tech’s Digital Business Combine. TechTarget and Informa TechTarget and Informa Tech’s Digital Business Combine. Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities. Dark Reading Resource Library Black Hat News Omdia Cybersecurity Advertise Newsletter Sign-Up Newsletter Sign-Up Cybersecurity Topics Related Topics Application Security Cybersecurity Careers Cloud Security Cyber Risk Cyberattacks & Data Breaches Cybersecurity Analytics Cybersecurity Operations Data Privacy Endpoint Security ICS/OT Security Identity & Access Mgmt Security Insider Threats IoT Mobile Security Perimeter Physical Security Remote Workforce Threat Intelligence Vulnerabilities & Threats Recent in Cybersecurity Topics Сloud Security If AI's So Smart, Why Does It Keep Deleting Production Databases? If AI's So Smart, Why Does It Keep Deleting Production Databases? by Alexander Culafi May 1, 2026 4 Min Read Сloud Security TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack by Rob Wright Apr 30, 2026 6 Min Read World Related Topics DR Global Middle East & Africa Asia Pacific Latin America See All The Edge DR Technology Events Related Topics Upcoming Events Podcasts Webinars SEE ALL Resources Related Topics Resource Library Newsletters Podcasts Reports Videos Webinars White Papers Partner Perspectives Dark Reading Resource Library Cyber Risk Vulnerabilities & Threats ICS/OT Security Application Security News Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia Pacific Claude Mythos Fears Startle Japan's Financial Services Sector Global financial institutions are panicked over Anthropic's new superhacker AI model. Cyber experts aren't quite as worried. Nate Nelson , Contributing Writer April 30, 2026 5 Min Read Source: GK Images via Alamy Stock Photo While the world waits to see if Anthropic's Mythos model is really as scary as people say it is, the financial services industry in Japan is establishing a task force dedicated to addressing the cyber threat it poses. On April 24, the people who manage the world's fourth largest economy — Japan's finance minister, the governor of its central bank, presidents of its three megabanks, and a senior executive of its stock exchange — gathered at the headquarters of Japan's Financial Service Agency in Tokyo. There, they agreed to form a working group to address the fact that artificial intelligence (AI) may now be able to totally undermine the systems underpinning their industry. According to Anthropic, during testing, the new Mythos model was able to identify previously unknown vulnerabilities in every browser and operating system (OS) it was presented with. It found both new and old issues — one that's lasted for 27 years, undetected until now — and in one case chained together four vulnerabilities in an exploit chain. It's little wonder, then, that in a press conference , finance minister Satsuki Katayama characterized the mere existence of Mythos as "a crisis that is already upon us." At the same event, one of those Japanese bank executives put it in more concrete terms, saying, "If we were hit by an attack and customer information were leaked, we might have no choice but to shut down our systems and conduct all transactions in cash." Related: Lotus Wiper Attack Targets Venezuelan Energy Firms, Utilities Cybersecurity experts question whether Mythos really is such a crisis point. If it is, Japan and the rest of the world might be less equipped to handle it than the US. Though Anthropic met with Japan's ruling Liberal Democratic Party (LDP) on April 20, it has thus far restricted access to Mythos to a tight circle of organizations distributed unequally around the globe. Anthropic Gatekeeps its Tech From Global Orgs Short of not building it in the first place, Anthropic has taken the second most responsible precaution possible for Mythos, providing access to only a select circle of high-value organizations for cybersecurity purposes. Predictably, leaders of organizations not previously included in Anthropic's VIP list have been clamoring for access. In an interview with Reuters , for instance, a major regulator at Germany's central bank publicly pressured European banks to demand the same access afforded their American counterparts. Were Anthropic to give into access creep, it would expose Mythos to unauthorized access in proportion. Case in point: the Mythos inner circle has already been undermined by individuals linked to an Anthropic contractor , who used leaked information about the company's model naming conventions to simply guess its endpoint. Related: Cyberattacks Intensify Pressure on Latin American Governments Alex Orleans, head of threat intelligence at Sublime Security, urges organizations to stop and think. "Most organizations seem to be experiencing some level of the Frankenstein reflex: Mythos as a capability feels new and frightening, which means everyone wants to get their hands on it. That doesn't mean everyone would know what to do with it or even necessarily need it to address their current threat models," he argues. For example, he adds, "You don't necessarily need access to Mythos to understand that its most direct implications are related to potential exploitation of extant perimeter assets or vulnerability identification when it comes to in-development products." Proofpoint CSO Ryan Kalember suggests an even simpler resolution: Instead of worrying about who can and can't touch Mythos, he says, "I think this gets solved on its own, because the other models will catch up." Anthropic could not immediately be reached for comment on this story. How Serious a Threat is Mythos? Few industries stand to lose more from cyber insecurities than the financial sector. The global financial system is buoyed only by the trust that the public has in institutions. Almost everything about that system — from the money supply at large, to the single number that represents your personal net worth — is little more than data recorded in systems protected by cybersecurity defenses. Related: Middle East Conflict Highlights Cloud Resilience Gaps "Banks have some of the most capable cybersecurity teams on the planet, and they have tended to not have a shortage of tools or capabilities," Kalember says, acknowledging that the financial sector is unusually exposed to large-scale, long-tail risks. Using the US electric grid as a counterexample, he says, "The reason some critical infrastructure is not at greater risk is sometimes not even a technology question at all. It's that all of this stuff is done municipally, or at a county level, or at a state level, or in some weird structure that actually makes the system very resilient, almost by an accident of its design. Banks are really not that way. There's been tremendous consolidation in the financial sector, so it actually makes a ton of sense to work on making sure that they can be as protected as possible." Even with that being said, he suggests that organizations not overblow the Mythos threat. "I think there was a lot of excitement about the ability that Mythos had to do bug chaining, and to find some [weaknesses] that had not been really looked at for a while. But we're not seeing EternalBlue or world-melting vulnerabilities fall out of it. And we are seeing lots and lots of similar vulnerabilities found by other models." Even if Mythos does unearth some huge number of CVEs, "I remember the days not that long ago where you'd see exploits in targeted attacks all the time," he says. "The data right now is that in targeted attacks, we're seeing two total CVEs being exploited, and they're not ones that Mythos found. The vast, vast, vast majority of successful cyberattacks do not involve an exploit because the attacker doesn't need the exploit, not because the exploit doesn't exist." Lastly, with regard to Japan's financial sector, Kalember adds, "Japanese banks historically do not run a ton of open source (OSS). They have also, historically, not had their source code out there. I know a lot of people at banks that have access to [advanced tools], and they're scanning their own applications and obviously trying to patch as quickly as possible ." Read more about: DR Global Asia Pacific About the Author Nate Nelson Contributing Writer Nate Nelson is a journalist and scriptwriter. He writes for "Darknet Diaries" — the most popular podcast in cybersecurity — and co-created the former Top 20 tech podcast "Malicious Life." Before joining Dark Reading, he was a reporter at Threatpost. See more from Nate Nelson Want more Dark Reading stories in your Google search results? Add Us Now More Insights Industry Reports How Enterprises Are Developing Secure Applications How Enterprises Are Harnessing Emerging Technologies in Cybersecurity Ditch the Data Center: Understanding Flexible Cloud Infrastructure Security Management 2025 State of Malware Sysdig 2025 Cloud-Native Security and Usage Report Access More Research Webinars How Well Can You See What's in Your Cloud? Implementing CTEM: Beyond Vulnerability Management Defending Against AI-Powered Attacks: The Evolution of Adversarial Machine Learning Zero Trust Architecture for Cloud environments: Implementation Roadmap Tips for Managing Cloud Security in a Hybrid Environment? More Webinars Editor's Choice Сloud Security Navigating the Unique Security Risks of Asia's Digital Supply Chain Navigating the Unique Security Risks of Asia's Digital Supply Chain by Alexander Culafi Apr 15, 2026 3 Min Read Want more Dark Reading stories in your Google search results? Keep up with the latest cybersecu