In cyber security, speed is everything. The faster a vulnerability is found and fixed, the safer the data. For years this required human expertise. AI can now identify hidden vulnerabilities and write code to fix them in hours, compressing a process that previously took teams of experts days or weeks. But what happens when the same AI increases the risk?
The International Monetary Fund (IMF) has warned that while artificial intelligence could strengthen cyber defenses, it could also make cyber attacks faster, cheaper and more accessible to non-experts. The risks are particularly acute for the financial sector, which relies heavily on shared digital infrastructure such as software, cloud services, payment networks and interconnected databases.
Also Read: Has Anthropic’s Mythos Made The Cure Worse Than A Disease?
In a new report, the IMF singled out Antropic’s Claude Mythos Preview to show how quickly the risks are rising. Mythos is a large-scale language model developed with general reasoning, coding, and autonomous tasks.
This makes it great at identifying security vulnerabilities, but experts and the tech company itself are concerned about its potential risks.
In April, Anthropic announced that Mythos would not be made public because it could identify unknown flaws in IT systems that could potentially be exploited by hackers. But on April 22, it confirmed it was investigating reports that unauthorized users had gained access to Mythos.
Mythos can find zero-days or undiscovered vulnerabilities in real open-source codebases. It also demonstrated the ability to reverse engineer exploits in closed source software and turn N-day, or known but not yet widely patched, vulnerabilities into exploits. In short, Mythos can not only identify vulnerabilities that people may have missed, but also generate ways to exploit them, potentially even for non-experts.
“The vulnerabilities it finds are often subtle or difficult to detect. Many are ten or twenty years old, with the oldest we’ve found so far being a now-fixed 27-year-old bug in OpenBSD — an operating system known primarily for its security,” Anthropic said in a blog post.
Also Read: Should the Mythos AI Model Raise Cyber Security Alarms?
The company also revealed how quickly these capabilities emerged. Anthropic said its engineers were able to ask Mythos to find vulnerabilities and create a fully functional exploit in a single night. “In other cases, we’ve had researchers develop scaffolding that allows Mythos Preview to turn vulnerabilities into exploits without any human intervention,” the company wrote.
Fear of cyber attacks
More worryingly, the company revealed that these abilities were not trained into the system on purpose. The blog noted that Mythos was able to develop these abilities “very quickly” even though the AI was not specifically trained for them. “Rather, they emerged as a consequential consequence of general improvements in code, reasoning, and autonomy.”
The challenge is that AI is already deeply embedded in the financial system. Banks and financial institutions are using AI for several banking activities, customer service and risk management. AI-powered systems are increasingly being used to identify suspicious activity, detect vulnerabilities, and respond to cyber threats faster than traditional systems. Powerful systems like Mythos raise concerns that cyberattacks could become more scalable, automated and accessible. This threat is more real because many financial institutions still rely on interconnected legacy infrastructure that is difficult to quickly repair or upgrade, making the risks systemic.
The IMF urged governments and regulators not to treat AI “as a purely technical or operational issue” and instead build resilience through oversight, coordination and preparedness. Governments are beginning to respond. Regulators and financial authorities around the world are increasingly warning that artificial intelligence could amplify cyber risks in critical sectors.
After reports emerged in India that unauthorized users may have gained access to Mythos, Finance Minister Nirmala Sitharaman convened a meeting with Electronics and IT Minister Ashwini Vaishnaw, bankers and other stakeholders to assess the risks posed by AI and its implications for financial data security.
Banks have been advised to put mechanisms in place to share real-time threat intelligence with other banks, India’s Computer Emergency Response Team (CERT-In) and relevant agencies. Banks have also been asked to more proactively report suspicious activity and cyber incidents. The government has also set up a committee under CS Setty, chairman of State Bank of India, to assess the risks posed by Mythos and recommend safeguards.
Separately, the Reserve Bank of India has introduced a 2025 framework to promote responsible and ethical adoption of AI in the financial sector.
Still, Mythos reveals a deeper problem in the system. The IMF points out that risks are not limited to the financial sector. Sectors such as energy, telecommunications and utilities are also vulnerable. Reliance on a small number of software platforms, cloud providers and AI models could further increase the impact as many sectors rely on the same infrastructure.
Published – 10 May 2026 01:45 IST
