Bank regulator sounds warning over cybersecurity threat posed by AI models

Banks need rapid access to Claude Mythos to prepare for a new AI threat, says APRA. Credit: Shutterstock Frontier AI models inspired by Anthropic’s Claude Mythos could arm attackers with advanced capabilities that the banking sector is ill equipped to cope with, Australia’s financial regulator, the Australian Prudential Regulation Authority (APRA), has warned. In a letter addressed to the country’s financial sector this week, the body lays out how the arrival of Claude Mythos has upended decades-long assumptions about the cybersecurity risk associated with regulated financial services. APRA raises multiple concerns. The biggest is simply that the industry has been caught in the headlights of an unknown risk factor brought about by a model, Claude Mythos, that they have still not been able to examine for themselves. As the technology spreads, threat actors will use similar models to uncover flaws more quickly and easily, potentially overwhelming the speed with which these can be addressed by today’s patching and remediation programs. Governance not keeping up Before drawing its conclusions, APRA had engaged with the industry, finding that governance was failing to keep up with the change in risk that AI is signaling. During that research, the letter said, “APRA observed a tendency to treat AI risk as ‘just another technology’. This misses key differences such as the distinct characteristics of predictive systems, adaptive behaviour in models, ethical considerations such as ...