When we reported last week that Anthropic’s Mythos had reached British banks, the story was about a powerful AI model crossing the Atlantic into the financial sector. This week, the story got more complicated. The U.S. National Security Agency (NSA) is now confirmed to be running Mythos Preview, the same model now arriving in UK financial institutions, despite the Pentagon formally blacklisting Anthropic as a “supply chain risk,” per Axios.
For banks still deciding whether and how to engage with Mythos, that detail matters. The tool now running inside one of the world’s most sensitive intelligence agencies is the same one your cybersecurity team is being asked to evaluate.
Goldman Sachs Has It. The ECB Has No Framework for It. Banks Are Caught in Between.
The timeline of institutional responses has been fast and uneven. On April 13, Goldman Sachs CEO David Solomon confirmed during the bank’s Q1 earnings call that Goldman already has access to the model. “We’re aware of Mythos and its capabilities… We have the model. We’re working closely with Anthropic and all of our security vendors to harness frontier capabilities wherever it’s possible,” Solomon said. He also told analysts the bank is “hyper-aware of the enhanced capabilities of these new models.”
Goldman isn’t alone. Banks running internal trials with Mythos include Goldman Sachs, Citigroup, Bank of America, and Morgan Stanley, spanning multiple use cases: vulnerability detection across internal infrastructure, fraud-risk flagging in transaction flows, and automation of compliance workflows.
Meanwhile, regulators are still catching up. ECB President Christine Lagarde told Bloomberg TV there is no framework currently in place “to actually mind those things.” Bank of England Governor Andrew Bailey called Mythos “a very serious challenge for all of us,” and said regulators need to move quickly to assess the threat.
The Bank of England’s Cross Market Operational Resilience Group, whose members include the CEOs of the UK’s eight largest banks, four financial infrastructure providers, and two insurers, has Mythos on its agenda for meetings within the next fortnight.
The NSA Contradiction That Banks Can’t Afford to Ignore
The Pentagon moved in February to cut off Anthropic and force its vendors to follow suit. The military is now broadening its use of Anthropic’s tools while simultaneously arguing in court that using those tools threatens U.S. national security.
That legal and institutional contradiction produces a direct problem for banks. Regulatory clarity on AI adoption, which banks depend on before making significant infrastructure commitments, is not coming from Washington anytime soon. The same government asking Wall Street to stress-test its systems against Mythos-class threats is fighting in court over whether the company that built those tools can operate in the country at all.
Civilian agencies like the Departments of Energy and Treasury are responsible for safeguarding critical sectors such as the electric grid and the financial system.
The model they’re using to find vulnerabilities in that infrastructure is Mythos. The NSA is running it too, confirming the model’s reach now spans both the intelligence community and the financial sector simultaneously.
For Banks, the Transition Window Is Already Closing
Anthropic insists the transitional period is “fraught” but ultimately positive. That framing may be accurate in the long run. In the short run, banks are operating in a gap where the most capable AI security model available is also the most politically contested.
The UK’s AI Security Institute evaluated Mythos and described it as the first model to complete a full cyber-range attack end-to-end. Anthropic’s own documentation cites a case in which Mythos identified a method to breach a web browser, thereby exposing a victim’s bank data. Banks sitting on the sidelines while this plays out are not in a neutral position. They’re simply undefended.
The NSA has already made its decision. Goldman Sachs has already made its decision. For the rest of the banking sector, the question is no longer whether to engage but how fast.
Author: Ayanfe Fakunle
See Also:
Anthropic’s Mythos Reaches British Banks | Disruption Banking
Is Anthropic’s Mythos Able to Hack the Global Banking System? | Disruption Banking
