Australia’s markets regulator has publicly confirmed it is monitoring the development of Anthropic’s Mythos model alongside peer regulators worldwide, contributing to the expansive global regulatory reaction initiated by the Bank of England, the US Federal Reserve, and the Treasury Department. ECB President Lagarde has highlighted the absence of a governance framework in this context.
The Australian Securities and Investments Commission (ASIC) confirmed on Monday that it is observing the progression of Anthropic’s frontier AI model, Mythos, and its potential impact on the Australian financial market, as reported by Reuters.
“ASIC is closely monitoring these developments along with peer regulators to assess possible implications for the Australian market,” an ASIC spokesperson said. “ASIC engages closely with other regulators, government agencies, and the financial sector to understand and respond to changing technologies.”
The regulator also emphasized that financial services licensees should be proactive in protecting their customers and clients.
The ASIC statement is the latest in a series of global regulatory responses to Mythos, the advanced AI model launched by Anthropic on 7 April 2026 under a restricted access programme named Project Glasswing.
Anthropic claimed the model could detect and exploit zero-day vulnerabilities in every major operating system and web browser, a capability intended to boost defensive security work. However, regulators identify it as a potential systemic risk if threat actors gain access to the model’s capabilities.
The reaction from financial regulators has been swift and unusually coordinated for a technology-related event. Bank of England Governor Andrew Bailey warned at Columbia University in New York that Mythos could “crack the whole cyber risk world open” and urged regulators to urgently assess the extent to which the model can identify and exploit vulnerabilities in financial infrastructure.
The Bank of England’s Cross Market Operational Resilience Group (CMORG) and its AI Taskforce scheduled meetings to discuss Mythos. European Central Bank President Christine Lagarde acknowledged on Bloomberg TV that there is currently no governance framework to manage such issues, indicating that regulatory infrastructure has not kept pace with advancing technology.
In the United States, Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell held an urgent meeting with major bank CEOs to deliberate on the cyber risk implications of Mythos. The meeting, coinciding with a Financial Services Forum board meeting, was confirmed by CNBC, noting JPMorgan Chase CEO Jamie Dimon was the only major bank CEO unable to attend.
A Treasury spokesperson confirmed the meeting and stated that further sessions with regulators and institutions are to be led by Treasury on an ongoing basis.
On the commercial front, major US banks have initiated internal testing of Mythos for defensive purposes. Goldman Sachs CEO David Solomon informed analysts during a quarterly earnings call that the bank accessed the model and maintains “hypersensitivity” to the enhanced capabilities of new AI systems.
JPMorgan Chase was identified as an initial Project Glasswing partner, alongside approximately 40 companies such as Amazon, Apple, Google, Microsoft, and Nvidia.
Anthropic has allocated $100 million in credits to these partners and $4 million to open-source security organizations to advance defensive capacity before any public capability release.
The primary risk being assessed by regulators is structural rather than individual. Financial institutions operate technology stacks that integrate decades-old legacy systems with modern cloud infrastructure, leading to accumulated technical debt and undiscovered vulnerabilities.
The banking sector’s substantial dependence on a small number of consolidated cloud providers means a sufficiently capable AI model exploiting vulnerabilities in those providers’ systems could affect the entire financial system.
IBM Senior Vice President Rob Thomas publicly criticized Anthropic’s restricted-access approach, suggesting that “security improves more often through scrutiny than through concealment.”
Anthropic’s CEO Dario Amodei defended the restricted rollout, arguing that “the dangers of getting this wrong are obvious, but if we get it right, there is a real opportunity to create a fundamentally more secure internet and world.”
Anthropic’s relationship with the US government is further complicated by a separate dispute. The Department of Defense designated Anthropic a supply chain risk to national security, a classification the company has contested in court.
A federal appeals court denied Anthropic’s request to temporarily block the designation, which restricts it from DoD contracts. However, a separate preliminary injunction allows the company to continue engaging with other government agencies while legal challenges persist.