ALEX BRUMMER: What the Governor of the Bank of England has simply informed me about what’s REALLY terrifying the world’s financial leaders – and it is not the Iran struggle
After bumping into Bank of England Governor Andrew Bailey in the heart of Washington last week, I expected the conversation to turn to the convulsions facing the world economy because of the current standoff in the Strait of Hormuz.
But instead of the usual exchanges about inflation, the eye-watering sums at risk in private credit lending or the ominous tech bubble on Wall Street, the Governor had something even more alarming on his mind.
Worse, his concerns about it are shared by all the other financial leaders who attended the Spring gathering of the G7 and International Monetary Fund (IMF) in the US capital last week.
Their anxiety centres around the very scary new artificial intelligence (AI) tool Claude Mythos, developed by the San Francisco-based tech firm Anthropic.
It has already caused widespread security concerns after Anthropic announced it was significantly better at hacking and breaking into cyber protection systems than any previous AI tool.
Now the financial world has woken up to the dangers it presents, with its potential to disrupt payment systems – such as monetary transfers, the operations of government bond markets, credit card systems and even ATM dispensers on high streets – across the world.
Suddenly, the possibility of our nation’s financial system coming under cyber-attack and grinding to a halt seems very real.
Bank of England Governor Andrew Bailey speaks at the gathering of the G7 and International Monetary Fund in Washington last week
Mr Bailey and other experts are anxious about the very scary new artificial intelligence tool Claude Mythos, developed by the San Francisco-based tech firm Anthropic
Claude Mythos is the kind of weapon a super-villain in a James Bond thriller could only dream about. Which is why, behind the closed doors of G7 and IMF meetings, it had central bankers and finance ministers quaking in their boots.
And why, a few blocks down the road in the White House, Donald Trump’s team were seeking urgent meetings with Anthropic bosses to discuss the mayhem it could cause.
This high level of concern appears to be in stark contrast to initial comments this week from the head of Britain’s National Cyber Security Centre, Richard Horne, who argued publicly that advanced AI tools can be a ‘net positive’.
Horne may have been deliberately seeking to calm frayed nerves in the City of London, boardrooms and Whitehall.
Britain knows only too well from the devastating cyber-attacks on Marks & Spencer, the Co-op and Jaguar Land Rover (JLR) in 2025 that there can be a huge impact on financial performance when computer systems’ defences are breached.
At luxury car group JLR, the attack proved catastrophic for the UK’s manufacturing output. Production at the firm plummeted 28.6 per cent in September 2025 – the biggest fall since Covid. Government statisticians calculated that it wiped 0.17 of a percentage point off our economic output in one month.
The Bank of England, in common with other government agencies, also finds itself under frequent attack. It constantly upgrades its cyber-defence capabilities and vital parts of its work, such as bank payment systems, have proved resilient.
Yet if Claude Mythos is as toxic as it is purported to be, in the wrong hands it could be truly devastating.
London is among the world’s largest financial centres, dominating currency trading. It handles foreign exchange derivative deals with a daily turnover of £3.2 trillion. The pandemonium this AI tool could unleash is too awful to contemplate.
This is because its ability to breach security systems and launch its own cyber-attacks far surpasses anything that had been imagined. AI researchers recently declared with some understatement that Claude Mythos was ‘strikingly capable at computer security tasks’.
Richard Horne, head of Britain’s National Cyber Security Centre, may be seeking to calm frayed nerves in the City of London, boardrooms and Whitehall
They found the tool could locate dormant bugs lurking in codes used to drive computers and high-tech devices, and that it could easily exploit these flaws to breach electronic defences.
Anthropic declared that ‘Mythos Preview [its research] has already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser’. In other words, if unleashed on an unguarded world, it could hack into any number of computer systems.
Indeed, so concerned is Anthropic about its creation that, rather than release it on to the market with a public launch, it has chosen to distribute the tool to a limited number of American tech giants, as well as to the West’s largest and most influential bank, JP Morgan.
The aim of this limited distribution to a consortium of some 40 corporations, including Silicon Valley behemoths Amazon, Apple, Google, Cisco, CrowdStrike, Microsoft and Nvidia, is to allow them to test for and try to defend themselves against cyber vulnerabilities at scale in the real world.
But this has created its own problems. By releasing Mythos to commercial players for testing, the genie may already be out of the bottle.
Unwittingly, Anthropic has increased the odds that its tool could fall into the hands of bad actors who could then find themselves able to penetrate the most robust cyber defences.
The company was reported yesterday to have launched a probe into whether a group of unauthorised users, beyond the ‘trusted’ consortium, had already managed to access the tool via third-party companies who work alongside the AI firm.
In addition, while testing by Silicon Valley trailblazers may seem like a sensible idea since no one has more knowledge of AI, there are real questions as to whether the ruthless multi-billionaire ‘tech bros’ are to be trusted. Their record over algorithms that put profits before tackling online addictions hardly inspires confidence.
It would be far better, surely, if the testing were to be done by national security bodies, cyber enforcers and financial police officers on both sides of the Atlantic.
What is more, Anthropic’s approach is creating a fresh divide between the US and Europe by giving access to American financial players while the rest are, as I write, out of the loop.
This might lead any cyber terrorists who get their hands on Claude Mythos to attack not US financial institutions but less-well-defended systems in the City, Amsterdam, Frankfurt and other European money hubs.
It is the speed with which Anthropic engineers have come up with Mythos that has truly rocked financial leaders to the core.
Economists, supervisors, policy setters and governments are still struggling to come to grips with the fact AI exists at all. Now they’re suddenly having to tackle a hugely powerful unknown system that could have a devastating effect on all financial transactions.
The technology has emerged so quickly that there has been no opportunity to build measures to mitigate the potential onslaught.
Management consultants Bain & Company, in a paper released on Tuesday, recommended that as an immediate response organisations should increase cyber security spending by at least two times current levels or even more. Planned increases of just 10 per cent each year are seen as inadequate.
Make no mistake, Mythos is a game-changing prospect. Not just for banks, businesses and government systems – but for all of us who use online financial services.
And Bank of England Governor Bailey knows it only too well.
