Barclays Chief Warns Anthropic AI Could Threaten Global Banking Security

Barclays chief executive C. S. Venkatakrishnan warned that Anthropic’s frontier model Mythos could give attackers a sharper tool for finding weak points in global banking systems, writing code that identifies vulnerabilities and turns them into working exploits. Speaking to the G30 consultancy group on the sidelines of the IMF and World Bank spring meetings in Washington, D.C., he argued that the danger was not limited to one model. In his view, banks should expect a continuing succession of more capable systems that raise the stakes for cyber defense, especially at older institutions running legacy technology that was never designed for AI-driven attacks.

The warning landed in a week when financial officials were already moving from theory to preparation. On April 7, U.S. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell held an urgent closed-door meeting with some of the nation’s largest bank CEOs to discuss the cybersecurity risks tied to Mythos. JPMorgan Chase CEO Jamie Dimon had been invited but could not attend. The Treasury Department has since been pressing financial institutions to prepare for new security threats, while the White House has been leading an interagency effort on AI security and the Biden administration flagged artificial intelligence as a potential risk to financial stability in 2023.

What makes Mythos different from earlier alarms is the evidence Anthropic itself has cited. The company said the model was not being widely released because it had demonstrated an ability to identify critical, previously unknown zero-day vulnerabilities in software. That led Anthropic to launch Project Glasswing, a restricted program that lets selected companies use Mythos for defensive cybersecurity work. Apple, Google, Microsoft, Nvidia and Amazon Web Services were among the initial participants, along with more than 40 other companies including CrowdStrike and Palo Alto Networks.

That split between defensive promise and offensive risk is now at the center of the banking debate. Regulators and supervisors are reviewing the model to assess practical cybersecurity exposure, while bankers are being forced to ask whether the immediate threat is a wave of AI-powered fraud and intrusion, or the broader instability that could come if such tools spread faster than defenses. Venkatakrishnan’s point was that the risk is no longer hypothetical. The banking system, he suggested, is facing a moving target, and the next model may be more capable than Mythos.