IMF warning: Mythos-level new AI models pose "systemic risks" to the financial industry.

IMF warning: Mythos-level new AI models pose "systemic risks" to the financial industry.

On Thursday, May 7, the International Monetary Fund (IMF) issued a warning: The latest generation of AI models, represented by Anthropic's Claude Mythos, is raising cybersecurity risks to a level that could trigger "macro-financial shocks," and may cause "correlation failures" at the financial system level. This is the first time the IMF has published a dedicated article on the cybersecurity threats posed by the latest AI models.

In a blog post, the IMF directly named the recent controlled release of Mythos, stating that it "highlights how quickly risks are rising." The IMF also made it clear that the defenses of financial institutions will "inevitably" be breached, calling for all parties to prioritize "resilience"—that is, limiting the spread of incidents and ensuring rapid recovery.

The background of this warning is that Mythos is currently only open to 40 primarily US-based institutions, including Amazon, Microsoft, and large banks such as JPMorgan Chase. Many non-US banks and financial institutions have not received access, leading to concerns about uneven protection levels in the global financial system.

How dangerous is Mythos?

Last month, Anthropic revealed that Mythos had "discovered thousands of high-risk vulnerabilities, including vulnerabilities in every mainstream operating system and browser." Anthropic itself warned: "The impact on the economy, public safety, and national security could be severe."

What does this mean? Simply put, whereas hackers used to need considerable time and resources to find system vulnerabilities, AI models like Mythos can significantly compress this process.

IMF senior officials wrote in the article: "Advanced AI models can greatly reduce the time and cost needed to identify and exploit vulnerabilities, significantly increasing the likelihood of simultaneously discovering and attacking weaknesses in widely-used systems."

Even more critical is the word "simultaneously." Financial institutions generally use the same software and shared service providers, meaning AI models could "simultaneously create vulnerabilities in numerous institutions." If multiple institutions are attacked at the same time, the IMF warns that "confidence effects, payment interruptions, liquidity stress, and fire-sale dynamics could follow"—this is the classic transmission path for systemic risk.

Unequal access, non-US institutions exposed

Mythos is currently in a controlled release phase, and the 40 institutions with access can learn about vulnerabilities in advance and apply "patches." However, this list is dominated by US institutions, leaving many non-US banks and financial groups excluded.

According to the UK's Financial Times, companies with access have stated that addressing the threats exposed by Mythos requires "joint action from the public and private sectors."

The IMF pointed out: "Cyber risk does not respect national boundaries." It specifically noted that emerging markets and developing countries often face more severe resource constraints and may be "disproportionately exposed to attackers targeting weaker defenses."

For the global financial system, this implies a structural risk: the weakest links in defense could become the trigger points for systemic risk.

IMF’s specific recommendations

The IMF acknowledged that financial software is "harder to attack than open-source infrastructure," but immediately added that this advantage "may soon be eroded as model training expands, capabilities spread, and leaks occur."

In other words, current relative safety is only temporary.

The IMF's recommendations include:

  • Cyber stress testing and scenario analysis: Simulate AI-driven cyberattacks and their impact on the financial system
  • Board-level cyber risk oversight: Bring cybersecurity into the agenda of top decision-makers
  • Public-private collaboration on threat intelligence and incident response: Break down information silos
  • Strengthen international cooperation: Especially to help resource-constrained emerging markets improve their defenses

The IMF's core logic is: Rather than hoping to "block every attack," it is better to build the capacity for "rapid recovery after a breach" at the same time.

Risk Disclaimer and Liability ClauseThe market involves risk; invest with caution. This article does not constitute personal investment advice and does not take into account individual users' specific investment objectives, financial situations, or needs. Users should consider whether any opinions, views, or conclusions in this article are suitable for their individual circumstances. Investing based on this article is at your own risk.