Mythos, the AI That Has Goldman Sachs on High Alert
When the chief executive of Goldman Sachs says he is "hyper-aware" of the capabilities of a specific AI model, the financial world listens. When that same model has prompted the US Treasury Secretary to summon the heads of the largest American banks to Washington for an emergency briefing, the rest of the world should pay attention too.
That model is Mythos, the latest release from Anthropic — the company behind the Claude family of AI tools — and it is rapidly becoming one of the most closely watched and most debated developments in the current AI landscape.
What Makes Mythos Different
Mythos is not attracting attention because of its productivity features or its conversational abilities. It is attracting attention because of what it can do to IT systems it was never meant to touch.
According to Anthropic itself, which published a stark warning in a blogpost last Wednesday, AI models have now reached a level of coding capability where they can surpass all but the most skilled human professionals at finding and exploiting software vulnerabilities. The company was explicit about the potential consequences: "The fallout — for economies, public safety, and national security — could be severe."
The UK government's AI Security Institute (AISI) tested Mythos and confirmed these concerns with specific data. The model was the first AI system to successfully complete a 32-step simulation of a cyber-attack designed by AISI — solving the challenge in three out of ten attempts. More significantly, AISI found that Mythos can carry out attacks requiring multiple sequential actions, and can discover weaknesses in IT systems entirely without human intervention. Tasks that would normally take professional security analysts days to complete can now be performed autonomously by the model.
AISI did note an important caveat: its tests lacked some of the defensive tools found in well-protected systems, so whether Mythos could successfully attack a fully hardened enterprise environment remains an open question. What is clear, however, is that it can autonomously compromise small, weakly defended IT systems — and that future models will only improve on these capabilities.
Goldman Sachs and the Banking Sector Response
Goldman Sachs CEO David Solomon acknowledged on an earnings call this Monday that his firm already has access to the Mythos model and is actively working with Anthropic and its security vendors to understand and contain the risks it introduces.
"We are very focused on supplementing our cyber and infrastructure resilience," Solomon said, describing the investment in this area as both ongoing and accelerating.
The context behind these statements is significant. Last week, US Treasury Secretary Scott Bessent convened an extraordinary meeting with the leaders of systemically important banks — institutions whose disruption or potential collapse regulators believe would put financial stability at risk — specifically to discuss the threat posed by Mythos. The fact that a single AI model warranted a gathering of this kind at the Treasury level is itself a signal of how seriously it is being taken.
In the UK, the response is equally structured. The Cross Market Operational Resilience Group — a body that brings together bank chief executives with officials from the Treasury, the Bank of England, the Financial Conduct Authority, and the National Cyber Security Centre — is expected to meet within the next two weeks to address the Mythos question directly with British bank bosses and government officials.
The Deeper Implication: AI as Both Tool and Threat
The Mythos episode crystallises a tension that has been building in AI development circles for some time: the same models that organisations deploy to increase productivity and efficiency are also, by their nature, potentially powerful instruments of attack.
This dual-use reality is not new in technology — encryption, drones, and countless other innovations share the same property. What is new is the pace at which AI capabilities are advancing, and the degree to which those capabilities are now directly relevant to critical financial and national infrastructure.
AISI's closing warning is worth quoting in its plainest form: investment now in cyber defence is vital, because future advanced AI models will only improve on what Mythos can already do.
For the technology and financial industries, the implication is clear: the window for building robust defences is open now, but it will not stay open indefinitely.