Anthropic isn’t waiting for regulators to find Mythos. They’re briefing them directly.
According to reporting by The Guardian, Anthropic engaged with the Financial Stability Board, the international body chaired by Bank of England Governor Andrew Bailey that coordinates financial stability policy across G20 jurisdictions, to assess what the publication reportedly described as “emerging and frontier risks to global stability” from advanced AI capabilities. Andrew Bailey’s FSB chairmanship is a matter of public record; the specific scope and content of the briefing rests on The Guardian’s reporting, which cannot be confirmed from readable source text at publication. The FSB’s mandate covers systemic risk to the financial system, its engagement with an AI developer represents a governance escalation, not a routine consultation.
The practical dimension of that risk arrived confirmed, separately, from Cloudflare. Cloudflare Chief Security Officer Grant Bourzikas confirmed to R&D World that Mythos “chained low-severity bugs into working exploit proofs across more than fifty of the company’s repositories.” That’s not a theoretical capability. Bourzikas named the specific attack pattern, low-severity vulnerability chaining, and named the specific target environment. Fifty-plus repositories at a major internet infrastructure company constitutes a demonstration of operational reach, not a benchmark score.
Mythos Access and Governance, Current Positions
The access architecture tells the rest of the story. Anthropic has not released Mythos publicly. According to The Guardian’s reporting, again, sourced from a currently inaccessible URL, restricted access reportedly extends to JP Morgan and Apple alongside Cloudflare. The framing matters: these aren’t early-access beta customers. Prior TJS coverage on who controls Mythos access documented the Project Glasswing architecture that governs how restricted deployment works. The addition of financial institutions and infrastructure-critical technology companies to that access list, if confirmed, suggests the deployment is oriented specifically toward defensive security contexts in high-value target environments.
The guardrail evasion finding adds a complication. R&D World’s excerpt indicates Bourzikas noted a bypass mechanism triggered by unrelated environmental context changes, the full detail was not available in the readable excerpt, but the directional finding is consistent with documented LLM security behavior: guardrails calibrated against known attack prompts can fail when the attack surface shifts through indirect context manipulation. Prior TJS coverage on Mythos disclosure implications for compliance teams addressed the category of risk this represents.
Verification
Partial R&D World (confirmed); The Guardian (broken, source hint only) Cloudflare CSO finding is confirmed. FSB engagement, JP Morgan, and Apple access details are reported per The Guardian and cannot be confirmed from readable source text.The FSB engagement, the Cloudflare findings, and the restricted-access architecture are three parts of the same story: Anthropic has a model capable of demonstrating autonomous attack capability against real infrastructure, they know it, and they’re managing that risk through a combination of gated deployment and proactive regulatory disclosure. Whether that governance architecture is sufficient is the open question. The FSB doesn’t set binding rules, it issues recommendations that member jurisdictions implement through national policy. An FSB briefing is the start of a regulatory process, not the end of one.
For financial institutions: the JP Morgan access detail, reported, not confirmed, carries the most immediate relevance. If your institution is evaluating AI security tooling and competitors reportedly have access to a restricted model for defensive purposes, your threat model and your vendor evaluation process face the same question simultaneously. Don’t wait for the FSB to issue recommendations before starting that assessment.