Asia Regulators Raise Scrutiny on Banks Amid Mythos AI Fears

Regulators across Asia are stepping up scrutiny of cybersecurity risks in their financial systems, as concerns over Anthropic PBC’s latest AI model Mythos spread.

Singapore’s financial regulator is urging banks to plug holes, while South Korea’s government agencies have met to review and discuss how to respond to the risks. In Australia, authorities expect lenders to be vigilant to ensure clients aren’t put at risk by inadequate controls.

The actions around the region reflect rising global concern over Mythos as regulators discuss with financial firms how they are handling the cybersecurity risks raised by the model, which has so far been given only a limited release. Anthropic held back a wider release after finding the model was capable of discovering security holes that have gone undetected for years, fueling alarm about a potential new era of cybersecurity attacks.

In South Korea, the financial regulator last week convened an emergency meeting with relevant industry organizations to discuss issues related to Mythos, according to people familiar with the matter.

The talks focused on exchanging current knowledge on security levels related to Mythos and how to respond to such circumstances to ensure system stability, the people said, asking not to be identified discussing confidential matters. As there is still a lot of uncertainty, the discussion focused on understanding the current situation, they said.

A special committee on security and relevant authorities in South Korea also met last week to take stock of the rapid changes that are fundamentally transforming the cyber-security landscsape, with suggestions including setting up an AI-based real-time defense system.

“We have entered an era where AI, not humans, holds the initiative in hacking,” said Lee Won-tae, chairman of the special committee on security under the country’s AI strategy council. “It is clear that if we fail to adapt all our existing security policies to the pace of technological evolution, security will ultimately become an obstacle to the AI transformation and our leap toward becoming an AI powerhouse.”

Meanwhile, a spokesperson for the Australian Securities & Investments Commission said that while new technologies can have benefits, they have also led to cyber risks escalating in both scale and sophistication. The spokesperson added it expects financial services licensees to be “on the front foot every day” on having sufficient safeguards.

The securities watchdog said it engages closely with other regulators, government agencies and the financial sector to understand and respond to changing technologies, similar to the approach being taken by the country’s prudential regulator.

Elsewhere, the Monetary Authority of Singapore is coordinating with the country’s cyber security agency to strengthen defenses at critical infrastructure operators including banks, a spokesperson said in response to queries from Bloomberg about the risks posed by Mythos.

“Financial institutions need to redouble efforts to strengthen their security defenses, pro-actively identify and close vulnerabilities, and raise vigilance on cyber hygiene, including timely security patching,” the spokesperson said. Advances in artificial intelligence will “accelerate the discovery and exploitation of software vulnerabilities in IT systems,” the spokesperson added. The country’s Cyber Security Agency published an advisory on April 15 warning of similar risks, without naming Mythos directly.

US Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened an urgent meeting with Wall Street bank leaders this month to discuss the risks and precautions the firms are taking to defend their systems, Bloomberg reported. JPMorgan Chase & Co. Chief Executive Officer Jamie Dimon, whose firm is testing Mythos, said on a recent earnings call that AI has made cyber risks worse, though it also offers better ways to boost defences.

“This is the canary in the coal mine, giving the heads up on what’s coming,” said Donald MacDonald, an AI consultant who was the former head of group data office at Singapore’s Oversea-Chinese Banking Corp. “I think that’s what the regulators were doing, saying you guys got to get ready because this is the reality.”

Photograph: The Monetary Authority of Singapore building in Singapore, on Wednesday, Oct. 27, 2021. Photo credit: Wei Leng Tay/Bloomberg

Related:

• Bank of England Says it Is Testing AI Risks to Financial System
• ECB to Quiz Bankers About Risks of Anthropic’s New AI Model, Source Says
• Bessent, Powell Warned Bank CEOs About Anthropic Model Risks, Sources Say
• Wall Street Banks Try Out Anthropic’s Mythos
• Bank of England Set to Discuss Anthropic’s Mythos With Banks