Canada's OSFI Warns Banks Over Claude Mythos AI Cyber Risks
The Office of the Superintendent of Financial Institutions warned Canada's largest banks that Anthropic's Claude Mythos AI could autonomously execute network takeovers and weaponize software flaws.
The Office of the Superintendent of Financial Institutions (OSFI) and the Bank of Canada warned the country's largest financial institutions in April 2026 regarding the cybersecurity threats posed by Anthropic's Claude Mythos AI model. In emails sent to executives, OSFI stated that advanced models like Mythos significantly compress the timeframe for effective risk mitigation because they can autonomously execute network takeovers and instantly weaponize software flaws.
This regulatory action followed urgent meetings in the United States between U.S. Treasury Secretary Scott Bessent, Federal Reserve Chair Jerome Powell, and bank CEOs. While the Canadian government has limited defensive access to the model through Anthropic's Project Glasswing, regulators expressed concern that legacy banking systems may not be updating defensive perimeters quickly enough to counter the speed at which vulnerabilities are identified and exploited.
In response, the Canadian Bankers Association noted that banks are complying with OSFI requirements. Specific institutions, including the Royal Bank of Canada, are developing internal AI defenses to address the shifting landscape. OSFI subsequently published a public bulletin on generative and agentic artificial intelligence, maintaining that its focus remains on how federally regulated financial institutions govern and manage the risks associated with such technology.