Why Global Banks Are Concerned About Anthropic’s New AI Model

In 2017, I authored a book forecasting that it wouldn’t just be charming outlaws like Sutton who would soon engage in bank heists, but also artificial intelligence (AI).

That day seems to be approaching. Financial institutions worldwide are profoundly concerned that cybercriminals will soon leverage the latest AI advancements to orchestrate robberies.

The digital back door into the vault

The finance sector’s worries are largely due to the formidable cyber capabilities of a product named “Mythos,” the newest and most advanced AI model from Anthropic, the creators of the widely known Claude chatbot.

As a member of the public, you currently cannot access or use this model. Anthropic and several others believe that Mythos is too powerful to release into the wild.

Internal assessments of Mythos have revealed thousands of serious security flaws across all major operating systems and web browsers.

Some of these flaws have remained unnoticed for decades. Many are classified as “zero-day” vulnerabilities — threats so critical that developers must rectify them immediately.

Not for public use

In response to this developing threat, Anthropic has supplied the model to a select group of partners in a defensive coalition that includes Microsoft, Amazon Web Services, Apple, Cisco, and the Linux Foundation.

The company has also earmarked US$100 million (approximately A$140 million) in usage credits and US$4 million (around A$5.6 million) in open-source grants to identify and resolve these vulnerabilities.

Additionally, over 40 other organizations, including several U.S. banks, have also received access. However, concerningly, it seems that Anthropic has yet to grant access to any banks in Australia, the United Kingdom, or Europe.

To heighten worries, Anthropic confirmed on Wednesday that it is probing allegations from a Bloomberg report indicating that a small group of unauthorized users gained access to Mythos. At this time, there’s no indication that this access was intended for malicious activities.

Should you be worried?

Last week, regulators and policymakers globally convened at the International Monetary Fund spring meeting in Washington. While the war in Iran was a significant topic, attendees also voiced a series of warnings about this looming cybersecurity threat to the banking sector.

Banks not only represent attractive targets, being the sources of money, but they also operate on many aging systems, which may be particularly susceptible to these types of attacks.

As an individual, you probably don’t need to panic. Many nations have robust protections for bank customers. In Australia, for instance, the first A$250,000 of a customer’s deposits are safeguarded by the government-backed Financial Claims Scheme.

The Australian Securities and Investments Commission also ensures that banks investigate and reimburse fraudulent transactions made without the customer’s fault.

Thus, withdrawing your cash and hiding it under your mattress is likely not a prudent course of action. However, banks are undoubtedly rushing to address these vulnerabilities.

I would advise you to regularly update your computer and smartphone to ensure you have the latest operating systems and banking applications. Expect many more updates soon as new vulnerabilities are discovered and corrected.

Additionally, remain vigilant against phishing attempts via email and SMS that seek to acquire your banking credentials.

The evolving threat landscape

In the long run, Mythos highlights the difficulty of defense compared to attack. Software is among the most intricate products humans create, making it nearly impossible to guarantee it is devoid of bugs.

This places us in a perpetual contest against the “bad guys” to identify and repair flaws before they can be exploited.

For example, amid much publicity, the European Union recently launched its age verification app, intended to support emerging laws regarding access to social media, adult content, and other age-restricted materials. Yet, within hours, security experts uncovered vulnerabilities that underage users could readily exploit.

In critical scenarios, we can strive to mathematically verify that our software is bug-free. For instance, the Beneficial AI Foundation recently announced an ambitious “moonshot” project to demonstrate that the popular messaging app Signal is indeed bug-free and protects privacy as claimed.

However, such initiatives remain the exception rather than the norm today. Perhaps future advancements in AI could assist in reversing this trend.

Toby Walsh, Professor of AI, Research Group Leader, UNSW Sydney

This article is republished from The Conversation under a Creative Commons license. Read the original article.