(29 April 2026 – Asia Pacific) The Australian Prudential Regulatory Authority (APRA) met with bank majors to raise concerns about the serious harm sophisticated AI tools such as Anthropic’s Claude could wield on cybersecurity defences.
The Hong Kong Monetary Authority (HKMA) is engaging with major banks and is highly vigilant to the evolving AI-driven cyber threats, bringing forward a new framework to address the challenge. South Korea’s Financial Supervisory Service (FSS) is reviewing risks with financial firms and the Monetary Authority of Singapore (MAS) has also warned AI may speed cyber exploits.
APRA is warning bank boards to urgently reinforce protection for critical systems, flagging concerns for “patching capabilities” and pushing lenders to ensure software bugs are fixed quickly.
Technology staff must move more quickly to respond to hacking threats as there are fears Anthropic’s sophisticated tools could be used to hack financial systems. The arrival of Mythos, a tool in Anthropic’s Claude platform, has in particular put financial institutions around the world on edge, James Eyers reports for the AFR.
Anthropic has allowed selected enterprises to access the service but stopped short of releasing it publicly because the model is adept at exposing weaknesses in cybersecurity defences.
Mythos found a vulnerability in the OpenBSD operating system which is widely used in critical infrastructure and would have allowed a hacker to crash any system running it. The vulnerability had been there for 27 years.
Currently major Australian banks do not have access to Mythos but are seeking an early version to find flaws and close them before similarly powerful models are in wider use.
“The most significant finding is Mythos’ ability to chain multiple lower-severity vulnerabilities automatically, at machine speed, into compounding attack paths. It’s only a matter of time before an entity with less restraint than Anthropic has access to this capability” stated CISO Lens founder James Turner.
“Banks face several AI governance challenges as they attempt to deploy the technology, largely to benefit from efficiencies and improve customer service. These challenges include fragmented IT systems, the difficulty in attracting and retaining skilled AI talent, ensuring model explainability and control, and addressing security and privacy concerns related to data usage. AI will be complicated, costly and risky for Australian banks. However, lenders likely view the upsides as too compelling to ignore” said S&P analysts.
“APRA has had a number of face-to-face meetings with a number of banks and other regulated entities to discuss Mythos-related topics. APRA expects boards to assess the risks posed by new technologies and take the necessary steps to mitigate identified risks” said an APRA spokesman.