Australia regulator calls for urgent cybersecurity action to counter Mythos

By Scott Murdoch

SYDNEY, May 8 (Reuters) – Australia’s corporate regulator has urged the country’s financial sector to take urgent action on tackling potential cyber risks from frontier AI systems such as Mythos.

The Australian Securities and ‌Investments Commission on Friday published a letter sent to the financial services industry saying greater action needed to ‌be taken to ensure cybersecurity practices were as strong as possible.

ASIC Commissioner Simone Constant said the regulator had realised preparedness of Australian financial services organisations ​varied widely, but more work needed to be done to keep pace with frontier AI changes.

“It’s always been the case that we have said you need to look at your end-to-end risk profile, your aggregate risks and vulnerabilities,” Constant told Reuters.

“But instead of having a 12-month time horizon, there is now the potential for those risks to emerge incredibly quickly.

“The worry is someone in a ‌garage somewhere, not a state-based actor, can ⁠bring those things together quickly and weaponise them.”

Macquarie chief executive Shemara Wikramanayake said the bank was working on substantial technology programs to test its potential risks against frontier AI models.

“You don’t just ⁠press a button and find these vulnerabilities and Mythos has found a lot of vulnerabilities that have been there for years in so many things,” she said in an interview.

“The risk for the world is if others manage to replicate that before they roll out ​protection.”

FIGURING ​OUT VULNERABILITIES

Anthropic has launched Claude Mythos Preview under Project Glasswing, a ​tightly restricted access programme that includes major technology firms ‌such as Amazon, Microsoft, Nvidia and Apple.

Wikramanayake said while Anthropic was working with some of the world’s largest companies to test Mythos, major businesses not in Project Glasswing were having to navigate through their own systems.

“Others like us are having to figure out where we may have vulnerabilities that are not covered and patch those,” she said.

Potential risks posed by Mythos, which has high-level coding capabilities, have given it a potentially unprecedented ability to identify cybersecurity vulnerabilities, experts have warned.

Anthropic did not ‌immediately respond to a request for comment on ASIC’s letter.

The ASIC warning ​follows Australia’s banking regulator last month saying the domestic financial services industry’s ​information security practices were struggling to match the rate ​of change in AI.

“The clock is at a minute to midnight – if you aren’t on top ‌of your cyber resilience already, the time to ​act and prepare is right now,” ​Constant said.

The ability of central banks and financial regulators to monitor and combat the risks posed by AI models has been called into question after a survey found authorities significantly lag financial firms in AI adoption and ​lack data on emerging harms.

Financial institutions are ‌adopting AI at more than twice the rate of their regulatory supervisors, with just two in 10 watchdogs ​reporting “advanced AI adoption,” research published in April by the Cambridge Centre for Alternative Finance showed.

(Reporting by Scott ​Murdoch; Editing by Jacqueline Wong, Chris Reese and Kate Mayberry)