Anthropic’s Mythos turns hacking from craft to industrial process, shifting power towards attackers just as Japan’s megabanks move to adopt it and Australian regulators warn banks and tax agencies to brace for AI‑speed cyber threats.
New York's Reflexivity raises $30M Series B backed by Interactive Brokers, bringing AI co-pilot investment research to millions of traders globally.
Nvidia’s blockbuster quarter, Cerebras’ vertiginous IPO and Huawei’s state backed ascent reveal both the promise and fragility of the emerging inference economy, where capital, chips and geopolitics now move in lockstep across Washington, Wall Street and Beijing.
Anthropic’s Mythos turns hacking from craft to industrial process, shifting power towards attackers just as Japan’s megabanks move to adopt it and Australian regulators warn banks and tax agencies to brace for AI‑speed cyber threats.
Anthropic’s Mythos is the moment cybersecurity people have been dreading for a decade. It turns offensive hacking into something closer to an industrial process than an art form. That changes the balance of power between attackers, governments and markets in ways boards are only beginning to grasp.
Unlike past AI tools that could help with a phishing email or a neat proof‑of‑concept exploit, Mythos can run a full campaign. It can map a network, sift through code, chain vulnerabilities together and hand a junior operator a working, end‑to‑end intrusion plan. In internal tests, engineers without formal security training reportedly went home with a vague brief and came back to polished exploits waiting in their inbox. The step‑change is not in theory. It is in the time and skill Mythos strips out of the attack.
Japan’s megabanks are now lining up for that capability. That should focus minds in Martin Place and Canberra. In Tokyo, Mitsubishi UFJ, Mizuho and Sumitomo Mitsui are moving to secure access to the restricted model, with regulators treating Mythos as a live systemic risk issue rather than a lab curiosity. The banks are blunt about why they want in. They hope to find weaknesses in their own systems before an attacker does.
Australia is not in that club yet. Regulators including ASIC chair Joe Longo and APRA chair John Lonsdale have been warning boards to lift their game on cyber resilience as frontier AI models come online, but access to Mythos remains concentrated in a small circle of global technology and security players. The big four banks are in active conversations with supervisors and vendors that do have access, effectively circling the perimeter of the model without touching it. For now, local institutions are being asked to prepare for an AI‑enabled threat they are not yet allowed to wield for defence.
That imbalance runs straight through the tax system as well. Australian Taxation Office commissioner Rob Heferen and his senior team have been clear that artificial intelligence is already embedded in compliance and enforcement work, from anomaly detection to case selection.
At the same time, they have warned taxpayers not to outsource their returns to generic chatbots, stressing that hallucinations and out‑of‑date guidance are still common and that liability sits with the individual, not the algorithm.
Inside the ATO, there is a push to gain access to more advanced large language models for fraud and evasion work, but the procurement and risk machinery of a large agency means that process is slow.
Mythos is just the most visible sign of a broader shift.
Each week brings new multi‑billion‑parameter models from the big US and Chinese labs, with vendors already flagging a path to trillion‑parameter systems designed to reason across codebases, logs and financial data in something close to real time.
Today it is Mythos. Tomorrow it is the next release of GPT‑class models, or a new closed‑source system tuned specifically for offensive operations. These engines will not stay in neat “cybersecurity” lanes. They will be embedded in trading platforms, risk engines, tax analytics, fraud monitoring and customer channels. Some will be tuned for defence. Others will be quietly repurposed by attackers.
In that world, the idea of a small, defensive club around Mythos and similar systems is both rational and unsettling. On one hand, restricting access to critical infrastructure operators and specialist security firms such as CrowdStrike and Palo Alto Networks buys time and concentrates expertise. On the other, it effectively creates an AI‑armed vanguard in the private sector while many supervisors, mid‑tier institutions and government agencies wait at the gate. An attacker does not need to respect those boundaries. The moment an underground group trains, steals or cobbles together a Mythos‑class model from leaked weights and open components, the whole club concept looks naïve.
For banks and treasuries, the response cannot be to sit back and lobby for a seat at that table. The priority is to assume that sophisticated offensive AI is already in play and adjust governance, investment and testing accordingly. That means baking AI‑enabled attack scenarios into capital and liquidity planning. It means treating prolonged outages from AI‑accelerated intrusions as plausible stress events, not tail‑risk curiosities rolled out once a year. It means building model‑risk frameworks that cover both third‑party systems and in‑house deployments, from training data controls through to red‑teaming and incident response.
For revenue offices, the trade‑offs are just as stark. They need stronger AI to trace complex evasion, real‑time scams and synthetic identity fraud. They also need to harden every interface, batch process and partner connection against automated probing by the very same class of tools. That will require closer coordination between tax commissioners, cyber agencies and finance departments than we have seen to date, at home and across borders.
The uncomfortable reality is that Mythos marks the start of an era, not an exception. From here, capability will spread across a field of competing large language models, many trained with far less restraint and deployed with far less oversight. The real divide will not be between those who do or do not have Mythos. It will be between institutions that have rebuilt their security and governance posture for AI‑speed threats, and those still hoping yesterday’s controls will stretch just a little further
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
OpenAI’s Daybreak and Anthropic’s Mythos signal more than a cyber arms race. They point to the rise of competing AI intelligence blocs where hyperscalers, cloud giants and select partners gain privileged access to frontier AI systems, reshaping industries, power and global competition.
The Treasurer promised a reforming budget; cyber security got a tune‑up instead. Canberra is hardening Digital ID, myGov and core platforms, but stops short of backing cyber as a strategic industry, leaving local firms to fight it out with global giants.
Altman vs Musk in a Californian courtroom, Jensen Huang as kingmaker of compute, and China’s Moonshot AI flinging open a trillion‑parameter model: 2026’s AI race is now a messy, global power play that no government or boardroom can afford to ignore.
Stargate has become the clearest warning flare in the AI boom, as Norway, Australia and a handful of hyperscalers turn the race for compute into a high‑stakes battle over who will own, power and ultimately control the global inference economy.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
