The emergence of Anthropic PBC’s Mythos, an AI model designed to uncover and exploit software vulnerabilities, is a signal for the financial system to prepare for the risks posed by artificial intelligence, according to Canada’s top banking regulator. Peter Routledge, head of the Office of the Superintendent of Financial Institutions (OSFI), stated at a recent event that the industry must understand the rapid pace of AI developments.
Public-Private Collaboration Needed
Routledge emphasized that neither OSFI nor the banks can tackle these risks alone. He called for a shared effort between the public and private sectors to build defenses against AI-related threats. This marks a shift in OSFI’s stance, which previously focused on understanding AI rather than regulating it.
Mythos and Cybersecurity Risks
Anthropic introduced Mythos earlier this month, claiming it excels at identifying and exploiting software vulnerabilities. The company has withheld the tool from public release due to fears that it could significantly increase cyber risks if misused. Routledge noted that while the severity of Mythos is still being assessed, it underscores the need for proactive measures.
Industry Response and OSFI’s Approach
Canada’s financial sector, particularly the Big Six banks, has been experimenting with AI to boost productivity. For instance, Canadian Imperial Bank of Commerce reported saving 1.2 million hours of work in the first quarter, while Toronto-Dominion Bank reduced mortgage approval reviews from hours to minutes. However, Routledge stressed that the emergence of Mythos does not mean OSFI will abandon its “do-no-harm” principle. Instead, he wants financial institutions to be better aware of potential risks.
Routledge advised board members and senior managers to hold quarterly meetings to assess the severity of AI risks and develop defenses. He also highlighted the need for a public-private approach, though details on implementation remain conceptual.
Future Outlook
OSFI’s annual risk outlook, released earlier this month, did not focus on Mythos as it was drafted in January. Routledge hinted that the next semi-annual risk outlook in September may reflect updated priorities. He expressed optimism that the sector can strengthen safeguards in a “healthy amount of time.”
