Japan's three largest banks are set to adopt Anthropic's Mythos artificial intelligence model by the end of May, a strategic move to defend against increasingly sophisticated cyber threats, according to a Nikkei report. The adoption signals a major push by global financial institutions to use advanced AI for offensive security, getting ahead of attackers by finding and fixing system weaknesses at an unprecedented pace.
"This is a wake-up call because cyber risk is moving to machine speed, while much of bank defense still operates at human speed," Nitin Seth, CEO of the AI services firm Incedo, told Reuters. "It also breaks a long-standing assumption in banking security — that vulnerabilities can remain hidden for extended periods before they are discovered and weaponized."
The Mythos model, which costs five times more than Anthropic's flagship Opus 4.7 model at $125 per million output tokens, is designed to uncover complex security flaws that human teams might miss. According to sources familiar with its use in the U.S., the AI excels at chaining together multiple lower-risk vulnerabilities to create a high-risk entry point. This capability is forcing banks to accelerate their patching cycles from weeks to days, putting immense pressure on IT departments managing legacy systems.
For the financial sector, this represents a critical shift from a reactive to a proactive security posture. As hostile actors begin to leverage AI to discover zero-day exploits, banks are now in a race to use similar tools to find and patch those holes first, fundamentally changing the economics and speed of cyber defense.
The move by Japanese megabanks follows the deployment of Mythos across Wall Street, where it is uncovering a massive number of previously unseen issues. A handful of the largest U.S. lenders, including publicly named partner JPMorgan Chase, as well as Goldman Sachs, Citigroup, and Bank of America, have been using the tool to probe their systems.
One person with knowledge of the findings told Reuters that Mythos is uncovering "several hundred to thousands" of low-to-moderate ranked vulnerabilities that require fixing. The sheer volume and the speed at which they are found are creating a significant new workload, potentially requiring more frequent system outages for maintenance. The cost and processing power required to run the model have so far limited its direct use to the largest institutions, which are sharing their findings with smaller banks to help prepare the entire sector.
The adoption of tools like Mythos reflects a broader change in the enterprise threat landscape. Security is no longer just about defending a perimeter from external attacks. Instead, threats are increasingly embedded in routine activity, exploiting trusted processes and legitimate access, as highlighted by a recent Google report on an AI-assisted hack it thwarted.
This new reality requires a move beyond simple anomaly detection. While detection tools can flag suspicious events, they don't provide the context needed to act. Intelligence and investigation platforms, augmented by AI, are becoming essential to connect fragmented signals into a coherent picture. By using AI to accelerate triage and surface connections, security teams can move from a purely reactive stance to one of continuous learning and adaptation, strengthening controls before harm can escalate. For global banks, this capability is no longer a luxury but a core component of organizational resilience.
This article is for informational purposes only and does not constitute investment advice.
