Japan's FSA scrambles over Anthropic's Mythos. Practitioners say the panic is overblown.

On 24 April, Japan’s finance minister Satsuki Katayama, the governor of the Bank of Japan, the presidents of all three Japanese megabanks, and a senior executive of the Tokyo Stock Exchange met at the headquarters of Japan’s Financial Services Agency. They agreed to stand up a working group on what Katayama publicly called “a crisis that is already upon us.” The crisis is Anthropic’s new frontier model, Mythos.

Four days earlier, on 20 April, Anthropic had briefed Japan’s ruling Liberal Democratic Party on what Mythos can do in offensive testing. The summary, per Dark Reading’s reporting: in Anthropic’s internal evaluations Mythos identified previously unknown vulnerabilities in every browser and operating system it was tested against, surfaced a 27-year-old undetected bug, and in one case chained four vulnerabilities into a working exploit chain. Anthropic has restricted Mythos access to a small circle of “high-value organisations for cybersecurity purposes,” distributed unevenly across the world. One unnamed Japanese bank executive, quoted in the same piece, said the situation was bad enough that “we might have no choice but to shut down our systems and conduct all transactions in cash.” For the world’s fourth-largest economy, that is not a routine quote.

The cybersecurity industry’s reaction has not matched the FSA’s tone. Alex Orleans, head of threat intelligence at Sublime Security, called the global response “the Frankenstein reflex” and argued that most organisations don’t have a threat model where Mythos changes anything. Ryan Kalember, CSO at Proofpoint, was more pointed. “I think this gets solved on its own, because the other models will catch up,” he said. On Mythos’s actual output, his line was “we’re not seeing EternalBlue or world-melting vulnerabilities fall out of it.” His benchmark figure is the one to anchor on: in observed targeted attacks today, two CVEs are being exploited, and neither of them was found by Mythos.

Kalember also offered the most useful structural observation in the piece. Japan’s financial sector is concentrated in a way the United States’ isn’t. Three megabanks, one stock exchange, one central bank, one supervisor. When the institutions in the room panic, that’s the entire sector panicking, with no internal fragmentation to absorb the shock. The American electrical grid, by accident of municipal and state-level patchwork, has a resilience Japanese finance does not. Kalember also noted that Japanese banks historically run very little open-source software and don’t expose source code, which means the surface that Mythos-class scanning bites on is narrower than the bank presidents’ reaction would suggest.

The other story behind this one is access-creep. A regulator at Germany’s Bundesbank has publicly pressured the company, via Reuters, for European banks to be granted parity with US counterparts. Anthropic’s restricted-circle approach has, per the reporting, already been partially undermined: people linked to an Anthropic contractor used leaked information about the company’s model-naming conventions to guess the Mythos endpoint and reach it directly. A controlled-distribution policy that depends on a small contractor pool keeping a secret is a controlled-distribution policy with a defined half-life.

For UK financial-services defenders watching this from outside the working group, the operational point is the easy one to miss. The threat that matters is not Mythos as a discrete tool. It is the rate at which the gap between vulnerability disclosure and weaponised exploit chain is going to compress as this class of model moves from restricted-access to commodity. Anyone who has been quietly relying on the historical window between Patch Tuesday and active exploitation should plan for that window to keep shrinking. The defensive response is unromantic: faster patch cycles where you can, and tighter blast-radius reduction where you can’t. Neither is new advice. Both have just had their cost-benefit calculation rebalanced.

The FSA working group is the right move. The Frankenstein reflex isn’t.