Bank of England Governor Andrew Bailey said central banks and financial regulators need to move urgently to understand the consequences of a newly released artificial intelligence model that could introduce "major cybersecurity" risks to financial systems.
Speaking at an event at Columbia University in New York, Bailey said the development represented a fresh, potentially significant challenge to cyber defenses. "It would be reasonable to think that the events in the Gulf are the most recent challenge to us in this world, until, I think it was last Friday, you wake up to find that Anthropic may have found a way to crack the whole cyber risk world open," he said.
Bailey was referring to Anthropic’s Mythos product, which has prompted caution from cyber specialists who have warned it could materially enhance the sophistication and reach of cyberattacks. That concern has particular resonance for the banking sector, which depends on legacy and modern technology systems that could be targeted if new tools make vulnerability identification easier.
The governor said regulators must "work out what this actually means." He underlined the central question: "The issue is: to what extent is this new version of the product going to be able to, in a sense, identify vulnerabilities in other systems which can be exploited for cyberattack purposes."
"It’s the one that never goes away. You have to keep mitigating it, but the threat actors will move on, so we have to deal with it," Bailey said, stressing that cyber risk has climbed rapidly up regulators' lists of concerns in recent years.
Bailey devoted the bulk of his remarks to the topic of central banks’ operational independence in matters of financial stability, saying current arrangements were "not robust enough." He argued that monetary policy and financial stability should not be treated as separate or inherently conflicting domains but rather as parts of a unified objective aimed at protecting the value of money.
He noted that monetary policy typically operates with explicit numerical inflation targets, while financial stability is less precisely defined, a distinction that can weaken the independence of stability-related decision-making. "This is important because independence in respect of financial stability is otherwise not as robust, and I would argue not robust enough," Bailey said.
The governor highlighted the tension between private sector incentives and government desires to stimulate growth. He warned that as memories of past crises fade, political pressure to loosen regulation in order to increase lending can grow. He named recent examples of political pressure on central banks on both sides of the Atlantic, noting that in the United States, President Donald Trump has urged lower interest rates and repeatedly criticized Federal Reserve Chair Jerome Powell, while in Britain, finance minister Rachel Reeves has urged regulators, including the Bank of England, to place more weight on economic growth in their decisions.
Bailey returned to the broader framing of policy when discussing the relationship between monetary and financial stability aims. "Much as monetary policy aims to protect the real value of money, financial stability policy protects trust in money and that the two should be seen as complementary," he said, arguing in favor of a combined narrative. "I see merit in creating a single overarching narrative with a strong focus on the value of money. It would remove descriptions of financial stability such as ’tangential’ or ’in conflict’."
His remarks linked the immediate concern over the Anthropic model and cyber risk to a longer-term institutional question about how central banks set and defend policy boundaries. By combining an urgent call for a rapid assessment of new AI-driven vulnerabilities with a push for stronger operational independence on stability issues, Bailey signaled that both technological and governance risks are high on regulators' agendas.
Summary
Bank of England Governor Andrew Bailey warned that Anthropic’s new Mythos AI model could significantly increase cyber risks and urged regulators and central banks to quickly assess its implications. He also argued that central banks’ operational independence on financial stability needs strengthening and should be reframed alongside monetary policy under a single goal of protecting the value of money. Bailey pointed to rising political pressure on central banks in the US and UK as a complicating factor.
Key points
- Bailey warned that Anthropic’s Mythos could "crack the whole cyber risk world open," prompting an urgent regulatory response - sectors affected include banking and broader financial services as well as technology providers.
- Cyber risk has moved rapidly up regulators' priority lists, requiring ongoing mitigation as threat actors adapt - relevant to cybersecurity vendors, banks, and IT infrastructure firms.
- Bailey advocates treating monetary policy and financial stability as complementary under a unified narrative focused on the value of money - this has implications for central bank governance and regulation.
Risks and uncertainties
- Uncertainty over the exact capabilities of the new AI model and how it might be used to identify system vulnerabilities - risk to banking and financial infrastructure.
- Political pressure on central banks to prioritise growth could weaken financial stability oversight - risk to regulatory robustness and the broader financial sector.
- Persistent and evolving cyber threats mean constant mitigation is required; threat actors will shift tactics, keeping technological and operational risk elevated for financial institutions and technology firms.