‘Mythos’ Could Change Cybersecurity For Credit Unions Faster Than Many Are Ready For / Fresh Today / CUToday.info | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

WASHINGTON— A new artificial intelligence cybersecurity threat that CUToday.info has been tracking is drawing sharper warnings from security leaders, with new reports from BankInfoSecurity suggesting Anthropic’s new Claude Mythos model—and the early-access Project Glasswing effort around it—could accelerate the speed and scale of cyberattacks in ways many financial institutions, including credit unions, are not built to handle.

In separate reports, BankInfoSecurity highlighted a common concern: cybersecurity teams are moving into a world where AI can help uncover vulnerabilities and potentially enable attacks at machine speed, while many organizations still patch and respond on human timelines.

ISMG CEO Sanjay Kalra argued Mythos should be seen as more than a new model launch, calling it the emergence of a “continuous, systemic and potentially destabilizing” capability rather than a one-off vulnerability. Meanwhile, Equifax CTO Jamil Farshchi said the old patch-first model is increasingly breaking down, warning that some companies still take weeks—or even months—to remediate flaws that attackers could begin exploiting within hours.

Farshchi said legacy approaches to IT and security operations simply do not hold up when threats move this quickly, arguing institutions need to move beyond static vulnerability scores and instead prioritize risk based on real controls, likely attack paths and business impact.

“That old model just doesn’t work anymore,” Farshchi said, warning organizations that still rely on it are already “on their heels” and likely to fall further behind as more advanced AI models arrive.

Kalra, in his BankInfoSecurity blog post, broadened the warning beyond technical controls. He argued Project Glasswing may resemble coordinated vulnerability disclosure on the surface—controlled access, trusted partners, time to prepare—but said that comparison only goes so far because this is not a discrete flaw that can be patched and retired.

Instead, he said, the industry is confronting a new class of capability that may continuously expand the long-standing asymmetry between attackers and defenders by lowering the skill barrier for offensive activity and increasing the speed at which threats can evolve. In his view, the question is no longer just what the model can do, but how the cybersecurity ecosystem—including banks, credit unions, vendors and even frontier AI labs—responds to what it enables.

The two reports reinforce a growing warning: AI in cybersecurity is no longer just about better fraud tools, faster analysis or improved automation for defenders. It is also becoming a structural risk issue for financial institutions.

That concern is now being echoed more broadly by global regulators. Reuters reported this week that Bank of England Governor Andrew Bailey said regulators need to move quickly to assess the risks posed by Anthropic’s Mythos, while the Bank of England separately said it is actively testing how AI could create broader financial system risks, including cyber-related shocks and market stress.

At the same time, reports out of the IMF/World Bank spring meetings said European Central Bank President Christine Lagarde and other international officials have been discussing the need for a stronger governance framework around frontier AI tools such as Mythos.