On Friday, something happened that does not happen often: three of Britain's most powerful financial institutions issued a joint statement about a single technology. The Bank of England, the Financial Conduct Authority, and HM Treasury published a coordinated warning telling every regulated firm in the UK to prepare for frontier AI models that can outperform skilled human cybersecurity practitioners.

They named Anthropic's Mythos by name.

This is not a think-tank report. This is not a panel discussion at Davos. This is the Bank of England, the institution that controls interest rates for the world's sixth-largest economy, telling banks to act now because AI models can already find vulnerabilities faster than their defenders can patch them.

What the Statement Actually Says

The joint statement tells firms to take four specific actions: identify how frontier AI could be used against their systems, accelerate vulnerability remediation (including through automation), test their defenses against AI-powered attack scenarios, and stay current with guidance from the Cyber Monitoring Operational Resilience Group (CMORG) and the National Cyber Security Centre.

The statement specifically references the CMORG's Frontier AI Risk Mitigation Webinar held on May 14, just one day before the warning dropped. That is not coincidence. That is a coordinated escalation. The webinar briefed the industry, and the joint statement told them: this is not optional.

Why Mythos Changes the Equation

The UK regulators did not pick Mythos randomly. Anthropic's model, currently in Preview through Project Glasswing, has already demonstrated capabilities that make the cybersecurity establishment deeply uncomfortable. Palo Alto Networks found 75 vulnerabilities in weeks using Mythos, a rate 7x faster than human researchers. Cybersecurity firm Calif used it to crack Apple's macOS kernel protections on M5 chips, delivering a 55-page report to Cupertino. Verizon just joined Glasswing as the 13th founding partner, bringing the total to over 40 organizations with access.

The Bank of England's head of prudential regulation said last week that it was "reasonable to expect quite significant disruption" to financial services from models like Mythos and ChatGPT 5.5 Instant. That was on May 11. Four days later, the joint statement dropped. The speed of escalation tells you how seriously they are taking this.

The Defensive vs. Offensive Gap

Here is the part that keeps regulators awake: frontier AI is dual-use by nature. The same model that finds vulnerabilities for defenders can find them for attackers. Anthropic built Glasswing as a defensive program and has committed $100 million in usage credits. But the UK statement acknowledges that similar capabilities in the wrong hands could be used for offensive cyberattacks at scale.

The math is brutal: defenders need to find and patch every vulnerability. Attackers only need to find one. When AI accelerates discovery on both sides, the advantage tilts toward attack. That is what the Bank of England is telling firms to prepare for.

What This Means

Three things are now true simultaneously. First, AI models can find security vulnerabilities faster than skilled human teams. Second, every major bank and insurer in the UK has been formally warned to prepare. Third, the regulatory pressure is going to cascade. When the Bank of England moves, the ECB follows. When the ECB follows, every financial regulator in the G20 starts asking questions.

This is not a future problem. The models are already better than the humans. The regulators just said so in writing.