Canadian Regulator Warns Banks of AI-Driven Cyber Threats and Phishing Attacks

Thumbnail Image

The information displayed in the AIM should not be reported as representing the official views of the OECD or of its member countries.

Canada's banking regulator, OSFI, warned major financial institutions about Anthropic's Claude Mythos AI model, citing its role in advanced phishing attacks and increased cyber threats. Attackers used Claude's Mythos persona to craft convincing emails, causing financial losses in the tens of millions of dollars to Canadian banks.[AI generated]

Why's our monitor labelling this an incident or hazard?

The article explicitly mentions the AI system (Anthropic's Claude Mythos) and its capabilities related to cybersecurity vulnerabilities, indicating AI system involvement. The regulator's warning and the industry's response indicate concern about plausible future harm from the AI system's use or misuse. Since no actual cyberattack or harm has been reported, and the focus is on risk awareness and mitigation, the event fits the definition of an AI Hazard rather than an AI Incident. It is not Complementary Information because the main focus is the warning about potential harm, not a response to a past incident. It is not Beneficial Use because the AI is not described as a countermeasure but as a potential threat. It is not Unrelated because the AI system and its risks are central to the event.[AI generated]
AI principles
Robustness & digital securitySafety

Industries
Financial and insurance servicesDigital security

Affected stakeholders
Business

Harm types
Economic/Property

Severity
AI hazard

AI system task:
Content generation


Articles about this incident or hazard