OpenAI has extended an offer to nine major UK banks for access to its advanced cybersecurity artificial intelligence tool, GPT-5.5 Cyber. This move comes as a direct response to its competitor, Anthropic, blocking previews of its equivalent tool, Claude Mythos, from these same financial institutions.
Both GPT-5.5 Cyber and Claude Mythos are engineered to identify latent security vulnerabilities within digital systems. They possess the capability to outperform human analysts in certain hacking and cyber-security tasks, raising both excitement and significant concern within the financial sector.
Mythos Raises Security Alarms
Anthropic’s Mythos generated considerable attention upon its announcement in April, with the company claiming it had uncovered a security flaw in a legacy system that had remained undetected for nearly three decades. This revelation prompted a wave of apprehension among finance ministers, central bankers, and financiers globally, who voiced fears that such powerful AI models could potentially destabilize the entire financial system.
The AI Security Institute, an independent body that has evaluated both Anthropic’s Mythos and OpenAI’s GPT-5.5 Cyber, reported that both tools achieved “a similar level of performance” in the simulated tasks it set for them. However, access to Mythos has remained a point of contention.
Bank of England Governor’s Concerns
Last week, Andrew Bailey, the Governor of the Bank of England, highlighted that UK banks were still unable to gain access to Mythos. This prevented them from conducting crucial security tests on their own digital systems and applications, a capability deemed essential in the current threat landscape.
George Osborne, a former UK Chancellor and now a senior executive at OpenAI, commented on the situation, stating that Governor Bailey had not contacted him directly regarding access to Mythos. Osborne emphasized that OpenAI’s intention with GPT-5.5 Cyber is not to hoard the technology. “We don’t want to hide [5.5 Cyber] away or keep it to ourselves,” he told the BBC. However, he reiterated that, similar to Mythos, access would be carefully managed and not made universally available.
“The key things with these tools is that they need to be in the hands of the right people,” Osborne explained. “We want to make sure that the forces that are establishing order in our democracies have these tools, and the forces that want to disrupt us or commit crime, do not.”
Banks Gaining Access to OpenAI’s Tool
The UK banks that will now benefit from access to OpenAI’s GPT-5.5 Cyber include prominent institutions such as Lloyds Banking Group, HSBC, and Nationwide. NatWest and Santander are already utilizing the tool under pre-existing agreements.
The BBC has reached out to Anthropic for comment on its plans regarding access for UK financial institutions to Mythos. Anthropic initially granted access to a consortium of 42 companies, predominantly other US tech firms, for previews of its tool.
In contrast, OpenAI has adopted a more expansive approach with GPT-5.5 Cyber, making it available not only in the European Union but also to banks in Japan and Canada, among other regions.
Expert Views on AI in Cybersecurity
While both firms charge for the use of their AI tools, Anthropic reportedly allocated $100 million towards Mythos previews. Professor Alan Woodward, a cybersecurity expert from Surrey University, commented on the capabilities of these AI systems.
“I don’t necessarily expect these tools to surface things humans wouldn’t find eventually but they are relentless and incredibly thorough in sorting through the millions of lines of code which are in banking apps alone,” Professor Woodward stated. He further noted the challenges posed by legacy systems: “In the UK, some of the code which banking systems still run on is incredibly old, and AI will be very useful at finding problems there.”
Professor Woodward also highlighted the efficiency gains: “They can do many weeks’ worth of work in minutes – but they do also surface false positives, so you still need a human in the loop to check their findings.” This underscores the continued necessity of human oversight in the cybersecurity process, even with the advent of advanced AI.
The development and deployment of these powerful AI tools continue to be closely watched by regulators and industry leaders alike, as the financial sector grapples with the dual potential of enhanced security and novel threats.
