MUFG, Mizuho and SMFG will be the first Japanese entities added to Anthropic’s limited Project Glasswing app, a source familiar with the matter told Reuters.
Japan’s three megabanks are set to gain access to Claude Mythos, Anthropic’s vulnerability-hunting artificial intelligence model, within about two weeks, a source familiar with the matter said. Reuters on tuesday.
This is the first time a Japanese company has been granted access to a restricted preview that has until now been limited to Anthropic’s American and a few European partners.
Mitsubishi UFJ Financial Group, Mizuho Financial Group and Sumitomo Mitsui Financial Group were informed of the move this week during meetings with US Treasury Secretary Scott Bessent in Tokyo. The three lenders are expected to be launched by the end of May.
💜 of EU technology
The latest rumblings from the EU tech scene, a story from our wise founder Boris and some questionable AI art. Free in your inbox every week. Register now!
Mythos has been hailed as a category changer by regulators and CEOs since Anthropic announced its existence earlier this month.
It is in the model discovered thousands of previously unknown zero-day vulnerabilities on every major operating system and every major web browser, and in internal testing, he wrote exploits that worked, including chains that escaped both the renderer and operating system sandboxes in the browser.
Last week, Mozilla shipped Firefox 150 fixes for 271 vulnerabilities discovered in an evaluation pass by Mythos.
Anthropic has not released the model to the public. Instead, he held a controlled presentation under what he called Glasswing project12 named launch partners and about 40 other entities, including AWS, Apple, Cisco, Google, JPMorganChase, Microsoft, Nvidia and Palo Alto Networks, were granted access in each case.
Japan’s entry comes weeks after the Fed and US Treasury called American bank chiefs to the same cyber risk briefing. UK regulators have committed to briefing UK banks within days.
Tokyo moves in parallel. Finance Minister Satsuki Katayama announced the creation of a 36-institution public-private task force on Mythos-class risks, comprising the country’s major banks, the Bank of Japan and the Japanese units of Anthropic and OpenAI.
The group is led by Mizuho’s chief information security officer and is responsible for identifying exposures, implementing defenses and developing contingency plans, the equivalent of a coordinated patch push in Japan’s financial system.
The immediate question for the three banks involved is transactional. Under Glasswing’s terms, Mythos is delivered with restrictions on access disclosure, with a model used not to publish exploits but to find vulnerabilities in a partner’s own systems and develop a remediation project.
The Mozilla case provides a template: After the Mythos study, 271 vulnerabilities were fixed in a single release of Firefox, the model’s findings were returned to Mozilla engineers undisclosed rather than published.
The geopolitical stratum is unusually visible. Bessent’s role in conveying the entry decision in Tokyo aligns Mythos’ distribution with the U.S. Treasury’s government agency rather than Anthropic’s commercial channel, prompting complaints from European capitals.
Eurozone finance ministers raised the issue at last week’s Ecofin meeting no EU government had access to the model The White House reportedly blocked further expansion of the list of partners.
Industry views of Mythos remain divided. Some cyber security researchers have claimed that Vulnerabilities detected by Mythos can be achieved by intelligently orchestrating public modelsand the bigger story is the rate at which frontier AI is improving in offensive cyber, not in the Mythos itself.
Others, including Anthropic CEO Dario Amodei, described the moment as a “moment of cyber threat” that justified access controls.
Anthropic and three Japanese banks did not immediately respond to requests for comment, according to a Reuters source.
