UK banks pivot to OpenAI after Anthropic snubs them from Mythos access
A geopolitical rift in AI security access is forcing major financial institutions to choose between competing models to defend critical infrastructure.
Anthropic has excluded most UK financial institutions from its Project Glasswing expansion, prompting banks like HSBC and Lloyds to turn to OpenAI's GPT-5.5 Cyber. This divide highlights a growing fragmentation in how global critical infrastructure protects itself against AI-driven cyber threats.
The UK banking sector is staging a strategic pivot toward OpenAI after being left out of Anthropic's latest elite cybersecurity circle. While Anthropic expanded its Project Glasswing initiative to 200 organizations, it notably excluded almost all UK financial players, leaving JPMorganChase as the sole named bank with access to its Mythos Preview model. In response to this exclusion, a coalition of nine UK banks, including HSBC, Lloyds Banking Group, and Nationwide, are set to receive access to OpenAI's GPT-5.5 Cyber. NatWest and Santander have already begun testing OpenAI's model through separate agreements, effectively creating a bifurcated landscape where the world's most critical financial institutions are forced to rely on different AI providers to defend against the same emerging threats.
The exclusion has already sparked high-level friction, most notably from Bank of England Governor Andrew Bailey. Bailey has been vocal about his frustration, telling Bloomberg TV that despite his efforts to ensure the UK's financial system is protected, Anthropic has not handed over the keys to the Mythos Preview model. This tension suggests that the rollout of advanced AI security tools is not merely a matter of technical readiness, but is increasingly being shaped by geopolitical considerations and administrative gatekeeping. Liam Salsi, director of architecture at Talion, suggests the decision to snub UK banks may be political, noting that the US government likely wants to control access to prevent these powerful models from falling into the wrong hands. However, this control comes with a significant strategic cost: by limiting access, the US may inadvertently leave international banks more exposed to cyber threats, creating larger windows of opportunity for attackers.
Project Glasswing functions as a high-stakes, private members' club for the digital age. Anthropic's goal is to provide early access to Mythos, a model described as an expert bug hunter and zero-day specialist capable of finding vulnerabilities far more efficiently than human analysts. The stakes are massive; Anthropic estimates that a successful attack on any of its Glasswing partners could affect more than 100 million people, with ramifications for both national and global security. The expansion includes 150 new organizations from 15 different countries, including South Korean giants like Samsung, SK Hynix, and SK Telecom. Yet, the uneven distribution of access-where the EU's cybersecurity agency, ENISA, is included while the US equivalent, CISA, is still waiting-underscores a chaotic and inconsistent global security posture.
Despite the hype, the actual efficacy of the Mythos model remains a subject of intense debate among security professionals. While Anthropic touts its ability to find critical vulnerabilities, such as a 27-year-old OpenBSD bug, other experts are more skeptical. Cloudflare CISO Grant Bourzikas noted that the model represents a step forward in chaining low-severity bugs into exploits, but others, like cURL's Daniel Stenberg, have dismissed the hype as a marketing stunt. Security expert Kevin Beaumont went further, suggesting the model is primarily effective at finding bugs in vibe-coded applications but lacks the depth to outperform older models in more complex environments. This skepticism creates a secondary risk for executives: the potential for over-reliance on a tool that may be more effective at marketing than actual defense.
For the global banking sector, this fragmentation introduces a new systemic risk: the single point of failure. As Salsi points out, if the industry eventually converges on a single dominant AI product for defense, a vulnerability in that specific model could compromise the entire global financial system. Furthermore, the race to deploy these models is accelerating. Anthropic admits that other AI companies are expected to produce Mythos-level capabilities within the next 6 to 12 months. As OpenAI and Anthropic compete for dominance, the window for critical infrastructure providers to establish robust, multi-vendor defense strategies is closing rapidly. Decision-makers must now navigate a world where the tools meant to protect them are themselves subject to the whims of international politics and rapid-fire technological obsolescence.
This story's Key Insights and Take-aways are locked.
Create a free account to unlock Executive Actions for one credit.
Register to UnlockAlways free for Executives Club members. Join the Club
More in Technology
Fermentation turns food waste into profit, not landfill
A centuries-old process is turning processing byproducts into valuable ingredients, hinting at a cleaner, more circular supply chain for food makers.
AI hardware is bigger than Nvidia and the hyperscalers
Investors looking for the generative-AI buildout can widen the lens beyond the obvious winners and hunt for the less crowded infrastructure plays.
Google quietly trims Cloud as AI spending keeps eating the org chart
Layoffs have hit Google Cloud and Mandiant, including the Threat Intelligence Group, as the company says it is reallocating toward growth areas like AI.