Japan’s three major financial institutions—Mitsubishi UFJ Financial Group, Mizuho Financial Group, and Sumitomo Mitsui Financial Group—are set to gain access to Claude Mythos within approximately two weeks. Claude Mythos is an AI model specialized in identifying zero-day vulnerabilities (previously unknown security flaws) across operating systems and web browsers. This inclusion marks the first time Japanese companies have been granted entry to the model’s restricted Project Glasswing rollout, which previously limited access to 12 primary partners such as Microsoft, Apple, and Google, alongside roughly 40 additional institutions on a case-by-case basis.

The decision was communicated to the banks during meetings in Tokyo this week with US Treasury Secretary Scott Bessent. Following this, Japan’s Finance Minister Satsuki Katayama announced a 36-entity public-private working group to manage risks associated with the model. This group includes the Bank of Japan, the Japanese units of Anthropic and OpenAI, and the major banks. The initiative aims to identify security exposures, draft contingency plans, and implement defensive patching measures across the Japanese financial system.

Claude Mythos has demonstrated significant offensive capabilities in internal testing, including writing working exploits that escape both browser renderer and operating-system sandboxes. Recently, Mozilla utilized the model to identify and patch 271 vulnerabilities in a single evaluation pass for Firefox 150. Under the terms of Project Glasswing, partners are prohibited from disclosing model outputs, with the AI primarily intended to help companies find weaknesses in their own infrastructure and draft remediation strategies rather than publishing exploits.

The rollout reflects a growing geopolitical dimension, as the involvement of US Treasury leadership in the deployment process has reportedly prompted complaints from European finance ministers who currently lack access to the model. While some researchers contend that the vulnerabilities identified by Mythos could potentially be reached by orchestrating other public AI models, Anthropic CEO Dario Amodei has characterized the current landscape as a "cyber moment of danger" requiring strict access controls to mitigate risks.

Japan’s three major financial institutions—Mitsubishi UFJ Financial Group, Mizuho Financial Group, and Sumitomo Mitsui Financial Group—are set to gain access to Claude Mythos within approximately two weeks. Claude Mythos is an AI model specialized in identifying zero-day vulnerabilities (previously unknown security flaws) across operating systems and web browsers. This inclusion marks the first time Japanese companies have been granted entry to the model’s restricted Project Glasswing rollout, which previously limited access to 12 primary partners such as Microsoft, Apple, and Google, alongside roughly 40 additional institutions on a case-by-case basis.

The decision was communicated to the banks during meetings in Tokyo this week with US Treasury Secretary Scott Bessent. Following this, Japan’s Finance Minister Satsuki Katayama announced a 36-entity public-private working group to manage risks associated with the model. This group includes the Bank of Japan, the Japanese units of Anthropic and OpenAI, and the major banks. The initiative aims to identify security exposures, draft contingency plans, and implement defensive patching measures across the Japanese financial system.

Claude Mythos has demonstrated significant offensive capabilities in internal testing, including writing working exploits that escape both browser renderer and operating-system sandboxes. Recently, Mozilla utilized the model to identify and patch 271 vulnerabilities in a single evaluation pass for Firefox 150. Under the terms of Project Glasswing, partners are prohibited from disclosing model outputs, with the AI primarily intended to help companies find weaknesses in their own infrastructure and draft remediation strategies rather than publishing exploits.

The rollout reflects a growing geopolitical dimension, as the involvement of US Treasury leadership in the deployment process has reportedly prompted complaints from European finance ministers who currently lack access to the model. While some researchers contend that the vulnerabilities identified by Mythos could potentially be reached by orchestrating other public AI models, Anthropic CEO Dario Amodei has characterized the current landscape as a "cyber moment of danger" requiring strict access controls to mitigate risks.