capitec ceo Graham Lee It said on Wednesday that the bank has formally applied for early access to Anthropic's Mythos model and after clearing the first hurdle Amazon Web Servicesis now in direct discussions with Anthropic – adding South Africa’s largest retail bank by customer numbers to the growing list of institutions clamoring for access to one of the most capable – and most controversial – AI models ever created.
In an interview with TechCentral on Wednesday, Lee said that the window to fix newly discovered vulnerabilities is rapidly collapsing, and Mythos has only changed the size of the problem rather than exacerbating an existing trend.
“Development has been consistent and rapid for releases, but where Mythos really stands out is its ability to identify entanglements – multiple vulnerabilities that play into each other – and then automate the attack on that vulnerability,” Lee said. “The window of opportunity to defend yourself before an exploit occurs is shrinking. You used to have months, then weeks, to patch your servers for the latest vulnerabilities. That window is shrinking.”
Anthropic announced cloud mythos preview on April 7, after the model's existence was revealed in a content management system leak in late March. The company said it would not release the model publicly, restricting access to about 40 organizations through Project Glasswing Initiative, with a version now being launched US federal agencies. British Government An April 15 open letter said its AI Security Institute had tested Mythos and found it to be “significantly more capable of deterring cybercrime than any model we have previously evaluated”.
American banks are also included JP Morgan, Morgan Stanley, Goldman Sachs, Bank of America And city group Access is confirmed or reported. Several senior banking and regulatory sources in Europe said they were unaware of any European financial institutions having access to Mythos yet, According to a Reuters report Last week.
South African banks play catch-up
South Africa's big banks are trying to figure out what the new model means for their defensive stances, with most banks opting out of Anthropic's restrictive program.
Lee said Capitec's use of AI internally is focused on making its people more effective rather than reducing headcount, and the bank's strategy is “not to reduce headcount”. But he was not clear about the importance of the mythos. He praised Anthropic's decision to provide defenders with earlier access to the model than the broader market.
He said, “The same tools that can be used to attack are the same tools that can be used to defend. Overall, if you look at recent history, there is a symmetry in the time in which attackers and defenders have got tools.” “What Anthropic has done is create change that is asymmetric and gives defenders access earlier than potentially the rest of the world. I think that's a great thing.”
Reading: The Mythos of Anthropic is the cyber threat every CISO feared
Standard BankResponding to TechCentral's questions, he said it is also actively tracking the development of Mythos based on public information and is “working closely with our technology partners to deepen our understanding as more details become available”.
The bank said it is concerned about the emergence of AI tools that lower the barrier for attackers or accelerate the discovery and exploitation of vulnerabilities, and “relies on the broader ecosystem of top-tier cybersecurity partners, many of whom are directly testing Frontier AI-based tools”.
Asked what Anthropic should do to give larger banks the opportunity to keep their systems secure, Standard Bank said it supports Anthropic's approach of engaging with regulators, big technology companies and major banks, and that “models with strong cyber capabilities should only be rolled out widely when the risks are well understood and safeguards are in place”.
The bank said it employs more than 350 dedicated security professionals and partners with leading global cybersecurity firms, including those at the forefront of implementing AI in cyber defense.
South African Reserve BankWhen asked for comment on Mythos and the security concerns being raised, he only said that he was “monitoring developments related to Anthropic and will not comment further”.
asymmetric access
Anthropic's decision to provide early access to a small group of partners is, from a defensive perspective, a deliberate effort to give organizations an edge over attackers who can eventually obtain similar capabilities from a less restrictive open-source model. But for outside institutions, this asymmetry creates a competitive and security gap.
Some US banks without access have raised questions about whether there should be widespread access to Mythos and whether JPMorgan, which owns the model, has received an unfair advantage – a topic likely to be raised with the US Treasury. Reuters reported last week.
earlier this month, check point Chief Technology Officer jonathan zenger Warned that Mythos marks the moment when AI-powered vulnerability discovery has moved from theoretical threat to operational reality. He warned that the frontier model would allow attackers to identify and exploit vulnerabilities at the scale, speed and sophistication that advanced nation-state actors had until recently.
Zenger argued that the convergence of two changes – the democratization of advanced attack capabilities and the industrialization of attack pipelines through agentic AI – “produces a dangerous outcome: more attackers execute more sophisticated attacks, increasing both volume and velocity simultaneously. The time window for exploitation is collapsing toward zero.”
Standard Bank, when asked how confident it was that it could modernize and secure its systems at a speed greater than attacker capability, said it was “confident, but also realistic about the pace of change”. The bank said it invests heavily in cybersecurity and technology modernization and works closely with global partners, focusing on rapid detection and response.
This echoes Capitec's Lee's tone. Capitec's approach model will continue to work through third-party providers with direct engagement with developers, he said.
Reading: Hype or not, Mythos is a warning to South African CISOs
“We will continue to work with our third-party providers, but also directly on the models, so we can use them for our own security,” he said. “The nature of fighting has completely changed.” – (c) 2026 NewsCentral Media
Get breaking news from TechCentral on WhatsApp. Sign up here.