Anthropic Mythos flagged for SEC risks

Anthropic’s Mythos model has drawn a new warning from the American Securities Association, which said it could expose a key Securities and Exchange Commission market database to abuse. (bloomberg.com) Bloomberg reported on April 16 that the trade group said bad actors could use Mythos against the SEC’s Consolidated Audit Trail, or CAT, a database regulators use to track stock and options orders across U.S. markets. The warning focused on identity theft, exposure of trading portfolios, and insider misuse. (bloomberg.com) The CAT is the market’s giant flight recorder: SEC Rule 613 created it so regulators can follow an order from entry to routing, cancellation, modification, or execution. The CAT NMS Plan says it tracks orders through their life cycle and identifies the broker-dealers handling them. (sec.gov, catnmsplan.com) The data issue is not hypothetical. In February 2025, the SEC exempted firms from reporting some personally identifiable information — including names, addresses, and years of birth — to the CAT for natural persons, saying a breach could let bad actors impersonate customers or broker-dealers. (sec.gov) Mythos is Anthropic’s unreleased frontier model for cyber work. Anthropic said this month that Claude Mythos Preview can outperform almost all human experts at finding and exploiting software vulnerabilities, and that it is keeping the model’s release limited while it tests safeguards. (anthropic.com, anthropic.com) That capability has already put finance officials on alert. Bloomberg reported on April 10 that Wall Street banks were testing Mythos internally as Trump administration officials encouraged defensive use, and that Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell had separately warned bank chiefs about future risks from models like it. (bloomberg.com, bloomberg.com) The CAT was already under review before this warning landed. On April 16, the SEC issued a concept release seeking public comment on the CAT and other audit trails used in securities regulation, two weeks after approving cost-cutting changes meant to preserve what it called “core regulatory functionality.” (sec.gov, sec.gov) The American Securities Association has long opposed the CAT, and Bloomberg said its Mythos warning came from a group that has been a persistent critic of the database. SEC Commissioner Caroline Crenshaw, by contrast, said in February 2025 that the CAT is a “seminal example” of data collection used for investor protection and market oversight. (bloomberg.com, sec.gov) Anthropic has publicly framed Mythos as both a tool for defenders and a source of new cyber risk, not as a product for broad release. The fight around the SEC database now turns on a narrower question: whether regulators can harden systems like the CAT before models with Mythos-level capabilities become easier to access. (anthropic.com, anthropic.com)