Japan's three largest banks—Mitsubishi UFJ Financial Group, Mizuho Financial Group, and Sumitomo Mitsui Financial Group—are set to onboard Anthropic’s Claude Mythos vulnerability-hunting AI within the next two weeks, marking the first inclusion of Japanese institutions in the restricted Project Glasswing pilot.
- First Japanese banks gain restricted access to Anthropic's Claude Mythos
- Model uncovers thousands of zero-day vulnerabilities across systems
- Public-private working group formed to manage associated cyber risks
What happened
Anthropic has granted Japan's three megabanks access to Claude Mythos, its advanced AI system designed to identify previously undisclosed software vulnerabilities. The rollout is part of Anthropic’s Project Glasswing, a limited and highly controlled program currently involving a select group of global institutions including major American and European companies. The three banks—MUFG, Mizuho, and SMFG—will be onboarded by the end of May following meetings in Tokyo coordinated with US Treasury officials.
This inclusion marks the first time Japanese companies have joined the restricted Glasswing access list. The rollout provides these financial giants the ability to scan their own internal systems for hidden risks and develop protections, under strict non-disclosure agreements that prevent public sharing of exploit details. The move follows recent announcements by US and UK regulators about AI-driven cyber risk briefings for their domestic banks.
Why it matters
Claude Mythos has demonstrated the ability to find thousands of zero-day vulnerabilities across all major operating systems and web browsers. In internal tests, it successfully generated working exploits, revealing risks even in heavily sandboxed environments. For example, Mozilla patched 271 security flaws in a single Firefox release after using Mythos internally, highlighting the model’s impact.
Given the escalating cyber threat landscape faced by financial institutions, Mythos represents a significant shift in vulnerability detection capabilities. Japan’s formation of a public-private task force, including major banks, the Bank of Japan, and domestic AI units, underscores a national strategy to mitigate risks associated with these AI discoveries. This effort aligns with broader US government involvement, reflecting geopolitical stakes tied to advanced AI security tools.
What to watch next
The immediate focus will be how the three Japanese megabanks operationalize Mythos within the constraints imposed by Anthropic’s restricted rollout. Monitoring how they detect and patch vulnerabilities without public disclosures will provide a template for future adopters, particularly across critical finance and infrastructure sectors worldwide.
Regulators and industry participants will also observe the geopolitical dynamics surrounding restricted Mythos access, especially as European governments voice concerns over limited availability. Continued developments from the Japanese working group and potential broader rollout in Asia and beyond will be key indicators of how AI-driven cyber vulnerability management evolves on a global scale.