Anthropic ‘s decision to drastically restrict general access to the Claude Mythos Preview model is the most serious warning to financial markets in a decade. Since artificial intelligence can, in a matter of hours, find and exploit gaps that have eluded leading auditors for decades, legacy operational risk management strategies are losing their raison d’être. The International Monetary Fund (IMF) has officially added Mythos to its list of systemic macroeconomic risks, ending the era of treating artificial intelligence as an image gadget.
Democratisation of the cyberchaos
The events of recent weeks have revolutionised the perception of technology debt. Boards hitherto succumbing to shareholder pressure have implemented solutions based on language models mainly to artificially boost stock market valuations. This digital theatre has collided with hard reality. Claude Mythos has drastically lowered the entry threshold for top-tier cyber attacks. The tool does autonomous work that previously required multi-million dollar budgets of state intelligence agencies.
The scale of the breakthrough is shown by hard data from Anthropic-initiated Glasswing project, worth $100 million in computing credits. Among other things, Mythos identified a 27-year-old critical vulnerability in OpenBSD, a system considered a bastion of security on which global firewalls and, indirectly, macOS or Android components are based. Mozilla, on the other hand, using the same engine, detected 271 vulnerabilities in the Firefox browser in just one night.
A profound structural asymmetry has emerged. Offensive artificial intelligence finds vulnerabilities in code and creates exploits at machine speed, while corporate remediation (patching) procedures still take weeks.
A monetary perspective: Mispricing of technology debt
The alarm signal from the highest financial structures came immediately. The head of the IMF, Kristalina Georgieva, explicitly expressed concern about the stability of the markets in the face of a new generation of models.
The market consensus is stuck overestimating the short-term productivity benefits of generative AI, and ignoring the real costs of defending against it. The integration of AI agents into companies’ operational systems (e.g. CRM systems) creates a gigantic attack surface. Since the financial and logistics sectors rely on an extremely concentrated digital monoculture – a few cloud providers and repetitive software architectures – the automation of vulnerability discovery raises the risk of correlated failures. A single vulnerability can trigger a cascading liquidity freeze, settlement paralysis and forced asset sales (fire-sale).
The World Economic Forum (WEF) has identified this process as a turning point. Technological resilience is becoming the main criterion for capital allocation by institutional funds. The profit and loss (P&L) account will not defend itself if the cost of protection starts to drastically eat into operating margins.
CEE perspective: The end of the safe hinterland
For the markets of Central and Eastern Europe (CEE), including mainly Poland, the Czech Republic and Romania, the shock is existential. The regional economic success of the last decades was based on its position as a safe, relatively cheap code factory for Western Europe. Hundreds of shared service centres (SSC/BPO) and software houses provide software and handle critical processes for global institutions.
In a reality where the commercial model can verify millions of lines of code per second and generate flawless attacks, the previous cost advantage of CEE developers becomes irrelevant. If systems provided by regional companies show vulnerabilities to machine audit, Western headquarters will cut partners off from their networks in a split second to isolate their own business. Local companies rarely have the financial cushion to build autonomous, sovereign next-generation defence systems. For foreign investors, a lack of immediate operational resilience is the simplest message to evacuate capital from emerging markets.
It is therefore advisable to stop funding technology projects that only serve to build an image of modernity in annual reports. Only implementations that directly and measurably cut operating costs or increase margins by automatically defending assets count.
Resources from development budgets should be reallocated to engineering resilience at the grassroots (Security by Design) and automating business continuity processes. Reactive patching of holes has lost out to machine speed. The market will mercilessly verify which boards were securing real cash flow and which were funding digital theatre. Capital will only survive where the company’s balance sheet can withstand the automated technological shock.
