The Office of the Superintendent of Financial Institutions (OSFI) warned the Royal Bank of Canada and other major lenders about escalating cybersecurity risks from advanced AI. An April email specifically identified Anthropic’s Claude Mythos model as a primary concern.

Regulators cautioned that these AI models could significantly reduce the time available for banks to identify and patch security vulnerabilities. OSFI urged senior technology and risk officers to accelerate their incident response and risk identification protocols.

The warning follows high-level meetings between Canadian regulators and bank executives regarding malicious AI use. OSFI subsequently issued a public bulletin detailing best practices for managing generative and agentic AI risks.