FIS lets Anthropic Mythos 5 hunt for vulnerabilities in critical banking software

Well, folks, FIS is giving one of Anthropic’s most advanced AI models a close look at the software behind payments, money movement, and core banking systems.

The financial technology company has joined Project Glasswing, an Anthropic initiative that gives selected organizations controlled access to frontier AI models for defensive cybersecurity work. FIS is now testing Mythos 5 against its own systems to identify and evaluate potential software vulnerabilities.

That certainly sounds useful, and it surely is. However, it should also make people slightly uncomfortable.

You see, FIS operates technology used by thousands of financial institutions around the world. Its software helps clear payments, move money, and run essential banking operations. Finding vulnerabilities in that code before criminals do is obviously important, but allowing an AI model to inspect such sensitive infrastructure raises questions that the announcement does not fully answer.

FIS says Mythos 5 will serve as an additional layer within its existing security program rather than replacing conventional security testing or human experts. That distinction matters. AI models can scan large amounts of code quickly and potentially notice patterns that a human reviewer might miss, but they can also generate false positives, misunderstand context, or recommend changes that introduce new problems.

The company did not disclose what systems Mythos 5 can access, how source code is isolated, whether data is retained, or how every finding will be reviewed before action is taken. It also did not share any early results from the testing.

In other words, we know FIS is using the model, but we do not yet know whether it has found anything useful. It’s long of hard to get excited with such limited information.

“Protecting that code is critical to the stability of global financial infrastructure,” FIS said in the announcement. The company added that it applies the same security standards to its internal systems that it expects from technology delivered to customers.

FIS is also involved with the Financial Services Information Sharing and Analysis Center, better known as FS-ISAC, along with the Financial Services Sector Coordinating Council. Those relationships give the company access to broader threat intelligence and industry collaboration beyond its work with Anthropic.

The Project Glasswing testing is separate from the commercial AI partnership between FIS and Anthropic. FIS is already exploring Anthropic-powered AI agents for financial services, while the Mythos 5 work is focused specifically on defensive security.

There is a reasonable argument for using frontier AI models to help secure critical software. Attackers already use automation, AI tools, and large-scale scanning to locate weaknesses. Banks and payment companies cannot afford to rely entirely on slow manual reviews.

Still, “trusted AI” is a marketing phrase, not a security control.

The real test will be whether FIS eventually explains how Mythos 5 is contained, how its findings are validated, and whether the model actually discovers vulnerabilities that existing tools missed. Until then, this is an interesting security experiment involving extremely important software, but not yet proof that AI should be trusted with the systems moving the world’s money.

Support independent tech journalism

NERDS.xyz is independently owned and operated. If you enjoy my coverage of Linux, AI, hardware, cybersecurity, and tech culture, consider supporting the site on Ko-fi.

Support NERDS.xyz
Avatar of Brian Fagioli
Written by

Brian Fagioli

Technology journalist and founder of NERDS.xyz

Brian Fagioli is a technology journalist and founder of NERDS.xyz. A former BetaNews writer, he has spent over a decade covering Linux, hardware, software, cybersecurity, and AI with a no nonsense approach for real nerds.

Leave a Comment