{"id":646112,"date":"2026-05-09T10:00:03","date_gmt":"2026-05-09T08:00:03","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=646112"},"modified":"2026-05-09T10:05:05","modified_gmt":"2026-05-09T08:05:05","slug":"the-threat-every-south-african-bank-should-be-worried-about","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/646112-the-threat-every-south-african-bank-should-be-worried-about.html","title":{"rendered":"The threat every South African bank should be worried about"},"content":{"rendered":"\n

Anthropic’s AI model Mythos, part of its Claude software, represented a clear threat to banks and financial institutions in South Africa.<\/p>\n\n\n\n

This is according to Bijan Sanii, CEO of Canadian fraud detection provider Inetco. The company provides services for financial institutions worldwide, including Standard Bank and African Bank.<\/p>\n\n\n\n

“South African banks and financial institutions should be concerned,” Sanii told MyBroadband in an emailed Q&A.<\/p>\n\n\n\n

“Not because Mythos is necessarily being used in fraud scams and bank fraud schemes today, but because it signals where the cyber threat environment is heading.”<\/p>\n\n\n\n

Anthropic, one of the world’s most important generative AI makers, positioned Mythos as an extremely capable AI model designed to identify vulnerabilities in critical software beyond human capabilities.<\/p>\n\n\n\n

The company decided to release Mythos under heavily restricted access through “Project Glasswing” to prevent the model from falling into the wrong hands.<\/p>\n\n\n\n

On 21 April, Bloomberg reported<\/a> that unauthorised users had gained access to Mythos. “Even restricted AI tools can leak, be misused or be accessed,” said Sanii.<\/p>\n\n\n\n

“For South African institutions, the issue is that AI is accelerating the discovery, testing and potential weaponisation of software weaknesses.”<\/p>\n\n\n\n

Sanii said he expected other models as powerful as Mythos to emerge in the coming years, which could help attackers map environments, identify weak points, and chain vulnerabilities much faster.<\/p>\n\n\n\n

Last week, San Francisco-based security firm Theori employed an “AI hacker” called Xint Code<\/a> to uncover a high-severity Linux vulnerability that could have allowed attackers to gain a root shell.<\/p>\n\n\n\n

The flaw affected mainstream Linux distributions using kernels built since 2017 and was discovered after a researcher set the AI to follow an insight into an underexplored bug class in Linux’s crypto subsystem.<\/p>\n\n\n\n

“In effect, Mythos is accelerating the shift from a slower cyber world built around periodic reviews and after-the-fact remediation to one where banks need in-flight detection and real-time resilience.”<\/p>\n\n\n\n

These risks could be amplified for local financial institutions. While large global technology firms and select banks were granted early defensive access to Mythos, most South African firms were excluded.<\/p>\n\n\n\n

Sanii said that this could widen the gap between organisations that can test and strengthen systems against AI-assisted attacks and those that must defend without this advantage.<\/p>\n\n\n\n

Financial institutions under attack in South Africa<\/h2>\n\n\n\n
\"\"
Anthropic’s Claude Mythos is only available to a select few companies at present<\/figcaption><\/figure>\n\n\n\n

Adumo, one of South Africa’s largest payment processors that processes over R100 billion annually, was the target of a data breach in April that involved an external application connected to its system.<\/p>\n\n\n\n

That same week, the country’s largest bank by assets, Standard Bank, announced that private client information had been shared online. This followed a major data breach by a threat actor called “Rootboy.”<\/p>\n\n\n\n

While it was not confirmed whether AI was used in the attacks, cybersecurity firm Check Point Software told MyBroadband that hackers were using AI to aid their attacks<\/a> in South Africa and worldwide.<\/p>\n\n\n\n

“AI-assisted tools can help attackers discover and exploit vulnerabilities much faster,” explained Sanii. “Banks should treat AI cyber risk as a governance and resilience issue, not only an IT issue.”<\/p>\n\n\n\n

He said that financial institutions in South Africa should expand red-team and penetration-testing programmes to reflect the growth of AI-assisted attack methods.<\/p>\n\n\n\n

That meant not only testing individual applications but also how vulnerabilities could be chained across APIs, identity systems, payment environments and, crucially, legacy platforms.<\/p>\n\n\n\n

“Then there’s the issue of third parties,” he said. “A weakness outside the bank’s own walls can still become a banking problem if it affects customer access.”<\/p>\n\n\n\n

Local banks, insurers, retailers, fintechs and payment providers depend on scores of external vendors, processors, cloud platforms, call centres and software services providers.<\/p>\n\n\n\n

“The reported Mythos access issue is a reminder that trusted partners can become an exposure point,” he added.<\/p>\n\n\n\n

He said the threat Mythos poses to local financial institutions extends beyond the Anthropic AI model. Instead, its development is a signal that cyberattack capabilities are becoming faster.<\/p>\n\n\n\n

“South African banks and companies that adapt now will be much better positioned than those that continue to treat cybersecurity as a back-office technology issue.”<\/p>\n","protected":false},"excerpt":{"rendered":"

Banks in South Africa should be concerned of the rise of AI models like Mythos, that can discover system vulnerabilities beyond human capabilities. <\/p>\n","protected":false},"author":341213,"featured_media":646162,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[69026,105078,97858,105077,105076,104674,104675,1851],"class_list":["post-646112","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-adumo","tag-bijan-sanii","tag-claude","tag-claude-mythos","tag-inetco","tag-mythos","tag-project-glasswing","tag-standard-bank"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/646112"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/341213"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=646112"}],"version-history":[{"count":7,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/646112\/revisions"}],"predecessor-version":[{"id":646167,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/646112\/revisions\/646167"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/646162"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=646112"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=646112"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=646112"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}