国际货币基金组织（IMF）在2026-05-07发布的部落格文章中指出，最新一代人工智慧模型（如Anthropic的Claude Mythos及其他美国科技公司开发模型）提高了金融机构遭受网路攻击的系统性风险，原因在于它们可能同时引发多个机构的「相关性失效」，使金融中介、支付系统与市场信心受到冲击。IMF认为这类模型可大幅降低发现与利用漏洞的时间与成本，因而使「违规与入侵」呈现不可避免的趋势，并可能推升为潜在的宏观金融冲击。

Anthropic表示，Mythos在控制性测试中已找到「数千个高严重性漏洞」，且涵盖每一种主要作业系统及网页浏览器；其后先向以美国为主的40家组织（含Amazon、Microsoft与JPMorgan Chase）小规模推出，以便先行修补。这种渐进式部署让部分机构获得更多修补（patches）与风险情资，但也造成非美国金融机构与金融集团未同步受益，防御能力出现明显差距。

IMF首次将此类威胁作为金融安全议题专文警示，主张政策制定者强化国际合作，因为网路风险「不分国界」，且新兴与发展中经济体因资源受限更易受影响。它同时警告，尽管金融软体短期较传统开源基础设施更难攻击，但随著模型训练扩张、能力扩散与泄漏增加，此防线可能迅速削弱。IMF建议必须推行网路压力测试、情境分析与董事会层级的资安治理，并透过公私协作提升威胁情报交换与事件回应能力，以减少连锁中断、支付受阻、流动性紧缩与火灾式抛售效应。

In a blog post published on 2026-05-07, the International Monetary Fund (IMF) said that latest-generation AI models, including Anthropic’s Claude Mythos and other U.S.-developed systems, raise systemic cyber risk to financial institutions because they can trigger simultaneous, correlated failures across institutions, disrupting financial intermediation, payment systems, and confidence. The IMF argued that these models can sharply reduce the time and cost needed to discover and exploit vulnerabilities, making breaches increasingly inevitable and elevating the possibility of a macro-financial shock.

Anthropic said Mythos has identified thousands of high-severity vulnerabilities in controlled testing, including in major operating systems and web browsers. The model was then released gradually to 40 mostly U.S.-based organizations, including Amazon, Microsoft, and JPMorgan Chase, to let them patch the exposed weaknesses. That rollout has helped recipients with faster fixes, but left many non-U.S. banks and financial groups without access, creating uneven defensive readiness despite the scale of the threat.

The IMF’s first dedicated paper on this AI cybersecurity risk called for stronger international cooperation because cyber risk does not respect borders and emerging or developing economies may be more exposed due to resource constraints. It added that although financial software has been harder to target than open infrastructure, this resilience is likely to erode as model training scales up, capabilities diffuse, and leaks spread. The IMF recommended cybersecurity stress testing, scenario analysis, board-level oversight, and stronger public-private threat-intelligence and incident-response collaboration to contain contagion. It warned that widespread impact could produce confidence effects, payment disruptions, liquidity strain, and fire-sale dynamics.