A new generation of artificial intelligence capable of infiltrating banking systems, bypassing cyber defences and executing financial theft at machine speed has raised global alarm, intensifying concerns over Bangladesh's fragile and unevenly secured banking infrastructure, still shadowed by the 2016 central bank reserve heist.
The system, developed by Anthropic and known as Claude Mythos, is being described by cybersecurity experts as one of the most advanced and potentially disruptive cyber tools ever created. Unlike traditional hacking methods, it can independently scan financial networks, detect hidden vulnerabilities and exploit them within minutes without human involvement.
For Bangladesh, the concern is acute. The banking sector still carries the legacy of the 2016 Bangladesh Bank cyber heist, when $81 million was stolen through weaknesses in digital payment systems. Despite partial reforms, cybersecurity specialists say structural vulnerabilities remain embedded in parts of the financial system.
Bangladesh's banking infrastructure shows uneven digital maturity. Leading private banks run modern core banking platforms, but many state-owned and smaller institutions still depend on outdated or partially upgraded legacy systems, some over 20 years old. This fragmented setup creates persistent security gaps that are difficult to detect, monitor and secure effectively.
Experts warn Claude Mythos is engineered to exploit exactly such conditions. The AI can autonomously map entire banking systems, identify "zero-day vulnerabilities" - previously unknown software flaws - and chain them together to penetrate deep network layers. Once inside, it can potentially access core banking servers, manipulate transactions, deploy ransomware or extract sensitive financial data at extremely high speed.
Cybersecurity researchers involved in testing the system describe it as "strikingly capable" in offensive cyber operations, noting that it can outperform many human hackers in identifying exploitable weaknesses. Unlike conventional attacks requiring sustained human control, Claude Mythos operates continuously and independently, executing multi-stage intrusions without delay.
The growing concern has triggered international regulatory attention. Central banks and cybersecurity agencies in several countries have reportedly begun emergency-level discussions on how to counter AI-driven cyber threats capable of destabilising financial systems.
The risk extends beyond direct financial theft. Experts warn that such AI systems could launch large-scale social engineering campaigns by generating highly convincing fake banking alerts, fraud warnings or account compromise messages. These could trigger mass panic withdrawals, potentially leading to "bank runs" capable of destabilising vulnerable institutions within hours.
For Bangladesh, this threat is particularly serious. Public trust in sections of the banking sector has already been weakened by loan scandals, financial irregularities and past cyber incidents. Analysts warn that even limited AI-driven misinformation could undermine confidence and trigger systemic instability.
The country's rapid shift toward mobile financial services, digital banking and online transactions further increases exposure. While financial inclusion has expanded significantly, cybersecurity readiness, regulatory enforcement and digital forensics capacity have not kept pace. A shortage of skilled cyber professionals continues to limit national resilience.
Global responses have already begun. The US Treasury has held discussions with major banks on defensive measures, while regulators in the United Kingdom and Australia have issued warnings about AI-enabled cyber risks. In India, Finance Minister Nirmala Sitharaman reportedly convened urgent meetings with banking officials to review vulnerabilities.
The International Monetary Fund has also raised concerns that AI-assisted cyberattacks could trigger cross-border financial instability if deployed at scale.
In response, Anthropic has restricted access to Claude Mythos and launched a controlled initiative called Project Glasswing. The programme allows selected global technology companies and financial institutions to use the AI defensively to identify vulnerabilities before attackers can exploit them.
Participants reportedly include Amazon Web Services, Microsoft, Apple, Google, NVIDIA and cybersecurity firm CrowdStrike. Major banks including JPMorgan Chase are also using the system to identify vulnerabilities in legacy banking infrastructure and strengthen defences.
However, experts caution that such defensive capabilities are likely to remain concentrated in advanced economies, leaving developing countries like Bangladesh exposed in an escalating AI cyber arms race.
Analysts say Claude Mythos represents a turning point in cyber warfare, where artificial intelligence may soon outperform both attackers and defenders simultaneously, creating a new class of financial threat that traditional cybersecurity systems may struggle to contain.
For Bangladesh, the emergence of autonomous AI-driven cyber tools is being viewed as a stark warning: without urgent modernisation of banking systems, stronger regulatory enforcement and major investment in cybersecurity capacity, the next digital attack could be faster, more precise and far more damaging than anything seen before.
