For more stories like this, sign up for the PLANADVISERdash daily newsletter.
Financial Regulators Consider Responses to Advanced AI Threats
The Securities and Exchange Commission is accepting public feedback on a review of the world’s largest database of retail and institutional trading.
Advanced artificial intelligence models created cybersecurity concerns that have drawn the attention of Securities and Exchange Commission, the Department of the Treasury, the Federal Reserve and the American Securities Association this month.
On April 16, the SEC issued a concept release soliciting public comment by June 22 regarding a comprehensive review of the Consolidated Audit Trail—the database it uses to track all trading activity in the U.S. markets for listed equities and options—and other audit trails and related data sources currently used in the regulation of the U.S. securities markets.
The release seeks input on topics including the “cybersecurity and data privacy” of the CAT and related data sources, as well as “the appropriate balance between privacy and confidentiality considerations, civil liberties protections and regulatory need,” according to a statement from the SEC. The Federal Register stated that the comment period on the CAT will remain open until June 22.
Industry Ire
In a statement, SEC Commissioner Hester Peirce called the CAT concept release an opportunity to confront privacy and civil liberty concerns “head on,” writing, “no matter how many procedural steps we add before a regulator can access the personally identifiable information linked to those trades, an ill-intentioned regulator at the Commission or one of the many self-regulatory organizations with access to the data may be able to navigate those steps to stalk personal or political enemies.”
Jamey Loupe, a principal in Sikich LLC, who leads the company’s risk practice, wrote to PLANSPONSOR via email that the concept release signals that the SEC is taking a “broader look at the risks and governance considerations surrounding the CAT, particularly as they relate to cybersecurity and third-party risk.”
Loupe wrote that as part of the SEC’s review, it will be important for regulators to closely examine vendor risk management, data handling practices and the regulatory standards that apply to audit trail data.
“The public comment period provides an opportunity for market participants to weigh in on how audit data should be protected, who bears responsibility for securing it and whether existing regulatory frameworks adequately address evolving cyber risks,” Loupe wrote in a response to emailed questions. “Third‑party dependencies and cybersecurity controls should be central to that discussion, given the sensitivity and scale of the data involved.”
Anthropic’s Threat
On the same day the SEC announced its concept release, the ASA sent a letter to Secretary of the Treasury Scott Bessent calling for the SEC to immediately suspend its collection of retail investors’ personal information and for destruction of data it has collected.
According to a blog post from AI company Anthropic PBC, its Claude Mythos Preview is a general-purpose AI model built with coding and reasoning capabilities. The company claims that Mythos’ capabilities outperform previous generation models and are extremely powerful. Several cybersecurity firms have raised questions about the governance and security risks the program presents.
“Anthropic’s Claude Mythos Preview is, by Anthropic’s own admission, the most dangerous AI model ever developed for offensive cybersecurity purposes,” ASA President and CEO Christopher Iacovella wrote. “The Consolidated Audit Trail, as it is currently designed, is the single greatest concentration of investor data in American history. It sits at the intersection of every risk that Mythos has now made operational, and it must be reformed.”
In the letter, the ASA called for an “immediate, independent cybersecurity audit of the CAT’s full technology stack conducted against an Anthropic Claude Mythos-class threat model.”
In internal testing, the Mythos model autonomously identified and developed working exploits for vulnerabilities in every major computer operating system and every major web browser, the ASA reported. An exploit is a piece of software, data or commands that take advantage of a security bug or weakness. Anthropic previously revealed that Mythos achieved a 72.4% success rate in generating workplace exploits, up from near zero in prior generations of AI models.
“In one documented instance, Mythos generated a browser exploit by autonomously chaining four distinct vulnerabilities together, bypassing the protection layers of both the browser and the underlying operating system, without human guidance,” the letter stated. “What once required a nation-state’s intelligence apparatus or the world’s most elite hackers can now be replicated, at scale, by any actor with access to a model of comparable capability—and Anthropic’s own lead offensive cyber researcher has warned that comparable capabilities will be broadly available within six to twelve months.”
Public officials have recently expressed their own concerns about Claude Mythos Preview.
Bessent and Federal Reserve Chair Jerome Powell convened a meeting on April 10 with the chief executives of the “nation’s largest banks to warn them of the existential cybersecurity threat exposed by Claude,” according to the SEC’s letter.
Meanwhile, White House Chief of Staff Susie Wiles met on April 17 with Anthropic CEO Dario Amodei about the new Mythos model, a spokesperson for Anthropic confirmed.
In February, the White House and the Department of Defense declared Anthropic a risk to the country’s national security supply chain. In a social media post, President Donald Trump ordered all federal agencies to cease using the company’s products. The comment came after Amodei, in February, said there are use cases “simply outside the bounds of what today’s technology can safely and reliably do,” referencing both mass domestic surveillance and fully autonomous weapons.
You Might Also Like:
AI Product & Service Launches – 6/29/2026
Complex Deals Without AI Input ‘No Longer Defensible,’ per Survey
