OSFI Warns Banks: Claude AI ‘Mythos’ Powers Advanced Phishing Attacks

Canada’s financial regulator, OSFI, warned banks that cybercriminals are using Anthropic’s Claude “Mythos” persona to generate highly convincing phishing emails and social engineering attacks. The AI-crafted messages feature flawless tone, industry context, and psychological manipulation, making them far harder to detect than traditional phishing. Banks are updating training, verification procedures, and governance in response.
OSFI Warns Banks: Claude AI ‘Mythos’ Powers Advanced Phishing Attacks
Written by Eric Hastings

Canadian financial institutions received a pointed warning from their primary regulator about the growing sophistication of cyber threats after investigators discovered that attackers had begun incorporating references from Anthropic’s Claude model into phishing campaigns and social engineering efforts. The Office of the Superintendent of Financial Institutions, known as OSFI, circulated an internal email that explicitly cited the AI system’s “Mythos” persona as an example of how language models can be manipulated to generate convincing narratives that mimic trusted communications.

The message, obtained by Investing.com, reveals how quickly threat actors have adapted publicly available large language models for malicious purposes. According to the email, certain cyber groups instructed Claude to adopt the Mythos character, a creative writing mode that produces elaborate, story-driven responses. When prompted in this configuration, the model generated lengthy, contextually rich emails that appeared to come from senior bank executives or technology vendors. These messages contained subtle psychological hooks designed to lower employee defenses and encourage clicks on malicious links or disclosure of credentials.

OSFI officials expressed particular concern about the quality of the generated text. Traditional phishing attempts often contain grammatical errors or awkward phrasing that trained staff can spot. In contrast, the Claude-assisted messages demonstrated consistent tone, appropriate financial terminology, and references to current industry events that made them far harder to distinguish from legitimate correspondence. One sample shared internally described a fabricated board-level discussion about an urgent system migration, complete with invented project codes and timelines that matched patterns commonly used inside large Canadian banks.

The warning arrives at a moment when Canadian banks already face elevated cyber pressure. Several institutions reported increased attempts at business email compromise throughout 2024, with losses climbing into the tens of millions of dollars. Attackers have shifted from broad spray-and-pray campaigns toward highly targeted operations that combine open-source intelligence with AI-generated content. By feeding Claude details scraped from LinkedIn profiles, earnings transcripts, and internal policy documents, adversaries can create messages that reference specific colleagues, cite recent policy changes, and even replicate the writing style of individual executives.

Financial regulators worldwide have begun documenting similar trends. The U.S. Federal Reserve and the UK’s Financial Conduct Authority have issued parallel advisories about generative AI in fraud operations, though the Canadian communication stands out for naming a specific model and persona. The Mythos configuration within Claude was originally designed to help writers develop fictional universes and character backstories. Threat actors discovered that the same expansive narrative capability could fabricate believable corporate scenarios on demand.

Bank security teams have responded by updating their awareness training programs. Many now include side-by-side comparisons of genuine executive emails against AI-generated versions. Staff are taught to look beyond surface-level correctness and instead verify unusual requests through secondary channels that do not rely on email. Some institutions have also begun experimenting with AI detection tools that analyze linguistic patterns for signs of machine generation, although current systems still produce too many false positives to serve as standalone defenses.

The OSFI email recommended several immediate controls. Institutions should reinforce verification procedures for any request involving money movement, system access changes, or sensitive data sharing. Multi-factor authentication remains essential, yet attackers have grown adept at intercepting one-time codes through simultaneous voice phishing or compromised mobile devices. Therefore, the regulator stressed the need for contextual authentication that considers whether the request aligns with normal behavior patterns for that employee and time of day.

Another area of focus involves third-party risk. Many banks rely on external vendors for cloud services, payment processing, and cybersecurity monitoring. Attackers frequently impersonate these partners because employees often treat vendor communications with less skepticism than internal messages. The regulator advised tighter contract language requiring vendors to disclose their own use of generative AI and to implement controls preventing misuse of client data in training sets.

Anthropic has addressed the issue by implementing additional safeguards in subsequent Claude versions. The company now restricts certain creative personas when they detect prompts that could relate to impersonation or social engineering. However, determined attackers can bypass these restrictions through careful prompt engineering or by using earlier, less restricted model versions available through unofficial channels. This cat-and-mouse dynamic illustrates a broader challenge facing AI developers: models powerful enough to assist legitimate creative work inevitably become useful to malicious actors as well.

Canadian banks maintain large language models for internal purposes such as contract analysis, customer service chatbots, and fraud detection. These controlled deployments operate within secure environments that prevent data leakage and limit output to approved use cases. The OSFI communication draws a clear distinction between such responsible applications and the uncontrolled public models that threat actors exploit. The regulator stopped short of recommending a complete ban on external AI tools but urged strong governance frameworks that classify which systems employees may access and for what purposes.

Interviews with cybersecurity professionals at major Canadian banks reveal a mixed picture. Some information security leaders view generative AI as a net positive that helps them identify vulnerabilities faster and generate more effective training materials. Others worry that the technology lowers the barrier to entry for less sophisticated criminal groups. Previously, creating convincing phishing content required native-level language skills and detailed knowledge of target organizations. Now, a moderately skilled operator can achieve similar results by combining publicly available information with a few well-crafted prompts.

The speed of adoption among threat actors has surprised many experts. What began as experimental use of ChatGPT in 2023 has evolved into systematic integration of multiple models, each chosen for specific strengths. Claude’s Mythos mode excels at long-form narrative, while other systems perform better at code generation or rapid iteration on phishing templates. Sophisticated groups maintain prompt libraries that have been refined through trial and error, allowing them to generate fresh campaigns within minutes rather than days.

Regulatory expectations continue to tighten. OSFI has signaled that it will incorporate AI-related controls into its regular supervisory reviews. Banks can expect examiners to ask detailed questions about their policies governing employee use of external AI services, their methods for detecting AI-generated content, and their strategies for protecting proprietary data from entering public models. Those that treat the issue as a passing concern risk falling behind peers who have embedded AI risk assessment into their broader operational resilience programs.

The incident also raises questions about responsibility. Should AI companies bear greater liability when their models are used for fraud? Or does the obligation rest entirely with organizations to secure their people, processes, and technology against evolving threats? Most legal frameworks currently place the burden on the victims and their regulators, yet public pressure is building for technology providers to implement more proactive defenses.

Education remains the cornerstone of any effective response. Canadian banks have expanded their security awareness efforts to include specific modules on AI-enhanced threats. These programs explain how models like Claude can generate persuasive content and teach employees to treat every unexpected request with healthy skepticism. Role-playing exercises now incorporate realistic examples based on actual incidents rather than generic scenarios.

Technical controls complement the human-focused training. Email security gateways have been updated to scan for linguistic anomalies associated with AI generation, though the rapid pace of model improvement makes signature-based detection difficult. Behavioral analytics systems monitor for unusual patterns such as sudden increases in email volume from new domains or requests that deviate from established communication norms.

The OSFI email serves as both warning and call to action. By naming Claude’s Mythos capability specifically, the regulator highlighted how even specialized creative modes can be repurposed for harm. Financial institutions across Canada are now reassessing their defenses with fresh urgency, recognizing that the threat evolves as quickly as the underlying technology.

As banks continue integrating AI into legitimate business operations, they must simultaneously prepare for adversaries doing the same. The line between innovative productivity tool and sophisticated attack vector has grown increasingly thin. Success depends on maintaining vigilance while embracing the benefits of these powerful systems within carefully governed parameters. The Canadian experience offers an early glimpse of challenges that financial sectors worldwide will confront as generative AI becomes more accessible and its malicious applications more refined.

Subscribe for Updates

BankingPro Newsletter

The BankingPro Email Newsletter is a must-read for banking executives focused on innovation and technology. Designed to help leaders navigate the future of banking and drive strategic growth.

By signing up for our newsletter you agree to receive content related to ientry.com / webpronews.com and our affiliate partners. For additional information refer to our terms of service.

Notice an error?

Help us improve our content by reporting any issues you find.

Get the WebProNews newsletter delivered to your inbox

Get the free daily newsletter read by decision makers

Subscribe
Advertise with Us

Ready to get started?

Get our media kit

Advertise with Us