Japan's Finance Minister announced Friday that MUFG, SMBC, and Mizuho will receive access to Anthropic's restricted vulnerability-hunting AI within two weeks — the first Japanese institutions to join a rollout that has so far been confined to a handful of American and European partners.
Japanese Finance Minister Satsuki Katayama confirmed on May 22 that US Treasury Secretary Scott Bessent had personally informed her of plans to extend access to Anthropic's Claude Mythos AI model to the Japanese government and Japanese companies within two weeks. Katayama said the arrangement was conveyed during her May 12 bilateral meeting with Bessent in Tokyo — an unusually direct channel for a commercial AI access decision that has recast the model's rollout as an instrument of US financial statecraft rather than a standard enterprise software deal.
The three institutions set to be onboarded are Mitsubishi UFJ Financial Group (MUFG), Sumitomo Mitsui Banking Corp. (SMBC), and Mizuho Financial Group — Japan's largest lenders by assets, collectively managing more than $8 trillion in combined balance sheet exposure. Onboarding is expected to be completed by the end of May, according to a source familiar with the matter cited by Reuters. The banks would become the first Japanese institutions granted entry to the restricted preview, which Anthropic runs under a program it calls Project Glasswing, currently limited to roughly 12 named launch partners — including AWS, Apple, Cisco, Google, JPMorgan Chase, Microsoft, and Palo Alto Networks — plus approximately 40 further institutions admitted on a case-by-case basis.
Katayama made clear the stakes for Japan's financial system were not abstract. "Cyberattacks against the financial industry could immediately trigger credit uneasiness," she told reporters after an April 24 coordination meeting with Bank of Japan Governor Kazuo Ueda, Japan Exchange Group chief executive Hiromi Yamaji, and the heads of the three megabanks. "We must win the battle surrounding AI," she added.
What Mythos Does — and Why It Unsettles Regulators
Claude Mythos is not a general-purpose AI assistant. It is Anthropic's most capable model for identifying software vulnerabilities — a capability so potent that regulators and chief executives have treated its existence as a category-shifting event since Anthropic disclosed the model publicly. In its limited preview, Mythos has already found thousands of previously unknown zero-day vulnerabilities across every major operating system and browser. Mozilla shipped Firefox 150 with fixes for 271 vulnerabilities identified by Mythos in a single evaluation pass, a remediation effort handed back to Mozilla engineers under non-disclosure rather than published.
Under Project Glasswing terms, Mythos is delivered with strict restrictions on output disclosure: partners may use the model to hunt vulnerabilities in their own systems and draft remediation plans, but they are prohibited from publishing exploits. The constraint is designed to prevent Mythos findings from becoming offensive weapons — a concern that Japan's Financial Services Agency has taken seriously. On Friday, the FSA urged Japanese financial institutions to treat the model's arrival as a company-wide management issue, and said proactive system shutdowns should remain an option if thorough protective measures cannot prevent a cyberattack enabled by the model's capabilities.
A 36-Entity Working Group Chaired by Mizuho
Alongside the access announcement, Finance Minister Katayama confirmed the formation of a 36-entity public-private working group on Mythos-class risks. The group — formally convened under the Public-Private Coordination Meeting on Strengthening Cybersecurity Measures in the Financial Sector Against AI-Related Threats — comprises Japan's major banks, the Bank of Japan, Japan Exchange Group, and Japanese units of Anthropic and OpenAI. It is chaired by Mizuho's chief information security officer and is charged with identifying infrastructure exposures, implementing defensive countermeasures, and drafting contingency plans for what would amount to a coordinated patching push across the entire Japanese financial system. The working group held its inaugural meeting on May 14.
The formation of the panel mirrors the approach taken by the US Federal Reserve and Treasury, which convened American bank chief executives for a cyber-risk briefing after Mythos became known, and tracks a parallel UK commitment to brief major British banks within days of the Japan announcement.
Why This Deal Is Geopolitically Significant
The channel through which this deal was struck is as notable as the deal itself. Bessent's direct role in conveying Mythos access during a bilateral Treasury meeting in Tokyo confirms that the White House has folded AI vulnerability tools into its broader diplomatic toolkit — a framing that has drawn sharp complaints from European capitals. Eurozone finance ministers raised the issue at an Ecofin meeting last week, where no EU government had access to the model while the White House was reportedly blocking further expansion of the partner list.
That asymmetry matters beyond the immediate cybersecurity question. The US-Japan arrangement effectively creates a two-tier global financial system from a cyber-readiness standpoint: institutions inside the Glasswing perimeter can use Mythos to find and patch their own vulnerabilities; those outside it cannot. If Mythos is as capable as Anthropic and partner institutions suggest, the gap between the two groups is not merely a product question — it is a systemic risk differential. Dario Amodei, Anthropic's chief executive, has described the current moment as a "cyber moment of danger" that justifies the access controls.
Some security researchers push back on that framing, arguing the vulnerabilities Mythos surfaces are reachable through careful orchestration of public models, and that the more important story is the rate at which frontier AI is improving in offensive cyber — not Mythos specifically. But for Japan's megabanks, the operational case is more immediate: MUFG, SMBC, and Mizuho collectively underwrite a large share of Japan's cross-border settlements, corporate lending, and government bond issuance. A successful cyberattack on any one of them would not stay contained.
What to Watch Next
Three developments will define whether this deal translates into meaningful defensive capability. First, the specifics of the access terms: Anthropic has not published the Glasswing contract for any partner, and the scope of what Japan's megabanks are permitted to do with Mythos findings — particularly around sharing vulnerability information across the 36-entity working group — will determine how much collective protection the arrangement actually delivers.
Second, the working group's output. Mizuho's CISO will need to coordinate remediation timelines across institutions with different technology stacks and different tolerance for operational disruption. The Firefox precedent — 271 vulnerabilities patched in a single release — suggests the volume of findings could be substantial.
Third, what happens in the EU. If European regulators secure Mythos access in the coming weeks, the geopolitical edge of the Japan deal diminishes. If they do not, the pressure on Brussels and Frankfurt to find an alternative path — whether through domestic AI investment or a different diplomatic channel — will intensify. The next Ecofin meeting is scheduled for June.
"Cyberattacks against the financial industry could immediately trigger credit uneasiness. We must win the battle surrounding AI."— Satsuki Katayama, Finance Minister, Japan