The UK’s biggest banks are about to get their hands on some serious firepower. According to BBC reporting, OpenAI has offered nine major UK banks access to its cyber security AI tool GPT-5.5 Cyber, a move that puts it ahead of its fierce rival Anthropic, which has blocked UK banks from accessing its own powerful tool, Claude Mythos.
This is a big deal, and not just because we’re talking about the security of systems that hold trillions of pounds. It’s also a fascinating snapshot of how the AI landscape is fragmenting along geopolitical lines, with different companies making very different choices about who gets access to their most powerful tools.
The Tools at Play
Both GPT-5.5 Cyber and Claude Mythos are designed to do one thing: find hidden security weaknesses in digital systems. And according to the AI Security Institute, which tested both tools, they perform at “a similar level.” That’s notable because Anthropic has been quite vocal about Mythos being in a tier above OpenAI’s offering, which explains why they’re being more cautious about distribution.
If you think about what these tools actually do, the implications are pretty staggering. They can sort through millions of lines of code in banking apps and find vulnerabilities that human developers might miss, doing weeks’ worth of work in minutes. Professor Alan Woodward from Surrey University put it well: he doesn’t necessarily expect these tools to surface things humans wouldn’t find eventually, but they’re relentless and incredibly thorough.
One more thing to consider: some of the code banking systems still run on in the UK is incredibly old. These AI tools will be very useful at finding problems there.
The Access Divide
Here’s where things get interesting. OpenAI has been far more generous with access, opening up GPT-5.5 Cyber in the EU and to banks in Japan and Canada, among others. The UK banks now gaining access include Lloyds Banking Group, HSBC, and Nationwide. NatWest and Santander already have access under existing agreements.
Meanwhile, Anthropic initially opened Mythos up to a collective of just 42 companies, mostly other US tech firms. The Bank of England governor Andrew Bailey warned last week that UK banks were still unable to access Mythos to test the security of their own digital systems and apps.
Former UK Chancellor George Osborne, now a senior executive at OpenAI, told the BBC that his firm did not want to hide the tool away but confirmed that, like Mythos, it would not become available to all. His reasoning was striking: “We want to make sure that the forces that are establishing order in our democracies have these tools, and the forces that want to disrupt us or commit crime, do not.”
It’s a compelling argument on the surface. But you have to wonder what happens when “the right people” are decided by corporations rather than democratic oversight.
The Bigger Picture
Some finance ministers, central bankers, and financiers have expressed serious concerns about these tools, fearing they could undermine the security of all financial systems if they fall into the wrong hands. That’s not an irrational fear. If an AI can find a 30-year-old vulnerability in a legacy system, there’s nothing stopping a malicious actor from using similar tools for exactly the opposite purpose.
Anthropic says it’s urgently working to expand access to Mythos and believes more caution is required because of how powerful the tool is. OpenAI has put its tool in more hands, charging for usage like Anthropic does, though Anthropic also put $100 million towards Mythos previews.
The truth is, we’re in uncharted territory here. These tools represent a fundamental shift in cybersecurity, and the decisions being made right now about who gets access will shape the security landscape for years to come.
One thing’s clear: having AI that can find vulnerabilities is only useful if the people protecting our financial systems can actually use it. Right now, that access is unequal, inconsistent, and largely in the hands of companies whose incentives may not perfectly align with public safety. That seems like something worth keeping a very close eye on.
