WEBVTT - Will Mythos Ruin or Save the Global Financial System? 0:00:02.720 --> 0:00:07.240 Bloomberg Audio Studios, podcasts, radio news. 0:00:08.039 --> 0:00:10.360 As this tech evolves, we may need to have a 0:00:10.400 --> 0:00:14.080 more standardized process for if there is a systemically important 0:00:14.080 --> 0:00:17.119 development in the tech, there is an actual process for 0:00:17.200 --> 0:00:20.840 deciding who gets access. It's done in a more democratic way, 0:00:20.840 --> 0:00:22.680 in a more equal way, and that's a hard thing 0:00:22.720 --> 0:00:23.120 to happen. 0:00:32.600 --> 0:00:35.400 I'm Stephanie Flanders, head of Government and Economics at Bloomberg, 0:00:35.440 --> 0:00:38.960 and this is trump Anomics, the podcast that, as ever 0:00:39.120 --> 0:00:41.640 looks at the economic world of Donald Trump, how he's 0:00:41.680 --> 0:00:44.400 already shaking the global economy and what on earth is 0:00:44.440 --> 0:00:47.560 going to happen next. And this week's episode is being 0:00:47.600 --> 0:00:50.839 recorded a bit early on Thursday, the sixteenth of April, 0:00:50.960 --> 0:00:53.519 in Washington, in the middle of the Spring meetings of 0:00:53.560 --> 0:00:56.680 the International Monetary Fund and World Bank, where an AI 0:00:56.760 --> 0:00:59.600 model that few of the officials here had probably even 0:00:59.640 --> 0:01:03.160 heard of a week ago is threatening to upstage even 0:01:03.200 --> 0:01:06.800 the conflict in Iran as the subject everybody wants to discuss. 0:01:07.280 --> 0:01:10.240 It all started with a Bloomberg story a week earlier 0:01:10.319 --> 0:01:13.720 revealing that the US Treasury Secretary Scott Bessant had gathered 0:01:13.760 --> 0:01:18.240 Wall Street bank leaders to warn about mythos the latest 0:01:18.280 --> 0:01:21.680 AI model from Anthropic that it was so powerful that 0:01:21.720 --> 0:01:25.800 it could herald a new era of cataclysmic cyber attacks 0:01:25.840 --> 0:01:30.640 carried out autonomously by bot. That meeting called at short 0:01:30.680 --> 0:01:34.160 notice set off alarm bells with central bankers and regulators 0:01:34.160 --> 0:01:36.280 around the world, who all then rushed to arrange their 0:01:36.319 --> 0:01:39.840 own meetings to understand how this model and others like 0:01:39.880 --> 0:01:43.280 it could raise a new level of systemic threat. But, 0:01:43.319 --> 0:01:46.200 as with most things AI, the answer turns out to 0:01:46.200 --> 0:01:48.840 be a bit complicated because the same people who tell 0:01:48.880 --> 0:01:52.200 you how dangerous this new model is, a model Anthropic 0:01:52.240 --> 0:01:55.160 itself has said is so powerful it's only making it 0:01:55.200 --> 0:01:58.640 available to a select group of firms, will also tell 0:01:58.680 --> 0:02:01.960 you it's going to be the best security against cyber 0:02:02.000 --> 0:02:07.680 attacks we've ever had. So frightened, relieved, perplexed, How should 0:02:07.680 --> 0:02:10.240 we feel about mythos and does the stability of the 0:02:10.280 --> 0:02:13.760 world financial system and the broader economy really rest on 0:02:13.840 --> 0:02:16.840 the answer? While we thought it was worth getting some 0:02:16.960 --> 0:02:19.680 kind of debate going on that with Laura noonan global 0:02:19.720 --> 0:02:22.720 finance and regulation reporter who's been in DC chasing this 0:02:22.800 --> 0:02:26.200 story but is normally based in London. Laura, welcome to 0:02:26.200 --> 0:02:30.320 the show, Thank you, and Michael Dung is the geoeconomics 0:02:30.360 --> 0:02:33.520 technology analyst at Bloomberg Economics, and he's previously served as 0:02:33.520 --> 0:02:36.560 a policy advisor and presidential management fellow in the Chips 0:02:36.639 --> 0:02:39.079 Program Office at the Department of Commerce. 0:02:39.240 --> 0:02:41.600 Michael, welcome back. Great to be back. 0:02:44.360 --> 0:02:47.040 Our colleagues actually wrote a big explanatory piece on the 0:02:47.120 --> 0:02:50.200 day that we're recording, which sort of painted a picture 0:02:50.280 --> 0:02:54.880 of the testers inside Anthropic, who over the last I 0:02:54.880 --> 0:02:57.040 guess a few months have been waking up to the 0:02:57.080 --> 0:03:02.400 extraordinary and potentially quite frightening power of this new model Mythos. Michael, 0:03:02.480 --> 0:03:04.359 what is it? I guess we should get to basics 0:03:04.440 --> 0:03:06.119 on what's special about. 0:03:05.800 --> 0:03:09.480 It Mythos's Anthropics newest model, and in particular, the capability 0:03:09.480 --> 0:03:12.399 that's set off alarm bells is its ability to autonomously 0:03:12.440 --> 0:03:16.240 discover vulnerabilities on a scale that we haven't seen before. 0:03:16.560 --> 0:03:19.160 So this capability in itself isn't brand new. If you 0:03:19.200 --> 0:03:21.720 look at cloud Opis four point six, which is the 0:03:21.880 --> 0:03:24.720 model immediately preceding this, they did show early signs of 0:03:24.720 --> 0:03:28.080 this capability in terms of finding five hundred zero day exploits, 0:03:28.080 --> 0:03:30.440 which are exploits that the developers didn't know about and 0:03:30.600 --> 0:03:32.440 vulnerabilities that attackers could exploit. 0:03:32.560 --> 0:03:34.800 So zero day is you have zero days to fix 0:03:34.800 --> 0:03:36.600 them because you didn't know about them exactly. 0:03:36.760 --> 0:03:39.840 Yes, and those tend to be the most devastating used 0:03:39.840 --> 0:03:42.520 by hacker groups and even nation states, and generally the 0:03:42.760 --> 0:03:44.880 ideas that many of them hold a repository of them 0:03:44.880 --> 0:03:47.440 to use at certain times. Opus four to six already 0:03:47.440 --> 0:03:49.720 demonstrated ability to find some of these. The difference with 0:03:49.760 --> 0:03:51.720 Mythos is its ability to find many more of them 0:03:51.880 --> 0:03:55.280 autonomously at speed we hadn't seen before. And in many cases, 0:03:55.280 --> 0:03:57.600 one of the anecdotes was they had researchers who did 0:03:57.600 --> 0:04:01.120 not have security training essentially instructed to run overnight and 0:04:01.360 --> 0:04:03.000 the next morning when they came back, it had found 0:04:03.000 --> 0:04:05.440 a lot of vulnerabilities. And it's that ability to find 0:04:05.480 --> 0:04:09.520 vulnerabilities in much of the code and infrastructure that underpins 0:04:09.760 --> 0:04:13.080 the Internet, our financial system, across every major operating system, 0:04:13.120 --> 0:04:16.160 internet browsers, et cetera, that I think really is scaring people. 0:04:16.560 --> 0:04:18.760 We're going to get into the double edged nature of this, 0:04:18.880 --> 0:04:22.040 because if you can find the vulnerabilities, then maybe as 0:04:22.080 --> 0:04:24.200 long as the system is in the right hands, you 0:04:24.200 --> 0:04:27.120 could potentially fix them ahead of others. The reporting we 0:04:27.200 --> 0:04:29.360 had on this, one of the paragraphs jumped out at 0:04:29.360 --> 0:04:31.800 me when they were doing this testing. Is it Mythos 0:04:31.880 --> 0:04:35.039 orchestrated the digital equivalent of a bank robbery, getting past 0:04:35.080 --> 0:04:38.520 security protocolsm through the front door of networks, breaking into 0:04:38.560 --> 0:04:42.200 digital vaults that gave it access to online treasures. AI 0:04:42.360 --> 0:04:44.720 had picked locks, but now it could pull off an 0:04:44.880 --> 0:04:45.720 entire heist. 0:04:46.680 --> 0:04:46.880 Yes. 0:04:47.000 --> 0:04:49.640 I think that's a great demonstration of where we are 0:04:49.680 --> 0:04:52.279 in the frontier right And so previously, when you just 0:04:52.279 --> 0:04:54.520 had the models alone, they were sophisticated. They could program, 0:04:54.600 --> 0:04:56.680 they could write code well, et cetera. If you've heard 0:04:56.760 --> 0:04:59.640 all the chatter over the past year Agantic systems, this 0:04:59.680 --> 0:05:01.919 program that we've seen specifically in Mythos is a perfect 0:05:01.960 --> 0:05:05.119 demonstration of that. The ability to act autonomously, chained together 0:05:05.160 --> 0:05:08.159 independent actions. And I think even more so than finding 0:05:08.200 --> 0:05:11.960 specific vulnerabilities, that ability to chain together minor exploits into 0:05:11.960 --> 0:05:15.520 a significant attack campaign is what has researchers most concerned, 0:05:15.640 --> 0:05:18.200 because that's the ability that's most difficult to guard against. 0:05:18.480 --> 0:05:21.640 One of the most popularly circulated graphics, which was at 0:05:21.640 --> 0:05:25.599 the top of Anthropics release article talking about Mythos was 0:05:25.600 --> 0:05:28.839 looking at Firefox exploits in which they compare something like 0:05:28.920 --> 0:05:31.960 Mythos found one hundred and eighty one ways to exploit 0:05:32.000 --> 0:05:35.080 Firefox versus two to four point six. But the key 0:05:35.120 --> 0:05:36.760 there was the one hundred and eighty one In many 0:05:36.800 --> 0:05:40.719 cases relied on two vulnerabilities specifically, but Mythos specifically using 0:05:40.760 --> 0:05:42.480 those two was able to find a variety of ways 0:05:42.480 --> 0:05:44.800 to attack the browser, and that sort of demonstrates the 0:05:44.839 --> 0:05:47.600 greater latitude of action that this model has versus predecessors. 0:05:48.120 --> 0:05:50.240 In some ways, this is an unusual thing for us 0:05:50.240 --> 0:05:52.159 to be talking about because we're getting into kind of 0:05:52.200 --> 0:05:55.800 high tech, but of course we're also ai is infiltrating 0:05:55.839 --> 0:05:57.800 so many different parts of our world. Now, that's why 0:05:57.880 --> 0:06:00.120 we would have to talk about it. But Laura, when 0:06:00.200 --> 0:06:03.920 you came to these meetings, you say in a piece 0:06:03.960 --> 0:06:07.240 that you've been writing that you might have expected potential 0:06:07.279 --> 0:06:10.080 for World War three, or certainly major developments in Iram 0:06:10.080 --> 0:06:13.920 which are causing enormous economic ructions, to be the dominant 0:06:13.920 --> 0:06:16.440 topic this week in Washington, But they have been a 0:06:16.520 --> 0:06:18.200 little bit hijacked by Mythos. 0:06:18.640 --> 0:06:20.280 Yeah, I mean in terms of the people who are 0:06:20.279 --> 0:06:23.039 here from a pure financial sector perspectives. So we're talking 0:06:23.040 --> 0:06:27.200 about the governors, the financial regulators, the banks themselves, the 0:06:27.240 --> 0:06:29.719 people who are interested in the pure financial sector stuff. 0:06:29.760 --> 0:06:33.240 The main risk everyone's been talking about has been mythos 0:06:33.279 --> 0:06:35.880 and what it could mean for the financial sector, and 0:06:36.120 --> 0:06:38.320 it has been fascinating to watch it evolve because these 0:06:38.320 --> 0:06:41.719 are people who feel very well versed in understanding financial risks. 0:06:41.760 --> 0:06:43.920 They could talk to you about the model underpinning bank 0:06:43.960 --> 0:06:47.560 capital all day long. These kind of models are brand 0:06:47.600 --> 0:06:49.640 new territory for them. I think they'll actually benefit a 0:06:49.680 --> 0:06:52.320 lot from listening to our colleagues comments here, because the 0:06:52.440 --> 0:06:54.839 level of understanding is just not there, and they read 0:06:54.839 --> 0:06:58.160 this thing, they think it's big, it's scary. They don't 0:06:58.200 --> 0:06:59.680 know how it's going to regain. And if you hear 0:06:59.720 --> 0:07:02.239 the idea that it could do an entire bank heist 0:07:02.279 --> 0:07:05.000 in like five minutes, ten minutes, that is terrifying for 0:07:05.040 --> 0:07:07.880 the people whose job it is to protect the financial system. 0:07:08.080 --> 0:07:11.040 Cyber risk cybersecurity must be something that you have been 0:07:11.040 --> 0:07:13.680 hearing about in these circles for a while. I'm certainly 0:07:13.800 --> 0:07:17.880 very struck. When you talk to the heads of banks 0:07:18.040 --> 0:07:21.680 or others, they will reveal just the amount of money, 0:07:21.720 --> 0:07:26.160 the amount of individuals they have focused only on deterring 0:07:26.520 --> 0:07:29.880 cybersecurity risks. On a given day, there's just they paint 0:07:29.880 --> 0:07:33.440 a picture of an onslaught on the bank's security systems 0:07:33.480 --> 0:07:36.400 on their websites daily. That's just been a fact of 0:07:36.440 --> 0:07:38.760 life for years. Shouldn't they be on top of it 0:07:38.800 --> 0:07:39.280 by now? 0:07:39.440 --> 0:07:40.840 I think part of the thing is they feel like 0:07:40.880 --> 0:07:42.440 they have been spending a lot of time on this 0:07:42.480 --> 0:07:45.040 and this has still caught them somewhat unaware, even though 0:07:45.080 --> 0:07:47.880 they knew there were cyber risks. I think it's the escalation, 0:07:48.080 --> 0:07:50.760 the fact that this could all happen so quickly, and 0:07:50.800 --> 0:07:53.880 I think some of them have been somewhat blindsided by 0:07:53.920 --> 0:07:56.000 this because certainly there is a lot of focus and 0:07:56.040 --> 0:07:58.120 has been for a long time, and people have been 0:07:58.160 --> 0:08:01.640 warning about cyber risk, but it's hard to get people 0:08:01.680 --> 0:08:04.720 to really understand it until it becomes a real and 0:08:05.040 --> 0:08:07.720 a present danger. So there were some similar conversations going 0:08:07.760 --> 0:08:10.920 on around the quantum computing capacity, and people had been 0:08:10.960 --> 0:08:13.840 concerned that when we have holescale quantum, that's going to 0:08:13.920 --> 0:08:16.560 lead to a great escalation around cyber attacks, and people 0:08:16.600 --> 0:08:18.760 were thinking about that talking about that, but it was 0:08:18.760 --> 0:08:20.920 seen as something which is going to become a reality 0:08:20.960 --> 0:08:22.960 in five ten years. So I think the idea that 0:08:23.000 --> 0:08:26.480 there would be this step change in cybersecurity demands so 0:08:26.680 --> 0:08:30.560 quickly is what's called people unawarees. And also the financial 0:08:30.640 --> 0:08:33.439 system hasn't got very good tools to deal with this 0:08:33.640 --> 0:08:37.040 in a harmonized, unified way, and that's also been a 0:08:37.040 --> 0:08:39.320 feature of some of the conversations this week. 0:08:39.520 --> 0:08:42.440 And Michael, even as we've had this conversation, and I 0:08:42.520 --> 0:08:45.280 noticed that even in the coverage over these last few days, 0:08:45.520 --> 0:08:47.439 we had the story that I mentioned at the top 0:08:47.720 --> 0:08:52.160 about Treasury Secretary bushering in banks, and it was understood 0:08:52.200 --> 0:08:55.480 to be him warning about this model, but actually it 0:08:55.559 --> 0:08:59.720 turns out it was also about encouraging banks to use 0:08:59.760 --> 0:09:04.679 this model to identify the risks and the holes in 0:09:04.720 --> 0:09:08.040 their system ahead of others, because it's so good at 0:09:08.080 --> 0:09:11.280 identifying weaknesses. So I guess it does raise this question 0:09:11.360 --> 0:09:13.839 is it a threat or is it actually something that's 0:09:13.880 --> 0:09:16.360 going to make us safer this kind of model. 0:09:16.559 --> 0:09:18.160 So absolutely both, and I think a lot of it 0:09:18.200 --> 0:09:21.520 depends on the timing itself. So in the immediate short term, 0:09:21.520 --> 0:09:23.679 it's much more of a threat, just because things are 0:09:23.720 --> 0:09:26.480 changing so quickly, and the velocity, the speed of the 0:09:26.520 --> 0:09:29.840 threat environment has accelerated so dramatically, and so one of 0:09:29.880 --> 0:09:32.319 the things is for the attackers have always had a 0:09:32.360 --> 0:09:34.920 structural advantage, let's say pre AI, in the sense that 0:09:34.960 --> 0:09:37.199 they could choose a time and place where they attack 0:09:37.240 --> 0:09:39.520 and they only need to succeed once. And defenders, as 0:09:39.520 --> 0:09:42.360 you already alluded to banks for example, face huge campaigns 0:09:42.400 --> 0:09:43.800 of attacks all over the place and they need to 0:09:43.840 --> 0:09:45.760 succeed one hundred percent of the time, and if they 0:09:45.760 --> 0:09:49.240 fail even once, then consequences could be catastrophic. What's changed 0:09:49.240 --> 0:09:52.280 with anthropic with MYTHOS now is that you see this 0:09:52.400 --> 0:09:55.760 general upskilling of attacking capabilities across the board. 0:09:56.000 --> 0:09:56.280 Right. 0:09:56.360 --> 0:09:58.800 That's the initial concern, which is that many people who 0:09:58.800 --> 0:10:01.320 didn't have the capabilities to attack top institution cyber defense 0:10:01.360 --> 0:10:04.360 teams could now use Mythos, assuming they get access to 0:10:04.400 --> 0:10:06.640 it in a year or so when this becomes public, 0:10:06.800 --> 0:10:09.320 to then attack institution that a scale we've never known before. 0:10:09.520 --> 0:10:11.600 But in the long term, the reason this potentially could 0:10:11.600 --> 0:10:14.800 actually be a benefit is again as you discussed, there's 0:10:14.960 --> 0:10:18.559 huge potential for this to help defenders scan for vulnerabilities 0:10:18.600 --> 0:10:21.160 and close the sort of resource gap that they had 0:10:21.200 --> 0:10:24.200 with the attacking side. There was always a scale mismatch 0:10:24.200 --> 0:10:27.120 between attackers and defenders, but this helps close that scale 0:10:27.120 --> 0:10:30.480 for the defender side, who also have an internal information advantage. 0:10:30.480 --> 0:10:32.520 They've always had this advantage as well, but were just 0:10:32.600 --> 0:10:34.320 never able to fully exploit it in the sense that 0:10:34.400 --> 0:10:37.880 they know their own systems the best, and once they 0:10:37.880 --> 0:10:40.120 have the scale and the resources that Mythos provides them 0:10:40.120 --> 0:10:42.559 to act on that information advantage, it actually means we 0:10:42.600 --> 0:10:44.920 could get mount for secure systems. They could find all 0:10:44.920 --> 0:10:48.080 the vulnerabilities, gradually patched them out over time, and once 0:10:48.120 --> 0:10:50.960 you patch a vulnerability, it's gone, so an attacker can 0:10:51.040 --> 0:10:52.760 no longer use that. So in the long run you 0:10:52.800 --> 0:10:56.280 could see this certainly assuming banks and top institutions act 0:10:56.320 --> 0:10:59.520 quickly enough to look at their own vulnerabilities, which is 0:10:59.559 --> 0:11:02.360 what this anthropics headstart is giving them right now, then 0:11:02.360 --> 0:11:04.240 you could see this really benefiting the defense. 0:11:04.720 --> 0:11:07.640 There's often a discussion around economists saying that things will 0:11:07.640 --> 0:11:10.480 be fine in the long run, and then you know, 0:11:10.559 --> 0:11:12.280 on the famous Canes quote about when the. 0:11:12.280 --> 0:11:13.280 Long run, we're all dead. 0:11:13.679 --> 0:11:16.160 In the short term, it sounds like if you think 0:11:16.200 --> 0:11:19.560 the period of quite a heightened risk is going to 0:11:19.559 --> 0:11:21.840 be when these models are out there, but it's not 0:11:21.960 --> 0:11:25.120 clear in whose hands they're in, and the state of 0:11:25.200 --> 0:11:28.240 knowledge on the side of the banks is perhaps mixed. 0:11:28.600 --> 0:11:30.040 It seems like we're going to have quite a few 0:11:30.040 --> 0:11:33.080 bumps on the road to that more secure future that 0:11:33.120 --> 0:11:34.320 you just painted. 0:11:34.559 --> 0:11:37.760 Yes, absolutely, and even that more secure future is conditional 0:11:37.840 --> 0:11:40.800 on a lot of this AI being properly used and 0:11:40.800 --> 0:11:44.680 properly implemented and deployed across most institutions. One of the 0:11:44.720 --> 0:11:47.679 things I just discussed about defenders having an advantage is only 0:11:47.800 --> 0:11:50.080 true in the immediate short term for top institutions with 0:11:50.120 --> 0:11:53.439 access to these models, with the budgets and the cybersecurity 0:11:53.440 --> 0:11:57.120 teams to properly defend their systems and networks. A lot 0:11:57.120 --> 0:12:00.040 of these smaller bank, smaller institutions, smaller firms across the 0:12:00.120 --> 0:12:03.239 boardroom in many cases even now, don't have proper cybersecurity 0:12:03.240 --> 0:12:05.800 teams are going to be even more exposed and vulnerable 0:12:05.880 --> 0:12:10.680 to heightened campaigns from attackers with much more skill and resources, 0:12:10.960 --> 0:12:13.240 assuming that they do get access to mythos in time. 0:12:13.640 --> 0:12:16.240 And in part what needs to happen is I think 0:12:16.400 --> 0:12:19.760 the infrastructure providers for the Internet for the financial system. 0:12:20.000 --> 0:12:22.920 The top institutions themselves need to be much more proactive 0:12:22.920 --> 0:12:25.679 about pushing out updates and patches to make sure that 0:12:25.960 --> 0:12:28.720 most of these smaller institutions aren't running their own infrastructure right, 0:12:28.760 --> 0:12:30.760 and so the infrastructure behind them needs to be more 0:12:30.760 --> 0:12:33.559 proactive and making sure vulnerabilities are fully addressed so that 0:12:33.840 --> 0:12:36.120 as a network effect, the totality of the system and 0:12:36.120 --> 0:12:38.600 the economy is protected. And that's what Anthropic is doing 0:12:38.640 --> 0:12:41.320 with Project glass Wing. In addition to their twelve launch partners, 0:12:41.360 --> 0:12:44.760 these top banks and institutions, they've added in forty plus 0:12:44.760 --> 0:12:47.560 infrastructure providers because they know this is the quickest and 0:12:47.600 --> 0:12:49.040 fastest way to reach the most people. 0:12:49.320 --> 0:12:51.640 Laura, like the regulators, you're learning on the fly. 0:12:52.559 --> 0:12:55.400 You're you're not from our tech team, but I suspect 0:12:55.440 --> 0:12:57.520 you're going to get more and more by the hour. 0:12:57.640 --> 0:12:59.040 You're getting better informed on this. 0:12:59.440 --> 0:13:02.760 But just on that point of the sort of this 0:13:02.920 --> 0:13:06.480 double edged aspect where you've got to be very frightened 0:13:06.520 --> 0:13:08.320 of this model, but you actually want to make sure 0:13:08.360 --> 0:13:11.600 that your own institutions get it first so that they 0:13:11.640 --> 0:13:17.400 can actually use it to spot vulnerabilities. The regulators that 0:13:17.480 --> 0:13:19.920 you listen to are they getting their heads around that. 0:13:20.000 --> 0:13:21.160 I noticed that we had a store. 0:13:21.200 --> 0:13:23.800 You know, it does seem like some UK financial firms 0:13:23.800 --> 0:13:26.120 are going to get hold of this model. 0:13:26.679 --> 0:13:27.640 How is that playing? 0:13:27.920 --> 0:13:30.120 So it really has opened up an interesting debate about 0:13:30.120 --> 0:13:32.920 who gets access and who doesn't and also who decides, 0:13:33.000 --> 0:13:35.960 because it's not actually for the FED, for the Battle 0:13:35.960 --> 0:13:38.920 Committee for the Bank of England to decide. This model 0:13:38.960 --> 0:13:43.240 is owned by a non state actor, so they can encourage, 0:13:43.240 --> 0:13:45.320 but they don't really have a role there. And the 0:13:45.360 --> 0:13:48.960 banks who are not currently able to access it, which 0:13:49.040 --> 0:13:51.800 is every win aside from the biggest US banks, they 0:13:51.800 --> 0:13:54.040 do feel like they are at a disadvantage because they 0:13:54.040 --> 0:13:56.640 can't plan and they can't prepare, and they're very keen 0:13:57.120 --> 0:13:59.120 to get access to it. There are some of the 0:13:59.160 --> 0:14:02.120 European officials who were here this week who are trying 0:14:02.160 --> 0:14:06.000 to softly encourage their peers in the US to encourage 0:14:06.040 --> 0:14:08.719 the US technology company which owns the model to give 0:14:08.760 --> 0:14:12.440 the European banks access, but there's no obvious process for that. 0:14:12.840 --> 0:14:16.000 So it's one of those things whereas this tech evolves, 0:14:16.000 --> 0:14:18.360 we may need to have a more standardized process for 0:14:18.480 --> 0:14:21.760 if there is a systemically important development in the tech, 0:14:22.400 --> 0:14:25.040 there's an actual process for deciding who gets access. It's 0:14:25.040 --> 0:14:28.360 done in a more democratic way, in a more equal way, 0:14:28.400 --> 0:14:29.960 and that's a hard thing to happen. And one of 0:14:29.960 --> 0:14:33.320 the challenges for Europe is Europe hasn't exactly got a 0:14:33.440 --> 0:14:36.400 version in tech industry itself so exta that there are 0:14:36.680 --> 0:14:40.920 AI issues, they are likely to involve non European companies, 0:14:41.240 --> 0:14:43.880 and that means that the European large companies who are 0:14:43.960 --> 0:14:47.080 effectually clients of these AI firms are not going to 0:14:47.120 --> 0:14:48.800 be at the front of the queue when it comes 0:14:48.800 --> 0:14:51.080 to getting assistance to dealing with these issues, and that 0:14:51.240 --> 0:14:53.880 is a challenge which Europe is very acutely aware of. 0:15:01.520 --> 0:15:04.400 Michael, I mean, it's odd because Anthropic, you know, we 0:15:04.480 --> 0:15:07.080 had this news about Scott Bessen. But of course the 0:15:07.160 --> 0:15:11.800 main dynamic between Anthropic and the US administration recently has 0:15:11.840 --> 0:15:16.360 been around the arguments with the Defense Department and being categorized, 0:15:16.520 --> 0:15:19.320 whether it was legal or not, being categorized as a 0:15:19.360 --> 0:15:20.440 supply chain threat. 0:15:20.760 --> 0:15:22.600 How should we read that. 0:15:22.360 --> 0:15:26.080 That's the same administration that has said it's a supply 0:15:26.160 --> 0:15:29.080 chain threat has encouraged all of its contractors to stop 0:15:29.200 --> 0:15:35.840 using Anthropic Tech is also encouraging some financial firms precisely 0:15:35.920 --> 0:15:38.040 to use this tool. Have they just given up on 0:15:38.120 --> 0:15:40.840 the supply chain threat aspect? I, as. 0:15:40.680 --> 0:15:42.600 Well as many others, would find the supply chain is 0:15:42.680 --> 0:15:45.360 designation questionable for Anthropic and that. 0:15:45.320 --> 0:15:47.000 The administration hasn't quite fescin. 0:15:47.560 --> 0:15:50.600 Yes, the specific use of Nthropic and the argument over 0:15:50.640 --> 0:15:53.280 that in that context is very much about the Department 0:15:53.320 --> 0:15:55.440 of Defense not wanting to be constrained in any way 0:15:55.480 --> 0:15:58.400 in the use of entropics model. The context for its 0:15:58.600 --> 0:16:02.040 wider use in the financial system and protecting many of 0:16:02.080 --> 0:16:04.440 our top institutions is much more about the capability of 0:16:04.440 --> 0:16:07.960 the model itself. It's a difference between scope of responsibility 0:16:08.000 --> 0:16:11.240 versus raw capability, and so in this case, I think 0:16:11.360 --> 0:16:14.160 even even if you assume the supply chain risk designation 0:16:14.520 --> 0:16:17.640 was somehow entirely legitimate, you would still have to be 0:16:17.720 --> 0:16:20.440 careful about let's say a Chinese open weight model that's 0:16:20.440 --> 0:16:23.440 suddenly had this capability. You would still see Treasury briefing 0:16:23.440 --> 0:16:25.720 all the top banks and institutions to make sure are 0:16:25.760 --> 0:16:27.480 you aware of this threat? Are you preparing it with 0:16:27.480 --> 0:16:29.360 that this threat? Are you actually using this to defend 0:16:29.360 --> 0:16:29.880 your own system? 0:16:29.960 --> 0:16:32.240 It's not just the warning about it, is encouraging them 0:16:32.240 --> 0:16:32.800 to use it. 0:16:34.040 --> 0:16:36.040 Yes, Yeah, I wouldn't be the first to point out 0:16:36.080 --> 0:16:38.000 that there's a lot of contradictions with this administration. 0:16:38.360 --> 0:16:41.200 Well, although going back to what Laura said, we may 0:16:41.280 --> 0:16:43.720 or may not the way that Pete Hexa sounds or 0:16:43.760 --> 0:16:45.600 some of the arguments that were used by the Pentagon, 0:16:45.640 --> 0:16:49.360 but the point of principle that a private sector firms 0:16:49.400 --> 0:16:53.720 shouldn't be the one dictating where these powers sit and 0:16:53.760 --> 0:16:57.360 how they're used. That is something that I think people 0:16:57.360 --> 0:17:01.160 across the spectrum would have some sympathy with. If this 0:17:01.320 --> 0:17:05.879 is something that is the difference between having an enormous 0:17:06.400 --> 0:17:13.040 cyber risk to household deposits important systemic institutions in the 0:17:13.040 --> 0:17:17.320 financial system, if it's a private sector company that's determining 0:17:17.359 --> 0:17:20.600 whether you have protection against that or not. There it 0:17:20.640 --> 0:17:23.320 does seem something undemocratic and wrong about that. 0:17:23.680 --> 0:17:25.880 Yeah, absolutely, And I think this is a conversation that's 0:17:25.880 --> 0:17:28.440 going to intensify as other firms catch up to war 0:17:28.440 --> 0:17:32.040 Anthropic is OpenAI a week later released GPT five. Four 0:17:32.080 --> 0:17:35.000 cybursts insert themselves in the conversation to and prove that 0:17:35.040 --> 0:17:39.080 they have an equally capable model equally scary model. I 0:17:39.119 --> 0:17:41.640 think as these capabilities progress, you're going to see more 0:17:41.680 --> 0:17:46.400 and more discussion about potential government intervention, even talk about 0:17:46.480 --> 0:17:50.000 government stakes or nationalization to some degree, because these capabilities 0:17:50.000 --> 0:17:52.600 are game changing that there's no way that a government 0:17:52.640 --> 0:17:54.960 would tolerate all this power to be held entirely in 0:17:54.960 --> 0:17:57.359 the hands of private actors. The US right now is 0:17:57.400 --> 0:18:01.800 by far the most lenient on AI regular and accommodation 0:18:01.880 --> 0:18:04.320 of private AI interests. But even that I don't think 0:18:04.359 --> 0:18:06.520 can hold over time because we're not seeing a plateau 0:18:06.560 --> 0:18:09.720 on I capabilities anytime soon. And consider the difference between 0:18:09.720 --> 0:18:12.280 mythos now and where GPT was a year ago, and 0:18:12.320 --> 0:18:14.280 then build that out two or three more years where 0:18:14.280 --> 0:18:16.480 we might be with AI and with there being no 0:18:17.440 --> 0:18:20.800 seeming plateau like technical plateau on the horizon. I think 0:18:20.800 --> 0:18:22.400 that's really a conversation that needs to be had. 0:18:22.720 --> 0:18:25.240 And Laura, you've raised the point about Europe. You listen 0:18:25.280 --> 0:18:29.119 to what Michael just said, and then you listen to 0:18:29.160 --> 0:18:32.080 conversations with European policy makers saying we can't afford to 0:18:32.160 --> 0:18:35.840 have all of our technology stack everything be dependent on 0:18:36.200 --> 0:18:40.639 US firms. In this case, that's a lost cause. Presumably, 0:18:40.920 --> 0:18:43.320 if you're talking about the security of the financial system, 0:18:43.640 --> 0:18:46.800 they're absolutely going to have to be dependent on the 0:18:46.880 --> 0:18:47.879 US forever. More. 0:18:47.920 --> 0:18:49.960 It seems like not just on the US, so I 0:18:49.960 --> 0:18:52.040 think in this contact you're the US, we also have Asia, 0:18:52.160 --> 0:18:55.159 so we also have the Chinese AI companies, but it's 0:18:55.200 --> 0:18:57.320 all foreign And to be honest, the Asia stuff is 0:18:57.359 --> 0:19:00.520 actually scarier for the policy makers because while you're banks, 0:19:00.560 --> 0:19:02.240 they're not at the start at the top of the queue. 0:19:02.280 --> 0:19:05.520 For the US, there's at least friendly and open relationships. 0:19:05.720 --> 0:19:07.919 There is more concern that if there were a company 0:19:08.040 --> 0:19:13.119 in a less collaborative jurisdiction whose which actually developed this 0:19:13.200 --> 0:19:16.000 kind of technology, they might not give Western banks a 0:19:16.080 --> 0:19:17.800 heads up to get their defenses out. And I think 0:19:17.840 --> 0:19:21.639 that's the big concern is what if this develops somewhere 0:19:21.640 --> 0:19:24.400 that we don't have at least a line of contact 0:19:24.520 --> 0:19:27.119 into to try and get our banks defended. But in 0:19:27.200 --> 0:19:30.160 terms of Europe, the ship has sailed. There are aspirational 0:19:30.200 --> 0:19:32.520 projects around let's try and invest a lot of money 0:19:32.880 --> 0:19:35.760 and build our own tech giants, but really that is 0:19:35.800 --> 0:19:37.679 a very long term plan and most people would say 0:19:37.720 --> 0:19:39.840 that's probably never going to come to fruition so what's 0:19:39.840 --> 0:19:43.560 about for them is trying to find the best oversight 0:19:43.640 --> 0:19:45.840 model for the technology that we live in. And that 0:19:46.000 --> 0:19:49.639