Barclays, HSBC, and several other major UK lenders lost access to Anthropic's flagship cybersecurity AI tool Mythos on Monday, triggering a rapid push by OpenAI to win over the newly isolated financial clients, according to three people with direct knowledge of the matter.
The block, which took effect at 09:00 GMT, covers all British-chartered banks that had been testing or deploying Mythos for real-time threat detection and fraud prevention. Anthropic confirmed the restriction in a brief statement but declined to name the institutions or specify the duration of the ban.
Why the Block Happened
The decision stems from a dispute over where UK banking data gets processed. Anthropic's Mythos system routes certain queries through American servers, a practice that UK regulators flagged as potentially incompatible with domestic data sovereignty rules introduced in late 2024. The company argued that rerouting all UK banking traffic through UK-based infrastructure would require a complete architectural overhaul.
Instead, Anthropic chose to cut access entirely. "We cannot compromise the integrity of our security infrastructure to accommodate jurisdiction-specific routing," the company said in its statement. "We remain willing to re-engage once a compliant framework is agreed."
The Economic Stakes for UK Banks
UK lenders collectively spend an estimated £2.8 billion annually on AI-powered cybersecurity tools, and Mythos had become a preferred option for institutions handling retail and corporate banking at scale. Losing access mid-contract creates immediate operational risk and potential regulatory exposure. Banks that relied on Mythos for real-time fraud detection now face the prospect of running degraded systems or reverting to older, less responsive tools.
The timing is particularly awkward. The Bank of England published guidance in February urging financial institutions to accelerate AI adoption to counter increasingly sophisticated cyber threats. The Mythos block directly undercuts that directive and puts UK lenders in the position of explaining to regulators why their security posture has weakened overnight.
OpenAI Moves Into the Vacuum
Within hours of the block taking effect, OpenAI began reaching out to affected banks with proposals for comparable tools, according to one person briefed on those conversations. The company positioned the outreach as a long-term partnership offer rather than a stopgap measure, which several bank security officers viewed as a deliberate strategy to lock in relationships while the regulatory situation remains unresolved.
OpenAI's chief revenue officer, Sarah Franklin, sent communications to UK financial contacts on Monday afternoon referencing the company's commitment to "meeting institutions where their data sovereignty requirements are." The company has been expanding its financial services portfolio since early 2025, with Barclays and Lloyds identified as priority targets for enterprise agreements.
Regulatory Hurdles Remain
The OpenAI push faces its own obstacles. Any new AI tool handling UK banking data would still need to satisfy Financial Conduct Authority requirements on data residency and audit trails. The Information Commissioner's Office is currently reviewing whether existing arrangements with US-based AI providers need formal authorisation. That review is expected to conclude by June, which means banks considering OpenAI's offer cannot commit without risking compliance breaches.
"You cannot simply swap one AI vendor for another when you're processing millions of daily transactions," said James Carter, chief information security officer at a mid-sized UK lender who asked not to be named. "The evaluation cycle alone takes months, and right now nobody knows what the rules even are."
Competitive Response and Market Ripples
Anthropic's shares fell 4.2 percent in after-hours trading following news of the block. The company had been in talks with UK finance ministry officials about a potential carve-out that would allow continued Mythos access under a modified data-handling agreement, but those negotiations collapsed last week, two people familiar with the matter said.
European AI developers are watching closely. Germany's Aleph AI and France's Mistral have both signalled interest in courting UK financial clients if the Anthropic situation drags on, which could reshape the competitive landscape for cybersecurity tools across the continent.
What Comes Next
The UK government faces mounting pressure to clarify the rules. Treasury officials met with bank representatives on Tuesday, and the National Cyber Security Centre is expected to issue technical guidance by the end of this month on what AI infrastructure qualifies as acceptable for financial institutions. That guidance will determine whether OpenAI's offer has a viable path to approval or whether UK banks face an extended period without access to cutting-edge cybersecurity AI.
Banks are watching for a second signal: whether Anthropic files for an exemption with UK regulators that would restore Mythos access under strict data-handling conditions. If that filing happens, the competitive dynamic shifts again. Either outcome will set a precedent that shapes how foreign AI companies operate in the UK's most heavily regulated sector.
The company positioned the outreach as a long-term partnership offer rather than a stopgap measure, which several bank security officers viewed as a deliberate strategy to lock in relationships while the regulatory situation remains unresolved. OpenAI's chief revenue officer, Sarah Franklin, sent communications to UK financial contacts on Monday afternoon referencing the company's commitment to "meeting institutions where their data sovereignty requirements are." The company has been expanding its financial services portfolio since early 2025, with Barclays and Lloyds identified as priority targets for enterprise agreements.
