AI
Japan Toughens Its AI Cyberattack Rules Months After Backing Claude Mythos
Japan’s Cabinet approved a revised AI Basic Plan on Tuesday, tightening cyberattack defenses and citing risks from Anthropic’s Claude Mythos model.
Japan’s Cabinet approved a revised national AI strategy on Tuesday, tightening cyberattack defenses just seven months after adopting its first AI Basic Plan. The update calls for deeper cooperation with foreign governments and AI developers, citing a growing threat of cyberattacks that exploit increasingly powerful models.
The clearest example sits inside the plan itself. Claude Mythos is both the reason Tokyo tightened its rules and a tool its own government and megabanks already rely on.
Tokyo Rewrites Its AI Rulebook for the Second Time
The revised guidelines, adopted at Tuesday’s Cabinet meeting, describe a growing threat of cyberattacks set against the backdrop of advancing AI capabilities. They call for collaborating with foreign government agencies and AI developers to significantly strengthen the institute Japan designates as its central AI safety authority.
Tokyo released the draft version on June 19, six months after the original plan took effect, and closed public comment on June 23 before the Cabinet signed off on July 14.
The AI-specific rewrite follows a broader hardening of Japan’s cyber posture. In December, the government adopted a five-year cybersecurity strategy uniting police and the Self-Defense Forces, warning that state-sponsored attacks from China, Russia and North Korea had become serious threats even before AI entered the picture.
Officials pointed to rapid technological progress, including Claude Mythos’s launch, as the reason the standard revision cycle could not wait. The first plan was drawn up under Japan’s AI Act, passed by parliament in May 2025. It was meant to guide policy for longer than seven months.

Claude Mythos Is the Reason for the Rewrite
The U.S. AI company Anthropic built Claude Mythos to do one thing well: find vulnerabilities in software before criminals do. The model debuted in April, and Anthropic restricted broad access almost immediately, citing the same cybersecurity risks the tool was designed to fix.
Anthropic’s preview has already identified “thousands of high-severity vulnerabilities,” according to a Straits Times report on its early testing. The UK’s AI Security Institute ran its own cyber range evaluation and ranked Mythos highest among the frontier models it tested, ahead of Anthropic’s own Claude Opus 4.6 and a tie between OpenAI’s GPT-5.4 and GPT-5.3 Codex.
Where Experts Disagree
- Anthropic says its preview found flaws across every major operating system and web browser it tested.
- The UK AI Security Institute independently ranked Mythos highest for cyber capability in its own evaluation.
- Independent security researchers say the specific vulnerability counts have not been verified outside Anthropic’s own materials.
Japanese regulators now want better tools to judge that exact gap between promotional claim and outside verification.
Japan’s Government and Megabanks Already Use It
Weeks before the Cabinet rewrote the rulebook, Tokyo had already reached for the tool causing the alarm. Japan’s government and three of its megabanks, MUFG Bank, Mizuho Bank and Sumitomo Mitsui Banking Corporation, secured access to Claude Mythos in early June. Finance Minister Satsuki Katayama declined to say how many firms in total were covered.
Anthropic said the same week it was extending Mythos access to about 150 organizations in more than 15 countries. Japan’s Financial Services Agency had already told banks in May to prioritize and reallocate resources for a possible wave of newly discovered flaws, warning that a short-term expansion of IT staff was not realistic.
OpenAI wants the same customers. Chief Strategy Officer Jason Kwon told Katayama that some Japanese financial institutions would get access to GPT-5.5-Cyber, OpenAI’s own frontier cybersecurity model.
How Many People Are Guarding Japan Against Rogue AI?
Japan’s AI Safety Institute, known as J-AISI, employs roughly two dozen staff inside the Information-technology Promotion Agency and is funded through the Ministry of Economy, Trade and Industry. The revised plan hands this small team a bigger job, evaluating frontier models like Claude Mythos for cybersecurity risk alongside allied institutes abroad.
Founded in February 2024, J-AISI predates both the UK and US versions of the same idea. Here is how the three compare on staffing and funding.
| Institute | Founded | Staffing / Funding | Origin |
|---|---|---|---|
| Japan AI Safety Institute (J-AISI) | February 2024 | Roughly two dozen staff | Built inside the Information-technology Promotion Agency |
| UK AI Security Institute | November 2023 | £100 million secured through 2030 | Evolved from the UK’s Frontier AI Taskforce |
| US Center for AI Standards and Innovation (CAISI) | November 2023 | $10 million initial budget | Housed within NIST |
The revised guidelines lean hardest on international cooperation exactly where Japan’s bench is thinnest, asking a roughly 25-person team to help judge whether the world’s most capable AI systems are safe enough for government networks.
PAM acts as an internal circuit breaker.
Asia-Pacific cybersecurity executive Takanori Nishiyama made that comparison to Computer Weekly, describing privileged access tools built to contain AI-driven intrusions before they spread across a network.
Japan Doubles Down on Vertical and Physical AI
The revised plan is not only about defense. It doubles down on a domestic strategy built around vertical AI and physical AI as core pillars.
Vertical AI means software tuned to a single industry, such as logistics, medicine or manufacturing. Physical AI extends that idea to machines that sense and act in the physical world, including robots on factory floors, in warehouses and on construction sites. Planners see both as a better fit for Japan’s aging, labor-short economy than another round of general chatbot competition with the US and China.
The guidelines lay out several commitments together:
- Working with allied governments and AI developers to strengthen J-AISI’s power to evaluate frontier models.
- Avoiding excessive reliance on any single country or company for AI infrastructure.
- Building homegrown AI tuned to Japan’s own social and industrial problems.
- Reviewing government and business operations on the assumption that AI is already embedded in them.
- Continuously reviewing the AI Act itself, leaving room for penalties that do not exist yet.
Japan’s AI law today lets the government investigate and advise companies accused of infringing citizens’ rights, but it stops short of punishing anyone who refuses to cooperate. The revision commits to reviewing the system “to deal with risks more effectively” but stops short of setting a specific penalty.
The Human Skills Clause
Beyond cybersecurity, the guidelines address a slower-moving worry: what constant AI use does to people. The revision calls for continued study of how work should divide between humans and AI, and it directs the government to build an education system that prevents human capabilities from declining through over-reliance on the technology.
Tokyo is already rolling out its own generative AI platform to more than 100,000 public officials, with availability expanding from around May 2026. The guidelines want an education system that keeps pace with adoption moving that fast.
A week before the Cabinet approved the revised plan, the government had already launched a council to overhaul AI’s legal frameworks, reorganizing a digital reform body first set up under former Prime Minister Fumio Kishida. Its first legislative proposals are expected sometime this year, the next test of how far Tokyo goes beyond guidelines that, for now, still carry no fines.
Frequently Asked Questions
What Is Claude Mythos and Why Does Japan Care?
Claude Mythos is an Anthropic AI model released in April 2026, built to search software for hidden vulnerabilities. Ars Technica reported that Mozilla found the tool identified 271 vulnerabilities in a single test of Firefox, one result among several that pushed Anthropic to restrict wider release before Japan’s government and banks gained access.
What Does Japan’s AI Safety Institute Actually Do?
J-AISI develops evaluation methods and safety standards for AI models instead of building AI products itself. It represented Japan at the 2024 AI Seoul Summit, where it joined a global network of safety institutes spanning roughly ten countries and the European Union.
What’s the Difference Between Vertical AI and Physical AI?
Physical AI and vertical AI appear together throughout the guidelines as one strategic bundle, industry-specific software paired with machines that act in the real world. Japanese firms like Preferred Networks and Sakana AI are frequently cited as examples of the domestic companies the strategy is meant to support.
Can Companies Be Fined for Violating Japan’s AI Rules?
Not yet. Japan’s AI Promotion Act enforces compliance by publicly naming noncompliant operators, a mechanism regulators call name and shame, and it carries no fines or bans today. The revised Basic Plan commits to reviewing that law again, which could eventually introduce penalties.
When Did Japan Adopt Its First AI Basic Plan?
The Cabinet approved Japan’s first AI Basic Plan in December 2025, months after parliament passed the underlying AI Act on May 28, 2025. Tuesday’s Cabinet meeting approved the first full revision of that plan.
How Is Japan Trying to Reduce Its Reliance on Foreign AI?
The guidelines call for reducing dependence on any single country or company across every layer of AI development, including data, data centers, cloud platforms, computing power and foundation models. The government calls this push building open “AI Sovereignty.”
-
NEWS1 month agoGoogle Search Profiles Build a Follow Graph Inside Discover
-
GAMING1 month agoMicrosoft Xbox Layoffs Start in July as Sharma Slams 3% Margin
-
AI3 weeks agoOracle Cuts 21,000 Jobs in a Year, Cites AI in 10-K Filing
-
AI1 month agoMoonshot AI Targets $30 Billion in China’s Fastest AI Funding Sprint
-
AI6 days agoWhatsApp Meta Business Agent Reaches India, With a New Pricing Meter
-
NEWS1 month agoOppo’s ColorOS 17 Eligibility List Leaves A-Series Buyers Behind
-
AI1 month agoSpaceX’s Google Deal Turns a Rocket Company Into a Cloud Landlord
-
AI3 weeks agoGoogle DeepMind and A24 Sign $75 Million AI Partnership Deal
