Goldman Sachs quietly banned Claude access for its Hong Kong bankers over data residency compliance risks tied to Beijing's growing influence on the region's regulatory environment, while simultaneously gaining privileged access to Anthropic's Mythos — a model so capable at…
Goldman Sachs barred its Hong Kong bankers from using Claude a few weeks ago — the latest example of a pattern that is reshaping how the world's largest financial institutions deploy AI: geography is becoming as important as capability.
The ban, reported by the Financial Times, appears tied to data-residency requirements — rules governing where sensitive financial data must be stored and processed. Hong Kong's regulatory environment has grown more uncertain under Beijing's influence, raising questions about what happens to customer data sent to US cloud infrastructure. The compliance risk was enough for Goldman to cut off access without announcement.
What makes the ban notable is what Goldman is doing simultaneously. The bank has been piloting Claude for accounting and client onboarding work for six months, with embedded Anthropic engineers working from its New York offices, according to CNBC. Its chief executive, David Solomon, confirmed last month that Goldman has access to something far more consequential: Anthropic's Mythos, a model so capable at finding software vulnerabilities that the company refused to release it publicly. "We're aware of Mythos and its capabilities. We have the model. We're working closely with Anthropic," Solomon said at a conference, the Guardian reported.
Mythos, announced April 7, can autonomously find zero-day vulnerabilities — previously unknown security flaws — in every major operating system and browser. It wrote working exploits in hours that expert penetration testers said would have taken weeks, Anthropic's own testing found. The UK AI Security Institute assessed it substantially more capable at cyber offense than any model it had previously tested, Reuters reported. Hackers already stole access through a third-party vendor and leaked it on a private online forum, Euronews reported.
Anthropic provided Mythos to a select group under what it calls Project Glasswing — roughly 40 companies including Goldman, JPMorgan, Google, and Apple, according to the Guardian. The model was designed for critical infrastructure operators to develop defenses before something similar becomes broadly available. Deutsche Bank's chief executive said everyone is trying to gain access, per Reuters. Treasury Secretary Scott Bessent convened bank CEOs in Washington in April to discuss the national security implications, Euronews reported.
The Goldman decision illustrates a constraint that may define how global banks deploy AI: the technology doesn't exist in a geographic vacuum. Data-residency requirements, export controls, and Hong Kong's regulatory drift under Beijing are creating hard boundaries on which AI tools can run where. A model deemed safe to run in New York may be blocked in Hong Kong not because it is more dangerous there, but because the data it would touch cannot leave the country. What Goldman did in Hong Kong is likely a preview of how other global banks will handle AI in contested markets: geography-specific decisions, not corporate-wide policy.
The question is whether the world's largest financial institutions — the same ones racing to get access to Mythos for cyber defense — can actually deploy frontier AI consistently across their global operations. The answer depends less on what the models can do and more on where the data is allowed to go.
Neither Anthropic nor Goldman would comment on the Hong Kong ban.