URGENT: How To Protect Your Savings Against AI Super Hackers

As you may know, Anthropic’s new AI Claude Mythos, which was designed to find weaknesses in software systems that could be hacked, apparently misinterpreted its orders and actually did the hacking it found possible, which was far more than anyone ever suspected. Anthropic immediately took it offline, but it managed to escape. It is once again offline. Anthropic has shared it with the largest tech companies so that they can plug their holes and has been in discussions with the Federal government.

I have been asking questions of Gemini as to what steps I could take to protect stocks, bonds, and bank accounts. This article shares what I have learned. At the end, I offer a few more of my own thoughts.

As I’m sure you are already aware, any information received from any AI may or may not be accurate, and may even contain biases or self-serving statements designed to sell specific products/services.

Information from Gemini AI in response to my questions:

Bill Harvey’s Prompt: What can we do to protect our savings in electronically held stocks and bonds

Here are the most effective ways to protect your stocks and bonds:

1. Upgrade Your Authentication

• Move Beyond SMS 2FA: AI can easily facilitate SIM-swapping to intercept text message codes. Use hardware security keys (like YubiKey) or authenticator apps (Google Authenticator, Authy) which are significantly harder for remote hackers to compromise.
• Biometric Lockdown: Enable facial or fingerprint recognition for mobile brokerage apps. These biometric identifiers are much harder for generative AI to replicate than text-based credentials.

2. Harden Your Digital Footprint

• Use a "Clean Room" Device: If possible, use a dedicated device (like a cheap tablet or secondary laptop) strictly for financial transactions. Avoid using this device for general web browsing, email, or social media to minimize exposure to malware.
• Anonymize Your Access: Use a dedicated email address only for your brokerage account. If an AI hacker compromises your primary personal email, they won't even know where your investments are held.

3. Implement Procedural Speed Bumps

• Transfer Limits & Notifications: Set a daily cap on the amount of money that can be transferred out of your account. Enable real-time alerts for every login and transaction so you can act within minutes of a breach.
• Voice & Video Verification: Established a "family safe word" or a specific verification protocol with your financial advisor. Never authorize a major transfer based on a phone call alone, as AI voice cloning can now perfectly mimic your advisor's voice.

4. Understand Your Insurance Limits

• SIPC is Not Cyber Insurance: The Securities Investor Protection Corporation (SIPC) protects you if your brokerage firm goes bankrupt, not if a hacker steals your individual password and drains your account.
• Check for "Asset Protection Guarantees": Some major brokerages (like Fidelity, Schwab, or Vanguard) offer a "Security Guarantee" where they reimburse you for unauthorized activity, provided you followed their security protocols (like having 2FA enabled). Check your firm’s specific policy on cyber-theft reimbursement.

5. Diversify Your Custodians

Don't keep your entire life savings in a single brokerage. By spreading assets across multiple custodians, you ensure that even a "Mythos-level" breach at one institution won't wipe out your entire portfolio.

Bill Harvey’s Prompt:How can I protect my bank accounts from Mythos and super hackers? In general, what steps should I take?

1. Upgrade Beyond SMS Two-Factor Authentication

"Super hackers" often use SIM swapping or session hijacking to intercept text message codes. To prevent this:

• Use Hardware Security Keys: Devices like YubiKey are the gold standard. They require a physical device to be plugged into your computer or tapped on your phone to log in, making it nearly impossible for a remote hacker to gain access.
• Authenticator Apps: If a hardware key isn't an option, use apps like Google Authenticator or Authy instead of SMS. These generate codes locally on your device, which cannot be easily intercepted by a remote attacker.

2. Protect Against AI-Driven Threats (Mythos)

Recent reports indicate that advanced AI models like Mythos can identify software vulnerabilities in minutes.

• Enable "Lockdown" Features: Many banks now offer a "Lockdown" or "Freeze" mode for your account. Keep your debit/credit cards frozen via the app and only unfreeze them the moment you are about to make a purchase.
• Instant Transaction Alerts: Set your bank app to send push notifications for every transaction, no matter how small. This allows you to catch unauthorized "test" charges immediately.

3. Secure Your "Digital Perimeter"

Hackers rarely go after the bank directly; they go after you to get the keys.

• Use a Dedicated "Banking Device": If possible, use one specific tablet or computer only for banking and nothing else (no social media, no random web surfing). This limits the "attack surface" where malware can enter.
• Email Security is Banking Security: Your email is the "master key" to your life. If a hacker gets into your email, they can reset your bank password. Protect your email with the same (or higher) level of security as your bank.
• Avoid Public Wi-Fi: Never log into a bank account on public Wi-Fi. If you must, use a high-quality VPN to encrypt your traffic.

4. Advanced "Hygiene" Checklist

Bill Harvey’s Prompt: Should I use a password manager and why or why not?

The short answer is yes. In 2026, cybersecurity experts almost universally recommend using a dedicated password manager.

While the idea of putting all your "eggs in one basket" feels risky, the alternative—reusing passwords or choosing simple ones you can remember—is the #1 reason bank accounts get hacked.

Why You Should Use One

• Immunity to "Credential Stuffing": This is the most common attack. If a random site you use (like a small clothing store) gets hacked, hackers will try that same password on your bank. A password manager ensures every single account has a unique, 20+ character random password.
• Protection Against Phishing: If you click a fake link to a "bank" website, a password manager won't recognize the URL and will not auto-fill your credentials. This is a built-in safety net that humans often fail.
• Zero-Knowledge Security: Top-tier managers like 1Password, Bitwarden, or RoboForm use "zero-knowledge" architecture. This means they encrypt your data on your device before it ever reaches their servers. Even if the company is hacked, the hackers only get scrambled, useless code.
• Breach Monitoring: Many managers now alert you the second your email or a specific account appears in a dark web leak, allowing you to change it before a "super hacker" even tries to log in.

The Risks (and How to Fix Them)

Expert Verdict for 2026

Using a password manager is like putting your money in a bank vault rather than under your mattress. While no vault is 100% unbreakable, it is significantly safer than leaving your "money" (your data) exposed to every passerby.

Pro Tip: Avoid using the built-in password managers in your browser (Chrome/Safari) for your most sensitive accounts, like banking. A dedicated, third-party manager offers more advanced encryption and works across all your devices and browsers.

That concludes the Gemini advice. Here are some of my own thoughts.

One of the most important things we need to do as a civilization is to create rules and regulations for AIs. One rule need relates to the code-writing capabilities of AIs. This is a very valuable function, and it would be a loss to civilization to simply prohibit it. Instead, very specific lines of demarcation should be drawn, including the rule that hack-vulnerability-finding AIs must be built so as to prohibit their actual hacking, either by using available code or writing new code. Instead, they should create reports to the vulnerable parties indicating how to test the vulnerability and fix it if it is confirmed to be vulnerable.

Banks and brokerage houses should institute more protections for accounts, including backup of records in storage that is not connected to the Internet, and perhaps even printed records stored in the safest locations with the proper temperature and humidity controls, so as to preserve actual records of who owns what in the case of cyber or nuclear destruction of electronic records (nuclear explosions send out electromagnetic burst capable of wiping out electronic data storage records).

These institutions are presumably already using automatic pattern recognition to detect a withdrawal of funds that is not in line with previous behavior; however, these systems should be reviewed and updated if necessary. Removal of funds above a certain level should require virtual meetings with the principals to verify they are who they say they are and can answer all the secret questions. There should no longer be any dependency upon Social Security Numbers. For example, between August 12 and 18 of 2025, an unknown number of SSNs linked to names was obtained by an unknown source from an unknown number of brokerage firms via their connection with Salesforce.

I predict that more and more computers will be kept offline, and the most valuable information will be kept in those offline computers. This is a practice we have been using for our RMT Value Signals since 2014. Now that we all just this month have entered the Era of AI Superhackers, it will be an Age of Standalone Computers too.

Posted at MediaVillage through the Thought Leadership self-publishing platform.

Click the social buttons to share this story with colleagues and friends.
The opinions expressed here are the author's views and do not necessarily represent the views of MediaVillage.org/MyersBizNet.