Eps.92 | Seconds to find, months to fix: RS2 CEO Radi El Haj on Mythos and the AI Security Gap
Right now, Anthropic's most powerful model Mythos Preview is the talk of the enterprise. 200 select organisations have been given access under Project Glasswing, Anthropic's restricted-access programme for vetted critical infrastructure and cybersecurity organisations. Anthropic reported that 50 partners had already used Mythos Preview to find more than 10,000 high or critical severity vulnerabilities.Tim Bond interviews Radi El Haj, CEO of RS2 a global payment technology company with 35 years of market experience to explore what Mythos-level AI means for a bank's technology stack. The conversation moves quickly from the technical threat to the harder truth: technology change is driven by people change, and the real battle is organisational. They discuss the commercial implications of procrastination, the extraordinary market power Anthropic holds right now (and how a post-IPO world may tighten that grip further), and why European banks currently cannot access Mythos directly. They finish on the build vs buy conversation happening in every boardroom, and what CIOs and CTOs need to be thinking, doing and saying before 2028.About the guestRadi El Haj is CEO and principal shareholder of RS2 PLC a global payment technology company operating a single unified platform for card issuing and acquiring. Cloud-native since 2016. Active across Europe, Latin America, Asia Pacific and North America. Regulated in Germany under BaFin. RS2 has been in the market for 35 years across three business lines: licensing, outsourcing, and regulated financial services.Timestamps[00:00] Introduction: accelerating AI capability and the security challenge it poses for financial services[00:05] The problem statement: Mythos identifies vulnerabilities in legacy banking systems in seconds. Mitigation takes weeks or months. That gap is the crisis.[00:07] Why legacy banking is especially exposed: COBOL code built since 1987, fragmented systems, the same customer held in different identity records across the same institution[00:09] Who has access to Mythos Preview: US institutions given priority; European banks currently excluded and accessing through third-party consultancies with Anthropic relationships[00:12] Scale of change needed in the next 12 months: risk decisioning, AML and compliance monitoring, merchant intelligence. Proof of concept becomes production. AI infrastructure becomes a board-level concern.[00:15] People and process: why organisational structure and ownership clarity determine whether banks survive this or not.[00:19] Build vs buy vs outsource: what banks must own and what they should never build themselves[00:21] Orchestration explained: not a product. An architectural posture. How to modernise a tier-one bank without ever telling them to rip and replace.[00:29] AI at RS2: used across the business, with one deliberate exception: the core source code. Plus the integration case study: 8 FTEs over six months became one developer in three days.[00:35] What CIOs and boards need to do now: audit your data, build your orchestration blueprint, demand a risk register with named owners. And any AI-driven decision must have a human as the final authority.Key quotes"We are talking about a human being fighting against AI." -Radi El Haj"You cannot own what you are not willing to maintain. Ownership without investment becomes a liability." - Radi El Haj"Orchestration is not a product. It is an architectural posture to adopt."-Radi El Haj"Before 2028, institutions can choose. After 2028, they will have no choice. They will be forced to implement what they are mandated to do." - Radi El Haj"On a board level, you need to demand a risk register with named owners, timelines and financial exposures, not a slide deck." - Radi El HajConnectRadi El Haj https://www.linkedin.com/in/radie/ RS2 https://www.linkedin.com/company/rs2plc/Tim Bond linkedin.com/in/timbondTechPros.io https://www.linkedin.com/company/techpros-io
