Wall Street, Fed, Treasury meet over Mythos

Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell called top Wall Street bank chiefs into an urgent discussion this week after Anthropic released a new model, Mythos Preview, with cyber abilities strong enough that Anthropic kept it out of general release. (bloomberglaw.com, anthropic.com) That is unusual because the Treasury Department and the Federal Reserve usually meet banks over capital, liquidity, or payment plumbing, not because one private company shipped a new artificial intelligence system. (cnbc.com, bloomberglaw.com) Anthropic said on April 7 that Mythos Preview is its “most capable frontier model” and that the jump in capability was large enough that it would only be used with a limited set of partners in a defensive cybersecurity program. (anthropic.com, anthropic.com) The basic fear is simple: a model that helps defenders find software holes can also help attackers find them faster, the way a metal detector works for both the lifeguard and the thief. Anthropic’s own researchers wrote that Mythos is “strikingly capable” at computer security tasks. (anthropic.com) In its technical write-up, Anthropic said Mythos could identify and exploit zero-day vulnerabilities, meaning software flaws that defenders do not know about yet, across every major operating system and every major web browser in its testing. (anthropic.com) Anthropic also said more than 99% of the vulnerabilities it found were still unpatched, which is why the company withheld most details and limited access instead of putting the model on the open market. (anthropic.com, anthropic.com) Banks care because they run giant stacks of old and new code at the same time: mobile apps, trading systems, payment rails, cloud software, and decades-old internal systems that cannot be swapped out overnight. A model that shortens the time from bug discovery to exploit changes the risk math for all of that infrastructure. (cnbc.com, anthropic.com) Anthropic’s answer is Project Glasswing, a restricted program announced April 7 with launch partners including Amazon Web Services, Apple, Cisco, Google, JPMorganChase, Microsoft, NVIDIA, Palo Alto Networks, and the Linux Foundation. Anthropic said it is committing up to $100 million in usage credits and $4 million in donations to open-source security groups. (anthropic.com) Investors read the same news as a threat to software profits as well as a threat to cyber defenses. Reuters reported the Standard & Poor’s 500 Software and Services Index was down 25.5% for the year including Thursday’s 2.6% drop, as traders worried that stronger models could automate more of the work sold by software vendors. (usnews.com) MarketWatch said Palo Alto Networks led another software selloff on April 10, while reports tied declines in names like Palantir and Microsoft to fears that Mythos could scramble both competition and security assumptions at the same time. (marketwatch.com, finance.yahoo.com) So the meeting in Washington was really about one question: if a model can now find digital weak spots at machine speed, who gets there first, the bank patching the hole or the attacker probing for it. Anthropic’s release decision suggests even the company that built Mythos does not yet trust the wider world with that answer. (bloomberglaw.com, anthropic.com)