Cyber risk spikes to boardroom level

On Tuesday, Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell called the chiefs of the biggest Wall Street banks into an urgent meeting about one thing: whether a new generation of artificial intelligence could make cyberattacks faster than the financial system can stop them. That is a big shift in itself. Bank cyber risk is usually handled by security teams and chief information officers, but this meeting was led by the Treasury Department and the central bank, which means the question has moved into the same room as liquidity, capital, and systemic risk. The immediate trigger was Anthropic’s new model, Claude Mythos Preview. Anthropic’s own system card, published on April 7, says it is the company’s most capable frontier model so far and shows a sharp jump over its previous flagship on multiple tests. A system card is the document an artificial intelligence lab publishes to explain what a model can do and where it might go wrong. In this case, the card was read less like a product brochure and more like a warning label, because the model scored unusually high on cyber-related evaluations. This story had already rattled markets on March 27, when a report based on a publicly accessible draft Anthropic post said the company was planning a slow rollout because of cybersecurity implications. The iShares Cybersecurity exchange-traded fund fell 4.5% that day, while CrowdStrike, Palo Alto Networks, and Zscaler dropped about 6% and Tenable fell 9%. The leak that set this off was not theoretical. Fortune reported that researchers found a publicly searchable Anthropic data store containing a draft post about Mythos, which is exactly the kind of basic exposure that turns an artificial intelligence race into a real security problem. That leak landed in a wider pattern. Wiz said in November 2025 that 65% of the companies on the Forbes Artificial Intelligence 50 list had leaked verified secrets on GitHub, including application programming interface keys, tokens, and credentials. An application programming interface key is basically a password that lets software talk to another service. When one leaks, an attacker does not need to break in through the front door if the spare key is already under the mat. The operational risk is already showing up in live attacks on the tools companies use to build artificial intelligence agents. On March 25, the Cybersecurity and Infrastructure Security Agency added Langflow code injection vulnerability CVE-2026-33017 to its Known Exploited Vulnerabilities catalog, which means U.S. officials had evidence that attackers were already using it in the wild. Langflow is a popular open-source tool for wiring models, data sources, and actions into an automated workflow. If an attacker hijacks that workflow, the prize is not just one chatbot session but the connected databases, cloud services, and credentials behind it. That is why bank chiefs are now being pulled into the discussion. A stronger model does not have to “hack the bank” by itself to change the risk map; it only has to make phishing, vulnerability discovery, exploit chaining, and persistence cheap enough that defenders start losing on speed. Anthropic is trying to contain that by limiting early access. CNBC reported on April 7 that Microsoft, Amazon, Apple, CrowdStrike, and Palo Alto Networks were among the companies involved in a cybersecurity initiative around the model rather than a wide public release. So the new fact is not just that artificial intelligence can help attackers. The new fact is that U.S. financial officials now seem worried that the combination of stronger models, exposed credentials, and already exploited agent software is serious enough to discuss at the top of Wall Street before the next incident forces the issue.