Anthropic model sparks regulator alarm

On Tuesday, Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell pulled the chief executives of the biggest United States banks into a special meeting in Washington to talk about one thing: a new Anthropic model called Claude Mythos. CNBC and Bloomberg both reported that the warning was about cyber risk, not interest rates, inflation, or bank capital. (cnbc.com) (bloomberg.com) Anthropic had just said on April 7 that it would not make Claude Mythos Preview generally available. The company said the model is unusually strong at computer security work and is being restricted while Anthropic tries to use it inside a controlled defense effort called Project Glasswing. (anthropic.com) (red.anthropic.com) The reason banks care is simple: modern banks still run huge piles of old software, payment connections, and vendor systems that have to work every second of every day. A model that can spot and chain together hidden software flaws faster than human teams can turn one weak lock into a map of the whole building. (federalreserve.gov) (red.anthropic.com) Anthropic says Mythos can identify and exploit zero-day vulnerabilities across every major operating system and every major web browser during testing. A zero-day is a flaw the defender does not know about yet, which means there is no patch waiting on the shelf when an attacker finds it first. (red.anthropic.com) (anthropic.com) Anthropic also says more than 99 percent of the vulnerabilities it found have not yet been patched, which is why the company redacted parts of its own reporting. That is an unusual position for a model launch: the company is advertising capability and hiding the details at the same time because disclosure itself could create targets. (red.anthropic.com) (anthropic.com) Instead of a public release, Anthropic says Project Glasswing will give Mythos access to a set of partners working on critical software and infrastructure. Anthropic says it has extended access to more than 40 organizations and committed up to $100 million in usage credits plus $4 million in direct donations to open-source security groups. (anthropic.com 1) (anthropic.com 2) That still leaves regulators with a harder question than “is Anthropic being careful.” If one company can build a model that turns known bugs into working attacks and finds new bugs across common systems, then every bank has to assume rival labs, criminal groups, and foreign intelligence services are racing toward the same capability. (red.anthropic.com) (federalreserve.gov) The Federal Reserve had already been talking publicly about an artificial intelligence arms race in bank cybersecurity in 2025. Governor Michael Barr warned last April that artificial intelligence could strengthen both defenders and attackers, which is exactly why a closed-door meeting about one model could jump straight to the top of the agenda this week. (federalreserve.gov) (cnbc.com) Bloomberg and CNBC reported that the bank chiefs were already in Washington for a Financial Services Forum gathering when officials called the extra session. That detail matters because it shows the meeting was assembled fast, around a live operational concern, not scheduled months ahead as a routine policy seminar. (bloomberg.com) (cnbc.com) Anthropic’s own system card says Mythos is its most capable frontier model to date and shows a sharp jump from Claude Opus 4.6 on multiple benchmarks. The banking alarm came from that jump landing in the one domain where a model does not need to write a perfect app or a perfect essay; it only needs to find one overlooked hole in the right machine. (anthropic.com) (red.anthropic.com)