Treasury, Fed meet Wall Street on Anthropic risk
Treasury Secretary Scott Bessent and Fed Chair Jerome Powell held an urgent meeting with Wall Street leaders to discuss fears that Anthropic’s latest AI model could materially raise cyber risks for financial institutions. The session signals regulators and banks are treating certain new models as operational risk questions, not just product releases. (x.com) (x.com)
On Tuesday in Washington, Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell pulled major bank chiefs into Treasury headquarters to talk about one thing: whether Anthropic’s new model could make cyberattacks on banks easier before defenses catch up. (bloomberg.com) The unusual part is who was in the room. When the Treasury Department and the central bank meet top Wall Street executives over a single software release, they are treating that model less like a gadget launch and more like a potential financial-stability problem. (news.bloomberglaw.com) Anthropic unveiled the model, called Claude Mythos Preview, on April 7 and did not open it to the public. The company said it would only be used by a small group of organizations through a restricted program called Project Glasswing. (anthropic.com) Anthropic says Mythos can do something older chatbots were bad at: find a hidden software flaw and then chain the steps needed to exploit it. In its own testing, the company said the model could autonomously discover and exploit zero-day vulnerabilities in major operating systems and web browsers. (red.anthropic.com) A zero-day vulnerability is a bug the defender does not know about yet. It is the digital version of finding a side door in a bank vault blueprint that the bank itself has never seen. (red.anthropic.com) Banks worry about that because they run old and new systems at the same time. A large lender can have customer apps on modern cloud software while still depending on decades-old internal plumbing for payments, trading, and records, which gives attackers more surfaces to probe. (news.bloomberglaw.com) Anthropic’s answer was not a broad launch but a gated coalition. Project Glasswing includes Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Palo Alto Networks, and the United Kingdom’s National Cyber Security Centre, with the model aimed at defensive work on critical software. (anthropic.com) That still leaves regulators with a timing problem. If one company can build a model that helps defenders find flaws faster, another company or a hostile state could build or steal a similar capability and use it to break in faster too. (nextgov.com) That is why this meeting matters beyond Anthropic. Bessent and Powell were reportedly warning banks about “possible future risks” from Mythos and from similar models that could follow, which means Washington is starting to treat frontier artificial intelligence as an operational-risk issue for the financial system. (bloomberg.com) The immediate question for banks is not whether they should use Mythos. The immediate question is whether their patching, monitoring, vendor reviews, and incident-response teams are fast enough if software that once took a skilled hacker days to abuse can now be mapped by a model in minutes or hours. (red.anthropic.com)
