Anthropic’s Mythos raises alarms

The heads of Bank of America, Citigroup, Goldman Sachs, Morgan Stanley, and Wells Fargo were pulled into a special meeting at the United States Treasury Department this week after Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell warned them about a new Anthropic model called Claude Mythos Preview. JPMorgan Chase chief executive Jamie Dimon was the one major bank chief reported absent. (cnbc.com) This was not a product launch meeting. CNBC reported that the bankers were already in Washington for a Financial Services Forum gathering when officials called a separate Tuesday session focused on cyber risk from Mythos. (cnbc.com) Anthropic did not put Mythos on the open market like a normal chatbot. The company said on April 7 that it was limiting access to a small group because the model is unusually good at finding weaknesses in software that hackers could exploit. (cnbc.com) Think of a software flaw as an unlocked side door in a skyscraper. Anthropic says Mythos can spot those doors across critical codebases fast enough that defenders might fix them first, but attackers could also use the same map to break in. (anthropic.com) Anthropic built a gated program called Project Glasswing around that idea. The launch partners include Amazon Web Services, Apple, Cisco, CrowdStrike, Google, JPMorgan Chase, Microsoft, Nvidia, Palo Alto Networks, and the Linux Foundation, and Anthropic says it has also extended access to more than 40 other organizations that build or maintain critical software infrastructure. (anthropic.com) Anthropic is putting money behind the gatekeeping. The company says Glasswing comes with up to $100 million in usage credits and $4 million in donations to open-source security groups, which turns the model into a tool for selected defenders instead of a public download. (anthropic.com) That approach fits a policy Anthropic updated on February 24. In version 3.0 of its Responsible Scaling Policy, the company said stronger models trigger stronger safeguards, using internal “Artificial Intelligence Safety Level” thresholds that are supposed to tighten launch and security rules as capability rises. (anthropic.com) The bank meeting shows how far this has moved beyond Silicon Valley. When the chair of the Federal Reserve and the Treasury secretary are privately briefing Wall Street on one company’s model, the question is no longer whether the model is impressive; the question is who gets access to it first and how quickly critical systems can be hardened. (cnbc.com) Banks are a logical first audience because they sit on payment rails, trading systems, customer data, and old software that was never built for machine-speed attackers. Anthropic told CNBC it has been in ongoing discussions with the Cybersecurity and Infrastructure Security Agency and the Center for Artificial Intelligence Standards and Innovation about Mythos’s cyber capabilities before and after the rollout. (cnbc.com) Anthropic’s public line is that there is “a real opportunity” to make the internet more secure if the rollout is controlled. The fact that Washington is now convening emergency-style meetings around that claim suggests the next fight in artificial intelligence will be less about who has the smartest model and more about who controls the keys, the compute, and the release valve. (cnbc.com)