Banks Summoned Over Mythos Risk

Wall Street bank chiefs were called into the U.S. Treasury Department this week for a private warning about a single artificial intelligence model. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell told them Anthropic’s new Mythos system could change cyber risk fast enough that banks needed to prepare now, not later. (cnbc.com) The meeting happened on Tuesday, April 7, in Washington, where many of the executives were already gathered for a Financial Services Forum event. Bloomberg and Reuters reported that Bank of America’s Brian Moynihan, Citigroup’s Jane Fraser, Goldman Sachs’ David Solomon, Morgan Stanley’s Ted Pick, and Wells Fargo’s Charlie Scharf attended, while JPMorgan Chase’s Jamie Dimon was the one major chief executive who could not make it. (cnbc.com) (bloomberg.com) Anthropic had only unveiled Claude Mythos Preview on April 7, and it did not release the model broadly. The company said it was limiting access because the model is unusually strong at finding software bugs and turning those bugs into working break-ins. (anthropic.com) (cnbc.com) A software vulnerability is a hidden weakness in code, like a bank vault door with a bad hinge that nobody noticed for 20 years. Anthropic said Mythos could identify and exploit previously unknown flaws in every major operating system and every major web browser during its testing. (anthropic.com) Anthropic said some of the flaws Mythos found had sat in code for ten or twenty years, and one patched bug in OpenBSD was 27 years old. The company also said more than 99 percent of the vulnerabilities it found were still unpatched, which is why it refused to publish technical details. (anthropic.com) That is why banks got the call. A large bank runs thousands of internal programs, old vendor systems, payment rails, and internet-facing services, so a tool that can hunt weak spots at machine speed looks less like another chatbot and more like an automated lock-picker. (bloomberg.com) (anthropic.com) Anthropic is trying to keep the model on the defensive side by placing it inside Project Glasswing, a restricted security program announced with Amazon Web Services, Apple, Cisco, CrowdStrike, Google, JPMorganChase, Microsoft, Nvidia, Palo Alto Networks, and the Linux Foundation. Anthropic said it is also working with about 40 organizations and has committed up to $100 million in usage credits to help secure critical software. (anthropic.com) (nytimes.com) (infosecurity-magazine.com) The unusual part is not just that a model can break software. It is that the two most important U.S. financial officials treated that capability like a near-term threat to bank operations, the same way they would treat a payments outage, a liquidity shock, or a major ransomware campaign. (cnbc.com) (bloomberg.com) Anthropic told CNBC it has been in ongoing discussions with the U.S. government, including the Cybersecurity and Infrastructure Security Agency and the Center for AI Standards and Innovation, about Mythos’s capabilities. That means the bank meeting was not a one-off panic call but part of a wider effort to get critical infrastructure operators ready before models like this spread further. (cnbc.com) For years, artificial intelligence policy was framed around future harms like misinformation, labor shocks, or hypothetical superintelligence. On April 7 and April 10, 2026, the U.S. government treated one frontier model as something more immediate: a tool that could help defenders patch systems, but could also hand attackers a faster map to the weak points inside the financial system. (anthropic.com) (cnbc.com)