JPMorgan moves past firewalls

JPMorgan Chase is among the companies tied to Anthropic’s new Claude Mythos Preview, a restricted artificial intelligence model built to find software flaws, not answer chat prompts. (anthropic.com) Anthropic said on April 7 that Mythos Preview would not be released broadly and would instead be used in a “defensive cybersecurity program” with a limited set of partners. A separate report published April 19 by TechStory said JPMorgan is testing the model inside the bank. (anthropic.com) (techstory.in) The basic idea is simple: banks run huge codebases, and security teams try to spot weaknesses before attackers do. Anthropic and its partners say Mythos can scan large amounts of code and link multiple bugs into a realistic attack path. (techxplore.com) (anthropic.com) That is the part that changes the security model around “firewalls.” A firewall filters traffic at the edge, but code-scanning systems, developer tools and model access controls sit deeper inside a company’s network and touch sensitive software and data. (jpmorganchase.com) (anthropic.com) JPMorgan has been building toward that shift for years. The bank says its firmwide Trustworthy AI Center of Excellence works on security, privacy and robustness, and it said in October 2025 that its internal AI Threat Modeling Co-Pilot improved threat-modeling efficiency by 20% and found an average of nine additional novel threats per model. (jpmorganchase.com 1) (jpmorganchase.com 2) The TechStory account is thinly sourced and does not describe where the testing happens, what systems are in scope, or whether the model runs through Anthropic, a cloud partner, or a bank-controlled environment. Those details matter because they define what data the model can see and what actions it can take. (techstory.in) (anthropic.com) Anthropic’s own disclosures show why large companies care about those boundaries. Its trust center lists compliance programs including SOC 2 Type II and ISO 27001 for Claude services, while the Mythos system card says the model’s cyber capability was strong enough that Anthropic chose a limited-partner release instead of general availability. (anthropic.com 1) (anthropic.com 2) Outside testing has pushed the story into policy circles. Tech Xplore, citing Bloomberg and the Financial Times, reported that Mythos was launched to roughly 40 partner organizations and that JPMorgan Chase was among them as officials weighed the risks of a model that can find and chain zero-day vulnerabilities at machine speed. (techxplore.com) For JPMorgan, the clearest reading is not that perimeter security has disappeared, but that security controls are moving closer to the tools that write, inspect and deploy code. The next proof point will be whether the bank or Anthropic gives a more specific account of how that testing is fenced off from production systems. (jpmorganchase.com) (techstory.in)