Anthropic model sparks alarm

The people who run the United States financial system called Wall Street into urgent talks this week over a chatbot. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell warned that Anthropic’s new Mythos model could change cyber risk fast enough to become a financial-stability problem, not just an information-technology problem. (bloomberg.com) Banks already spend billions protecting passwords, payment rails, and trading systems because one software flaw can open a door into all three. Bloomberg reported on April 10 that officials were urging major firms to test Mythos internally to find those doors before criminals do. (bloomberg.com) Anthropic says Mythos is unusually good at finding a zero-day vulnerability. A zero-day vulnerability is a software bug the developer does not know about yet, which makes it like a hidden spare key that nobody has changed the lock for. (anthropic.com) On April 8, Anthropic said Mythos Preview had identified thousands of previously unknown vulnerabilities, including critical ones in every major operating system and every major web browser. The company said more than 99 percent of the bugs it found were still unpatched, so it withheld technical details under coordinated disclosure rules. (anthropic.com 1) (anthropic.com 2) That is why Anthropic did not put Mythos on the open market with its normal products. Cybernews reported on April 8 that the model was being kept to a small group of organizations because Anthropic judged the capability too dangerous for broad release. (cybernews.com) Instead, Anthropic built Project Glasswing, a program that gives selected defenders early access so they can patch important software first. Anthropic says the launch group includes Amazon Web Services, Apple, Cisco, CrowdStrike, Google, JPMorganChase, Microsoft, Nvidia, Palo Alto Networks, Broadcom, and the Linux Foundation. (anthropic.com) JPMorganChase matters here because a big bank is not just another software customer. A bank sits on payment messages, customer identities, treasury operations, and market plumbing, so a tool that speeds up bug hunting can also speed up the search for weak points in infrastructure that millions of people never see. (anthropic.com) (bloomberg.com) Federal Reserve officials were already moving in this direction before this week’s meeting. Governor Michelle Bowman said in a November 22, 2024 speech that artificial intelligence raises questions for bank safety, soundness, and financial stability, and Vice Chair for Supervision Michael Barr said on April 17, 2025 that generative artificial intelligence could make fraud and cyberattacks cheaper and faster. (federalreserve.gov 1) (federalreserve.gov 2) Anthropic has been preparing for this exact category of risk in its own rulebook. Its Responsible Scaling Policy, updated on April 2, 2026, says frontier models can create new security threats and lays out escalating safeguards for systems that become more capable in areas like cyber offense. (anthropic.com 1) (anthropic.com 2) The hard part is that the same capability cuts both ways. A model that helps a defender find a flaw on Monday can help an attacker find the next flaw on Tuesday, and Anthropic itself wrote in February 2026 that model progress was increasing the risk of large language model-discovered zero-days. (anthropic.com) So the story is no longer “can artificial intelligence write code.” The story is that, by April 2026, the United States Treasury, the Federal Reserve, Anthropic, and the biggest banks were all treating machine-speed vulnerability hunting as something that could affect the stability of the financial system itself. (bloomberg.com) (anthropic.com)