Urgent meeting on Anthropic cyber risks

Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell called top Wall Street bank chiefs to Washington on April 8 to discuss cyber risks tied to Anthropic’s new AI model, according to Bloomberg and Reuters. (bloomberg.com) (reuters.com) The meeting took place at Treasury headquarters and included chiefs from Citigroup, Morgan Stanley, Bank of America, Wells Fargo and Goldman Sachs, while JPMorgan Chase chief executive Jamie Dimon was invited but did not attend, CBS News and CNBC reported. (cbsnews.com) (cnbc.com) Officials called the session after Anthropic introduced Claude Mythos Preview on April 7 with limited access instead of a broad public rollout. Anthropic said the model could identify and exploit previously unknown software flaws in every major operating system and every major web browser during testing. (anthropic.com) (red.anthropic.com) A zero-day flaw is a software bug the developer does not know about yet, which means there is no fix available when it is found. Anthropic said Mythos had already uncovered thousands of high-severity vulnerabilities in critical software, and warned that similar capabilities could spread quickly. (anthropic.com 1) (anthropic.com 2) Banks are in the room because they run on dense stacks of software, outside vendors and payment rails that can fail fast if attackers find a weak point. Reuters reported that U.S. officials wanted lenders to understand the possible risks and take precautions to defend their systems. (reuters.com) Anthropic paired the restricted release with Project Glasswing, a defense program announced April 7 with Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, Microsoft, Nvidia, Palo Alto Networks and the Linux Foundation. Anthropic said it is committing up to $100 million in usage credits and $4 million in donations to open-source security groups. (anthropic.com) The White House signaled the concern was not limited to one private meeting. National Economic Council Director Kevin Hassett said on Fox News that Anthropic had agreed to hold back the model’s public release while officials worked through the risks. (news.bloomberglaw.com) The response has spread beyond the United States. Reuters reported on April 12 that officials at the Bank of England, the Financial Conduct Authority and His Majesty’s Treasury were in talks with the National Cyber Security Centre and major banks about risks from Anthropic’s latest model, and Bloomberg reported that the Bank of Canada and major Canadian lenders had also met. (reuters.com) (bloomberg.com) Anthropic’s own risk report said Mythos is its most capable model so far and is stronger at software engineering and cybersecurity tasks than earlier systems. That combination — more autonomy and more skill at finding weaknesses — is why a product launch turned into a financial-stability briefing within days. (anthropic.com) (bloomberg.com)