Banks Warned on Anthropic
U.S. regulators privately summoned bank chiefs to warn about cyber risks tied to Anthropic’s latest AI model, treating its deployment as a systemic operational concern rather than a narrow procurement question. The meetings, reported by multiple outlets, framed frontier-model capabilities as a risk to critical infrastructure and bank operations. That signals organisations must treat powerful models as part of their threat surface, not just a tool vendors provide. (theguardian.com) (nytimes.com)
Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell called top Wall Street chiefs into Washington this week for a private warning about one company’s new artificial intelligence model, not a bank failure, a rate move, or a sanctions shock. Reuters and Bloomberg both reported that the officials framed Anthropic’s latest model as a cyber risk serious enough to discuss at the chief executive level. (usnews.com) (bloomberg.com) The unusual part is that regulators were not talking about a software contract or a vendor review. They were warning that a frontier model could help find and exploit weaknesses across the computer systems banks rely on every day. (usnews.com) (theguardian.com) Anthropic’s model is called Claude Mythos Preview, and the company says it is its most capable frontier model so far. In its own system card, Anthropic said the jump in capability was large enough that it chose not to make the model generally available. (anthropic.com) Anthropic also said Mythos can identify and exploit weaknesses across major operating systems and major web browsers. That is the kind of skill a bank security team wants for defense and a criminal group wants for intrusion. (usnews.com) (anthropic.com) That is why Anthropic launched Project Glasswing on April 7 with partners including Amazon Web Services, Apple, Cisco, Google, Microsoft, NVIDIA, Palo Alto Networks, and JPMorganChase. The pitch was simple: give defenders early access so they can patch critical software before attackers catch up. (anthropic.com) Anthropic said more than 40 additional organizations that build or maintain critical software infrastructure also got access, along with up to $100 million in usage credits and $4 million in donations to open-source security groups. The company described the shift in blunt terms, saying artificial intelligence capabilities had crossed a threshold that changed the urgency of protecting critical infrastructure. (anthropic.com) The bank meeting shows regulators are treating that threshold as a financial-stability problem, not just a technology story. When banks clear payments, hold deposits, finance companies, and connect to markets, a cyber weakness at one large institution can spill into the rest of the system fast. (bloomberg.com) (theguardian.com) Reuters reported that invitations went out while many of the biggest bank chiefs were already in Washington, and Bloomberg said executives from Citigroup, Morgan Stanley, Bank of America, Wells Fargo, and Goldman Sachs attended. JPMorgan Chase chief executive Jamie Dimon did not join, according to Reuters. (usnews.com) (bloomberg.com) Anthropic had already been talking with U.S. officials before the release. Reuters said the company briefed senior government officials and key industry stakeholders in advance about Mythos’s offensive and defensive cyber capabilities. (usnews.com) The bigger change here is who now owns the problem inside large organizations. A model like this no longer sits only with the procurement team or the innovation lab; it lands with the chief information security officer, the chief risk officer, the board, and the regulator at the same time. (theguardian.com) (anthropic.com) That is why this meeting landed with bank chiefs instead of software buyers. The warning was not “be careful using artificial intelligence,” but “assume powerful models are now part of the threat environment around critical infrastructure.” (bloomberg.com) (theguardian.com)
