Regulators meet over 'Mythos' cyber risk

The people who run the United States Treasury Department and the United States central bank just called top Wall Street chiefs into an urgent meeting over one artificial intelligence system from Anthropic called Mythos. Bloomberg reported that Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell warned bank leaders that the model could sharply raise cyber risk. (bloomberg.com) This was not a public conference or a routine policy roundtable. Bloomberg and CNBC both described it as a closed-door warning to major bank chief executives about the possibility that a stronger model could help attackers find and use software flaws faster than defenders can patch them. (bloomberg.com) (cnbc.com) Banks worry about this because modern finance runs on layers of code the way a city runs on roads, pipes, and power lines. A single weakness in payment systems, trading systems, or customer logins can spread from one firm to another because the same vendors and networks connect much of Wall Street. (cnbc.com) (bloomberglaw.com) The fear is not that Mythos “hacks” by itself in some movie sense. The fear is that a model that can read code, spot weak points, and generate working attack steps could turn jobs that once took a skilled team and days of trial and error into something much faster and cheaper. (bloomberglaw.com) (coindesk.com) Anthropic has been publicly preparing for this kind of concern for months. In Version 3.0 of its Responsible Scaling Policy, published on February 24, 2026, the company said it uses capability thresholds and safeguard levels for models that may create “catastrophic risks,” including cyber risks from increasingly capable systems. (anthropic.com) That policy matters here because Anthropic’s own framework treats cyber capability as a safety problem, not just a product feature. The company says stronger models may require stronger deployment controls, evaluations, and internal oversight before wider release. (anthropic.com) The government side has numbers that explain the urgency. The Federal Bureau of Investigation said on April 6, 2026 that Americans lost nearly $21 billion to cyber-enabled crime in 2025, and it singled out cryptocurrency fraud and artificial-intelligence-linked scams as some of the costliest categories. (fbi.gov) The Federal Bureau of Investigation’s 2025 Internet Crime Report says total reported losses reached more than $20 billion for the first time, with investment fraud the biggest bucket and business email compromise still one of the most expensive attack types. Those are exactly the kinds of crimes that get more dangerous if software can write more convincing messages, automate reconnaissance, or tailor attacks at scale. (ic3.gov) (fbi.gov) That is why the meeting landed on Wall Street first instead of in a university lab or a consumer-tech forum. Big banks sit on payment rails, treasury operations, market plumbing, and identity data, so a tool that speeds up intrusion work does not just threaten one company’s server room; it threatens systems other companies and customers depend on every day. (bloomberg.com) (cnbc.com) The immediate story is not that a bank has been hit or that Anthropic has been accused of releasing a criminal tool. The immediate story is that the country’s top financial officials now think one jump in model capability is serious enough to brief chief executives in person before the damage shows up in quarterly filings. (bloomberg.com) (cnbc.com)