Banks briefed on Anthropic risk

On Tuesday in Washington, Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell called bank chiefs into an urgent meeting about one company’s artificial intelligence model, which is not a normal thing for either office to do. CNBC and Reuters both reported the discussion centered on Anthropic’s new Mythos system and the cyber risks it could create for the financial system. (cnbc.com) (aol.com) The reason bankers got pulled in is simple: banks run on software, and software has bugs. If a model gets unusually good at finding hidden flaws in code, it can act like a master key tester running through millions of locks far faster than human security teams can. (anthropic.com) (red.anthropic.com) Anthropic says Mythos can identify and exploit “zero-day” vulnerabilities, which are software flaws unknown to the company that made the software. In its own write-up, Anthropic said Mythos found these kinds of weaknesses in every major operating system and every major web browser during testing. (red.anthropic.com) (anthropic.com) That is why Anthropic did not put Mythos on the open market like a normal product launch. Instead, it folded the model into Project Glasswing, a gated program announced April 7 that gives early access to defenders at companies including Amazon Web Services, Apple, Google, Microsoft, NVIDIA, Palo Alto Networks, CrowdStrike, Cisco, Broadcom, the Linux Foundation, and JPMorganChase. (anthropic.com 1) (anthropic.com 2) Anthropic’s pitch is that defenders need a head start before attackers get tools this capable. The company said it also extended access to more than 40 additional organizations that build or maintain critical software infrastructure so they can scan their own systems and open-source code before a wider release ever happens. (anthropic.com) (cnbc.com) The banking angle comes from concentration. A handful of core vendors, cloud platforms, and open-source components sit underneath huge parts of the financial system, so one serious bug can spread risk across many firms at once, which is why Treasury and the Federal Reserve treated this like a system issue instead of one company’s product problem. (cnbc.com) (bloomberg.com) Markets heard the same warning and sold first. Cloudflare closed at $166.99 on April 10, down 13.50% for the day, as investors dumped cybersecurity and internet infrastructure names amid fears that stronger artificial intelligence agents could scramble who wins and loses in online security. (stockanalysis.com) (seekingalpha.com) Part of that selloff came from timing. Two days before the bank-meeting story broke, Anthropic launched Claude Managed Agents, a product for building cloud-hosted artificial intelligence agents, and investors read the back-to-back announcements as a sign that Anthropic was moving from chatbot maker toward infrastructure platform. (claude.com) (anthropic.com) This also lands in the middle of Anthropic’s expected initial public offering story. Fortune reported that the company, valued around $380 billion, is trying to turn a safety decision that limits short-term distribution into proof that it can handle frontier systems without waiting for regulators to force its hand. (fortune.com) (aol.com) The strange part of this story is that the product was not launched broadly, yet it still moved Washington and Wall Street in the same week. A model that stays behind a gate can still reset the map if it convinces the Treasury Department, the Federal Reserve, and the biggest banks that the lock-picking machines just got much better. (cnbc.com) (red.anthropic.com)