Anthropic Mythos alarm

On Tuesday, April 7, Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell called the chiefs of the biggest United States banks to Treasury headquarters after Anthropic disclosed that its new Claude Mythos Preview model could find and exploit previously unknown software flaws in major operating systems and web browsers. (bloomberg.com) (anthropic.com) Anthropic published its Mythos system card on April 7 and said the model showed a “striking leap” over Claude Opus 4.6, especially on coding and security tests. In a separate technical write-up, Anthropic’s red team said Mythos could identify and exploit zero-day vulnerabilities in every major operating system and every major web browser during testing. (anthropic.com) (red.anthropic.com) A zero-day vulnerability is a software bug the vendor does not know about yet, which means there is no patch when an attacker first uses it. If a model can chain several of those bugs together, it can turn a small crack into a break-in path across laptops, servers, and cloud systems. (red.anthropic.com) That is why the guest list mattered. Anthropic’s own Project Glasswing launch page says JPMorganChase joined Amazon Web Services, Apple, Cisco, Google, Microsoft, NVIDIA, Palo Alto Networks, and others as an early defensive partner using Mythos to find and fix weaknesses before criminals do. (anthropic.com) The banks in the Treasury meeting were not there to admire a new chatbot. They run payment rails, trading systems, custody platforms, and identity checks that move trillions of dollars, and a fast jump in machine-driven hacking ability changes the risk math for every one of those systems. (cnbc.com) (anthropic.com) Anthropic did not frame Mythos as a consumer launch. It framed it as a restricted model, said it had been released first inside the company and then to a small research-access group, and paired it with a security initiative backed by up to $100 million in usage credits and $4 million in donations to open-source security groups. (anthropic.com 1) (anthropic.com 2) (anthropic.com 3) The company’s alignment risk report was reassuring in one sense and unsettling in another. Anthropic wrote that Mythos appeared to be its best-aligned released model so far, but also said the model was more autonomous, more agentic, and much stronger at software engineering and cybersecurity than any earlier Claude system. (anthropic.com 1) (anthropic.com 2) That combination is what pulled economic officials into a cyber discussion. The Treasury Department worries about financial stability, the Federal Reserve worries about the plumbing of the banking system, and both have seen how a technical failure at one large institution can spread into a market-wide event within hours. (bloomberg.com) (cnbc.com) Anthropic’s own language shows why officials are treating this as a near-term problem, not a science-fiction one. The company said Mythos had already found thousands of high-severity vulnerabilities and warned that capabilities like this could spread beyond developers committed to safe deployment. (anthropic.com) So the real story is not that one model scared Washington for a day. It is that, as of April 2026, one frontier artificial intelligence company is telling banks, software vendors, and the United States government that the same tool that can help patch the internet can also expose how brittle the internet already is. (anthropic.com 1) (anthropic.com 2)