Banks briefed on Anthropic model risks

U.S. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell called major bank chiefs into a special Washington meeting this week after Anthropic released a tightly restricted artificial intelligence model called Claude Mythos Preview. CNBC reported the meeting happened on Tuesday while the executives were already in town for a Financial Services Forum board gathering. (cnbc.com) The reason was not that banks had adopted the model. The reason was that Anthropic says the model is unusually good at finding software flaws, and officials worried that the same skill that helps defenders can also help attackers. (cnbc.com) A software vulnerability is a hidden mistake in code, like a bank vault door with the lock installed wrong. If nobody knows the mistake exists, a criminal who finds it can walk through before the owner even knows to fix it. (bloomberg.com) Anthropic says Mythos found thousands of high-severity “zero-day” vulnerabilities during testing. “Zero-day” means the developer had zero days of warning before the flaw became known, which is why those bugs are prized by hackers and intelligence agencies. (anthropic.com) The company says those findings included vulnerabilities in every major operating system and every major web browser. Bloomberg reported Anthropic’s internal testing also showed the model could identify and then exploit those flaws when a user asked it to do so. (anthropic.com) (bloomberg.com) That is why Anthropic did not put Mythos on the open market like a normal chatbot. On April 7, it said only a limited group of more than 40 companies would get access through a defensive security program called Project Glasswing. (cnbc.com) (anthropic.com) The launch partners were not random startups. Anthropic listed Amazon Web Services, Apple, Google, JPMorganChase, Microsoft, Nvidia, CrowdStrike, Palo Alto Networks, Cisco, Broadcom, and the Linux Foundation among the first organizations inside the program. (anthropic.com) The bank meeting shows how regulators now see this as a financial-stability problem, not just a technology story. CNBC said Bank of America’s Brian Moynihan, Citigroup’s Jane Fraser, Goldman Sachs’ David Solomon, Morgan Stanley’s Ted Pick, and Wells Fargo’s Charlie Scharf attended, while JPMorgan Chase chief executive Jamie Dimon was invited but could not make it. (cnbc.com) Banks sit on old software, payment rails, cloud systems, trading systems, and customer data all at once, so a tool that speeds up bug hunting can cut both ways. One model that helps defenders patch holes faster can also help criminals map weak spots across the same stack at machine speed. (americanbanker.com) (reuters.com) Anthropic has been preparing for this kind of moment in its own rulebook. Its Responsible Scaling Policy, updated on April 2, says the company can pause development or deployment when a model creates risks that need stronger safeguards. (anthropic.com) So the new fact here is not just that Anthropic built a powerful cyber model. It is that, within days of its April 7 rollout, the heads of the Treasury Department, the Federal Reserve, major banks, and Anthropic were all treating one model’s bug-finding ability as something that belongs in the boardroom. (cnbc.com 1) (cnbc.com 2)