Banks warned on Anthropic cyber risks

Top United States regulators quietly summoned Wall Street bank chiefs to Washington last week to warn that Anthropic’s new artificial intelligence model could accelerate cyberattacks. (bloomberg.com) Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened the meeting at the Treasury Department on Tuesday, April 7, according to Bloomberg and Reuters. Bank of America’s Brian Moynihan, Citigroup’s Jane Fraser, Goldman Sachs’ David Solomon, Morgan Stanley’s Ted Pick and Wells Fargo’s Charlie Scharf attended; JPMorgan Chase chief executive Jamie Dimon did not. (bloomberg.com, reuters.com) The officials told banks to prepare for risks tied to Anthropic’s Claude Mythos Preview and similar systems, which regulators see as a possible source of a “new breed” of cyberattack against the financial system. Bloomberg reported the banks called in are all considered systemically important by regulators. (bloomberg.com) Claude Mythos Preview is a language model — software that predicts and generates code and text — and Anthropic says this one is unusually strong at finding holes in computer systems. In a technical post on April 7, the company said the model could identify and exploit zero-day vulnerabilities, meaning previously undiscovered flaws, in every major operating system and every major web browser during testing. (red.anthropic.com) Anthropic did not release Mythos broadly. Reuters reported the company limited access after saying the model could expose previously unknown vulnerabilities, and Anthropic said more than 99% of the flaws it found were still unpatched, so it withheld technical details. (reuters.com, red.anthropic.com) The banking meeting came as Anthropic launched Project Glasswing, a defensive-security program built around Mythos. Anthropic said April 7 that launch partners include Amazon Web Services, Apple, Cisco, Google, Microsoft, Nvidia and JPMorganChase, and that it had also extended access to more than 40 additional organizations that build or maintain critical software infrastructure. (anthropic.com) Anthropic said it is committing up to $100 million in usage credits and $4 million in donations to open-source security groups through Glasswing. The company said the goal is to help defenders fix weaknesses before attackers can use the same class of tools against them. (anthropic.com) The bank chiefs were already in Washington for meetings of the Financial Services Forum, which describes itself as the group representing the chief executives of the eight largest and most diversified financial institutions headquartered in the United States. That overlap let Treasury arrange the warning session on short notice. (bloomberg.com, fsforum.com) Anthropic had briefed senior United States officials before the release. CNBC reported the company was in ongoing discussions with the Cybersecurity and Infrastructure Security Agency and the Center for AI Standards and Innovation about the model’s offensive and defensive cyber capabilities. (cnbc.com) The immediate issue for banks is not that Mythos is being sold to consumers. It is that regulators now appear to be treating frontier artificial intelligence cyber tools the way they treat other systemic threats: something large banks must test for, defend against and assume rivals and criminals will eventually have. (bloomberg.com, anthropic.com)