Anthropic model sparks alarm

On Tuesday, April 8, Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell pulled top Wall Street bank chiefs into a short-notice meeting in Washington after Anthropic’s new Mythos model raised fears that software flaws could be found and abused much faster than banks can patch them. Reuters, CNBC, and Bloomberg all reported the meeting, and Bloomberg said the banks in the room were firms regulators already treat as systemically important. (reuters.com, cnbc.com, news.bloomberglaw.com) Anthropic did not launch Mythos like a normal chatbot. On April 7, the company said it was keeping Claude Mythos Preview on a limited rollout because the model was unusually good at finding weaknesses in software, and Anthropic said hackers could misuse that ability if access spread too widely. (cnbc.com, anthropic.com) A software vulnerability is a hidden mistake in code, like a building door that looks locked but opens if you press the frame in the right place. A zero-day vulnerability is worse: the owner does not know the door is broken yet, so there is no fix on the day an attacker first finds it. (red.anthropic.com, thehackernews.com) Anthropic’s own red-team site said Mythos Preview could identify and then exploit zero-day vulnerabilities in every major operating system and every major web browser during testing. That is why this did not stay inside Silicon Valley labs and landed on the desk of the Treasury Department and the Federal Reserve within 48 hours. (red.anthropic.com, cbsnews.com) Banks worry about this faster than most industries because they run old and new systems side by side: mobile apps on top, decades-old payment rails underneath. If a model can scan huge codebases and spot weak seams at machine speed, a single bug in a bank or a vendor can turn into a sector-wide problem. (federalreserve.gov, news.bloomberglaw.com) The banks called in were not random. The Federal Reserve says eight United States banking organizations are supervised as Global Systemically Important Banks as of February 2026, which means regulators already treat them as firms whose failure could shake the wider financial system. (federalreserve.gov, news.bloomberglaw.com) Bloomberg’s reporting said many executives were already in Washington for a Financial Services Forum gathering, which made a same-day emergency session possible. CNBC and CBS reported that JPMorgan Chase chief executive Jamie Dimon was invited but did not attend. (news.bloomberglaw.com, cnbc.com, cbsnews.com) This is not just a “bad actors might use it” story. Union-Bulletin, citing Bloomberg reporting, said some banks are now testing Mythos internally because the same tool that can help a criminal pick locks can also help a defender find every bad lock before anyone else does. (union-bulletin.com, moneycontrol.com) That creates the policy problem Bessent and Powell were trying to get ahead of: if only a few firms get access, they may defend themselves better than everyone else; if access spreads too fast, the same capability could hand attackers a map of weak points across finance, cloud software, and government systems. Anthropic’s Responsible Scaling Policy says the company is supposed to tighten safeguards as dangerous capabilities rise, and Mythos looks like the first big real-world test of that promise. (anthropic.com, reuters.com, red.anthropic.com) By Saturday, April 11, the concern had already crossed the Atlantic. Bloomberg reported that the Bank of England planned its own talks with financial institutions about Mythos, which is a sign regulators are treating this less like a product launch and more like the start of a new security era. (bloomberg.com, news.bloomberglaw.com)