AI meets cybersecurity alliances

A bank and an artificial intelligence lab are suddenly in the same room for the same reason: software bugs. On April 9, JPMorgan Chase joined Project Glasswing, a coalition using advanced language models to find security holes before criminals do. (finance.yahoo.com) Project Glasswing started days earlier when Anthropic said it would give a small set of large partners access to Claude Mythos Preview, a model built to spot and help fix software vulnerabilities in critical systems. Anthropic said it would not release the model publicly. (cnbc.com) (cyberscoop.com) A software vulnerability is a hidden flaw in code, like a back door left unlocked in a building no one has inspected in years. Anthropic said Mythos found thousands of flaws, and Politico reported the company said more than 99 percent of the vulnerabilities it identified were still unpatched. (politico.com) That creates a strange new problem: the same tool that helps defenders can also help attackers. Anthropic said Mythos was capable of exploiting vulnerabilities in every major operating system and internet browser, which is why the company limited access instead of shipping it like a normal product. (politico.com) (cnbc.com) JPMorgan’s move matters because banks run on old and new code at the same time. A large bank can have payment rails, trading systems, mobile apps, cloud services, and vendor software all talking to each other, so one overlooked bug can become a chain reaction. (finance.yahoo.com) The coalition is not just Anthropic and JPMorgan Chase. Reports on the launch said partners include Amazon Web Services, Apple, Broadcom, Cisco, Cloudflare, CrowdStrike, Google, Microsoft, Palo Alto Networks, and Zendesk, which turns the project into a cross-industry test bed instead of a private lab exercise. (venturebeat.com) (cyberscoop.com) Regulators noticed immediately. On April 9, a European Commission spokesperson told Politico the staged rollout was welcome because the model carried potential for large-scale cyber risk, and said providers of general-purpose artificial intelligence models are expected to ensure an adequate level of cybersecurity protection. (politico.eu) Washington is looking at the same issue through a national security lens. Nextgov reported Anthropic briefed senior United States officials on a model that had already uncovered thousands of vulnerabilities, which pushes this out of the “new chatbot” category and into critical infrastructure planning. (nextgov.com) This is the shift underneath the headlines: artificial intelligence is no longer just writing emails, summarizing meetings, or helping programmers autocomplete code. It is being trained and governed like a lockpick that can also act like a locksmith, depending on who gets access and what guardrails hold. (asisonline.org) (techcrunch.com) For banks, insurers, and other heavily regulated firms, that changes the buying checklist. A model now has to be tested not just for accuracy and speed, but for who can prompt it, what systems it can touch, how it behaves under attack, and how fast a company can shut it down if something goes wrong. (insurancejournal.com) (finance.yahoo.com) The old question was whether artificial intelligence could help cybersecurity teams work faster. The new question, after Anthropic’s Mythos rollout and JPMorgan’s Glasswing decision in April 2026, is whether companies can deploy these models without turning their own security tools into a new source of risk. (cnbc.com) (finance.yahoo.com)