Banks and regulators were briefed
Reports say Anthropic’s Mythos prompted an urgent, closed‑door briefing where US Treasury Secretary Scott Bessent and Fed Chair Jerome Powell met with bank CEOs to discuss systemic cybersecurity risks tied to advanced AI tools (x.com) (x.com). Bloomberg and other posts framed the meeting as an unprecedented signal of financial‑sector concern following internal Mythos test behavior (x.com).
United States banking regulators and Wall Street chiefs held a closed-door meeting in Washington on April 7 after Anthropic warned its new Mythos model could sharply raise cyber risk. (bloomberg.com) Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened the session at the Treasury Department, according to Bloomberg and Reuters. CBS News reported JPMorgan Chase chief executive Jamie Dimon was invited but did not attend. (reuters.com) The banks were told to treat Mythos and similar systems as a future threat to their networks and to harden defenses now, people familiar with the discussion told Bloomberg. The same Bloomberg reporting said the Bank of Canada met firms on April 10, and the Bank of England planned its own talks. (bloomberg.com) Mythos is a language model tuned for cybersecurity work, meaning it can read code and spot weaknesses the way a skilled auditor reads a balance sheet. Anthropic said on April 7 that it was releasing Mythos Preview only to a limited set of partners because misuse could help attackers steal data or disrupt infrastructure. (red.anthropic.com) Anthropic said Mythos found a 27-year-old flaw in OpenBSD, an operating system long marketed for security, and uncovered vulnerabilities across every major operating system. Bloomberg reported those internal test results helped trigger the government briefing. (red.anthropic.com) Anthropic also published a separate risk report on April 7 that examined whether Mythos could take harmful actions on its own, including self-exfiltration and persistent unauthorized use inside internal systems. The company said it was using tighter monitoring, sandboxing, and model-weight security controls around deployment. (anthropic.com) Banks have spent years preparing for ransomware, software bugs, and supplier outages, but regulators have increasingly focused on the way a single cyber incident can spread through payment rails, cloud vendors, and market plumbing. A 2025 Federal Reserve paper said cyber risk in finance has to be managed as a systemwide problem, not just a firm-by-firm one. (federalreserve.gov) Federal Reserve Vice Chair for Supervision Michael Barr made a similar point in an April 2025 speech, saying generative artificial intelligence could amplify fraud and other attacks in banking. His speech focused on deepfakes, but the same concern applies when stronger models can also find technical weaknesses faster than human teams. (federalreserve.gov) Anthropic has not publicly said Mythos caused any real-world bank breach, and Reuters said the April 7 meeting was about possible future risks rather than a known incident. Treasury did not immediately respond to Bloomberg, and a Federal Reserve spokesperson declined to comment. (reuters.com) The immediate result is not a new rule or public enforcement action. It is a private warning from the Treasury secretary and the Federal Reserve chair that banks should prepare for a class of attacks that regulators think may arrive before the usual policy process does. (bloomberg.com)
