Mythos raises alarm

Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell called Wall Street chiefs into an urgent meeting this week over cyber risks tied to Anthropic’s new Mythos model. (bloomberg.com) Bloomberg reported the warning session happened after Anthropic released Mythos in preview form and limited access to a small group of companies instead of a broad launch. Reuters reported on April 9 that Anthropic held back a wider release because the model could expose previously unknown software vulnerabilities. (bloomberg.com) (reuters.com) Anthropic’s own system card says Mythos is its “most capable frontier model” and shows a large jump over Claude Opus 4.6 on coding and agent-style tasks. Anthropic also said the model’s cyber abilities were strong enough to justify a preview release rather than general availability. (anthropic.com) In plain terms, these models read code like a mechanic reads an engine, then point to weak parts that could break under pressure. Anthropic said Mythos finds more and higher-severity bugs than earlier systems and can turn some known but unpatched flaws into working exploits. (anthropic.com) That matters for banks because their payment rails, trading systems and core records sit on layers of old and new software. CBS News reported that Mythos has found weaknesses in every major computer operating system, raising fears that the same capability could be used against critical financial infrastructure. (cbsnews.com) The U.S. response has not been limited to warnings. Bloomberg reported that officials are also urging banks to test Mythos defensively, and that JPMorgan Chase was the only bank named publicly in the initial effort while Goldman Sachs, Citigroup and Bank of America also had access or expected it soon. (bloomberg.com) Anthropic is framing that work as Project Glasswing, a program that uses Mythos to scan critical software and share lessons from defensive testing. The company said it has extended access to more than 40 organizations that build or maintain critical software infrastructure. (anthropic.com) The concern is spreading beyond Washington. Bloomberg reported that the Bank of Canada and major Canadian banks and financial firms held a similar meeting on Friday, April 10, after the U.S. discussion earlier in the week. (bloomberg.com) Anthropic has not presented Mythos as an unrestricted product. Its public materials say the company is using system cards, restricted access and coordinated vulnerability disclosure to keep details of unpatched flaws from being released while organizations patch them. (anthropic.com 1) (anthropic.com 2) For now, the immediate question is not whether banks will use systems like Mythos, but how fast they can secure the code those systems can already inspect. That is why the first response from Bessent, Powell and the banks was a closed-door cyber briefing, not a public product launch. (bloomberg.com)