Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened an urgent meeting with the heads of major U.S. banks this week to warn them about escalating cybersecurity risks posed by Anthropic's latest artificial intelligence model, Mythos[1][3]. The April 8 gathering at Treasury headquarters represents a significant shift in how policymakers view AI-driven threats—no longer purely a technology issue, but a financial stability concern[3].
Mythos represents a watershed moment in artificial intelligence capability. Anthropic has described the model in stark terms, warning that AI systems have reached a level of coding proficiency where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities[3]. The company disclosed that it has "found thousands of high-severity vulnerabilities, including some in every major operating system and web browser"[3]. Because the model can identify these vulnerabilities with such precision, it could theoretically be used to exploit them just as effectively[4]. The stakes prompted Anthropic to limit the release to a small group of trusted partners, signaling the company's own recognition of the dual-use risks[1].
The message from Bessent and Powell was unmistakable: banks must prepare immediately. When top U.S. economic officials summon systemically important financial institutions to Washington, the implicit directive is clear—stress-test your systems, review access controls, and upgrade detection tools[3]. The concern centers on a fundamental vulnerability in current defenses: if artificial intelligence lowers the technical barrier for launching cyberattacks, existing security infrastructure may prove inadequate[3]. Banks attending the meeting included JPMorgan, Wells Fargo, Bank of America, and Citigroup[4].
Recognizing both the threat and potential benefit, Wall Street banks have begun testing Mythos internally, with Trump administration officials actively encouraging them to use the model to identify vulnerabilities before malicious actors do[2]. This dual approach reflects an emerging strategy: deploy the technology defensively while racing to patch exposed systems. Project Glasswing, an Anthropic initiative launched this week, aims to harness Mythos to find and fix critical vulnerabilities in collaboration with major tech partners like Amazon Web Services and Apple[4].
The implications extend beyond the banking sector. Experts warn that as Mythos-caliber technology proliferates, state actors and hackers will inevitably develop similar capabilities[4]. A serious cyber disruption at a major bank or clearing firm could shake market confidence and trigger significant compliance costs[3]. If regulators conclude that AI-driven attacks pose systemic risk, financial firms could face tighter regulatory standards and substantially higher operating costs[3]. The meeting also signals that policymakers across borders recognize the threat—Canada's central bank and major Canadian financial institutions held parallel discussions about the same concerns[4].
This moment underscores a paradox in the current AI race: progress is increasingly defined not by what companies release, but by what they hold back[1]. For financial institutions, the challenge is acute—they must simultaneously defend against threats that may not yet exist while adopting the very tools that could prevent catastrophic breaches.