U.S. officials warn banks about cybersecurity risks tied to Anthropic's Mythos AI model

U.S. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell reportedly met earlier this week with Wall Street bank chief executives to warn about cybersecurity risks tied to a new artificial intelligence model from Anthropic.

Meeting with major banks

Bloomberg reported that the meeting included executives from Citigroup, Bank of America, Wells Fargo, Morgan Stanley, and Goldman Sachs. Officials discussed Anthropic’s new AI model, Mythos, which has drawn broad concern over its apparent ability to identify and exploit software vulnerabilities.

The officials said the purpose of the meeting was to ensure banks understand the risks posed by systems capable of finding and exploiting vulnerabilities across operating systems and web browsers, and to encourage institutions to strengthen defenses against potential AI-assisted cyberattacks targeting financial infrastructure.

Why the model is raising concerns

Security researchers have warned that tools capable of automatically discovering vulnerabilities could both speed up defensive security work and enable malicious hacking if misused.

Mythos first surfaced online in March after draft materials about the system leaked, showing what Anthropic described as its most capable AI model yet. In testing, the system reportedly identified thousands of previously unknown software vulnerabilities, including zero-day flaws across major operating systems and web browsers.

Anthropic’s explanation and access restrictions

Anthropic researchers said in a report earlier this week that Mythos Preview’s vulnerability-discovery capabilities were not intentionally trained. Instead, they said the capabilities emerged from broader improvements in the model’s coding, reasoning, and autonomy.

“The same improvements that make the model substantially more effective at patching vulnerabilities also make it substantially more effective at exploiting them,” the firm wrote.

Because of those capabilities, Anthropic has restricted access to a small group of cybersecurity organizations. In a statement, the company said it is being deliberate about how it releases the model and that it is working with a small group of early access customers to test it.

“Given the strength of its capabilities, we’re being deliberate about how we release it,” Anthropic said. “As is standard practice across the industry, we’re working with a small group of early access customers to test the model. We consider this model a step change and the most capable we’ve built to date.”

Project Glasswing

To address the risk, Anthropic said it is testing Mythos through Project Glasswing, a collaboration with major technology and cybersecurity companies. The effort uses the model to identify and patch vulnerabilities in critical software before attackers can exploit them.

“Project Glasswing is a starting point. No one organization can solve these cybersecurity problems alone,” the company said. “Frontier AI developers, other software companies, security researchers, open-source maintainers, and governments across the world all have essential roles to play.”

Anthropic did not immediately respond to Decrypt’s request for comment.