Claude Mythos isn’t just wowing the tech community, but it’s creating ripples in somewhat far-removed sectors as well.
US Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened an urgent meeting at Treasury headquarters in Washington this Tuesday with the CEOs of Wall Street’s biggest banks. The subject: Anthropic’s Mythos model and the cybersecurity risks it — and models like it — could pose to the financial system. According to Bloomberg, which first reported the meeting, the CEOs of Citigroup, Morgan Stanley, Bank of America, Wells Fargo, and Goldman Sachs were present. JPMorgan CEO Jamie Dimon was unable to attend. The meeting was held while most major bank CEOs were already in Washington for other events.
The purpose, per people familiar with the matter, was not regulatory action — it was awareness. Regulators wanted to make sure banks understood the risks that Mythos and future similar models could pose, and were taking defensive steps accordingly. Mythos is capable of identifying and exploiting vulnerabilities across every major operating system and web browser; the concern is that the same capabilities being directed at defense under Project Glasswing could be turned against financial infrastructure if they proliferate to adversarial actors.
The context matters. Banking systems are among the most targeted infrastructure in the world. Anthropic previously documented what it described as the first AI-orchestrated cyber espionage campaign at scale — attributed with high confidence to a Chinese state-sponsored group — which targeted financial institutions alongside tech firms and government agencies. That attack used Claude Code, a far less capable system than Mythos. The regulators’ concern is straightforward: what that campaign demonstrated with a public model, a Mythos-class system could do far more efficiently and autonomously.
The timing is notable for another reason. JPMorganChase is itself a Project Glasswing partner — the bank has access to Mythos Preview for its own defensive security work. Pat Opet, JPMorganChase’s CISO, said at launch that the initiative represents “a unique, early stage opportunity to evaluate next-generation AI tools for defensive cybersecurity.” The Tuesday meeting suggests the government wanted to ensure that the banks not in that privileged group were equally prepared for the threat landscape it implies.
The meeting also sits against an awkward backdrop for Anthropic’s relationship with Washington. The company is currently in a legal dispute with the Pentagon, which designated it a “supply chain risk” to national security after the company refused to remove safeguards preventing its models from being used for mass domestic surveillance and fully autonomous weapons. The same government that is warning banks about Mythos’s capabilities is simultaneously locked in litigation with Anthropic over what those capabilities can be used for — a tension Anthropic itself acknowledged when it said it has been in “ongoing discussions with US government officials” about the model’s offensive and defensive potential.
Bessent and Powell’s decision to convene the meeting signals that regardless of how the Anthropic-Pentagon dispute resolves, regulators view Mythos-class AI as a systemic risk factor for financial infrastructure that warrants immediate attention. AI had already demonstrated an ability to find exploits in financial smart contracts worth millions of dollars in simulated attacks — that was with models well below Mythos-tier capability. At 83.1% on CyberGym’s vulnerability reproduction benchmark, Mythos operates in a different category entirely.
Anthropic has said Mythos will not be made publicly available until adequate safeguards are in place. But as the Treasury meeting makes clear, the gap between “not publicly released” and “not a risk to financial infrastructure” is one that policymakers are no longer treating as the same thing.