Does Claude Mythos Threaten Financial Security? U.S. Treasury Secretary and Federal Reserve Chair Hold an Emergency Meeting to Warn of Risks

The U.S. Treasury Secretary and Federal Reserve Chair urgently convened top executives on Wall Street to issue a warning regarding Anthropic’s latest model, Mythos. The model has been classified by the authorities as a systemic risk to the financial system.

Finance ministers and top Fed officials urgently convene Wall Street executives as AI cyber threats escalate to systemic risk

According to a report by Bloomberg, U.S. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell held an emergency meeting with the CEOs of major banks on Wall Street at the Treasury Department headquarters in Washington, D.C. last week, warning about potential cybersecurity risks that Anthropic’s latest model, “Claude Mythos Preview,” may pose.

Bank executives attending the meeting included Jane Fraser, CEO of Citigroup; Ted Pick, CEO of Morgan Stanley; Brian Moynihan, CEO of Bank of America; Charlie Scharf, CEO of Wells Fargo; and David Solomon, CEO of Goldman Sachs. Jamie Dimon, CEO of JPMorgan Chase, was unable to attend. All of the above institutions have been designated by regulators as systemically important financial institutions.

This meeting was attended in person by the Treasury Secretary and the Federal Reserve Chair, which the industry views as an unusual move. In the past, government involvement in AI risk was mostly limited to working groups at the institutional level; now it has been elevated directly to a warning from the top leadership of the financial authorities, clearly signaling that the authorities have classified AI cyber threats as a systemic risk to financial system stability.

Mythos’ capabilities are astonishing—it can independently discover a large number of zero-day vulnerabilities

According to technical materials released by Anthropic the same day, Mythos has the ability to identify and exploit vulnerabilities across all mainstream operating systems and web browsers. In the testing phase, the model independently found thousands of previously unknown zero-day vulnerabilities, including a vulnerability in the security-oriented open-source operating system OpenBSD that had been lurking for as long as 27 years; in addition, the model also discovered a vulnerability in the multimedia processing library FFmpeg that even automated testing tools failed to detect after running 5 million times.

Anthropic research personnel emphasized that Mythos’ vulnerability-finding capability stems from overall progress in the model’s coding, reasoning, and autonomy—not from results deliberately trained for.

In a company statement, it said, “The same capability that makes a model more effective at fixing vulnerabilities also makes it more effective at exploiting vulnerabilities.” This highlights the dual nature of Mythos: the line between defense and attack is nearly erased in the face of models like this.

Anthropic refuses to publicly disclose details—launches the “Project Glasswing” to limit access

Because the capability is too powerful, Anthropic has decided not to publicly release Mythos to the outside world, instead adopting a strategy to restrict access, offering it only to certain partner companies. The company also announced the launch of a defensive cybersecurity collaboration program called “Project Glasswing,” working with more than 40 corporate partners including AWS, Apple, Cisco, Google, JPMorgan Chase, Microsoft, and NVIDIA, with the goal of proactively finding and patching vulnerabilities in key software before attackers move.

Image source: X/@AnthropicAI Anthropic also announced the launch of a defensive cybersecurity collaboration program called “Project Glasswing.”

Anthropic said, “Given the strength of the model’s capabilities, we are taking a cautious approach to how we release it. We are working with a small group of early-access customers to test the model, and we believe this is the most breakthrough generation we have built so far.”

The company also revealed that it has briefed government officials on offensive and defensive application scenarios for Mythos and continues to consult with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the AI Standards Innovation Center. The key focus of outside attention going forward is expected to center on how regulators will set release review standards for similar models, what specific defensive measures financial institutions should take, and whether coordination among international regulatory bodies can keep pace with the speed of technical evolution.

This article content is generated by the encrypted Agent that aggregates information from various parties, and is reviewed and edited by 《Encrypted City》; it is still in training and may contain logical bias or informational errors. The content is for reference only and should not be considered investment advice.