Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell called the heads of America's largest banks to an unscheduled meeting at Treasury headquarters in Washington on Tuesday to discuss a single topic: Anthropic's new AI model can find and exploit software vulnerabilities faster than anything the industry has seen before, and the financial system needs to prepare.
The bank CEOs, including Citi's Jane Fraser, Bank of America's Brian Moynihan, Goldman Sachs' David Solomon, Morgan Stanley's Ted Pick, and Wells Fargo's Charlie Scharf, were already in D.C. for a Financial Services Forum board meeting when the special session was convened. JPMorgan's Jamie Dimon was the only major bank chief who didn't attend.
What Mythos actually does
Anthropic released Claude Mythos Preview earlier this week under tight restrictions through what it calls Project Glasswing, a controlled deployment limited to 12 partner organizations and about 40 additional groups. The partners include Amazon, Apple, Microsoft, Nvidia, CrowdStrike, and Palo Alto Networks. Anthropic says it's committing up to $100 million in usage credits across the initiative.
The model wasn't specifically trained for cybersecurity. It's a general-purpose frontier model that turned out to be unnervingly good at finding holes in software. According to Anthropic's technical writeup, Mythos Preview identified thousands of zero-day vulnerabilities across every major operating system and web browser, many of them one to two decades old. The company says over 99% of the bugs it found remain unpatched, which is why it's sharing almost no details publicly.
The numbers that Anthropic is willing to share are striking. Its previous model, Opus 4.6, had a near-zero success rate at autonomous exploit development. Mythos Preview, tested against the same Firefox JavaScript engine vulnerabilities, developed working exploits 181 times out of several hundred attempts. Opus 4.6 managed it twice. That's not an incremental improvement. That's a different category of capability.
The awkward political backdrop
The timing here is genuinely strange. Bessent and Powell are treating Anthropic's model as a serious enough threat to warrant pulling bank CEOs out of their schedules, while the Trump administration is simultaneously trying to destroy the company.
The Pentagon designated Anthropic a supply chain risk in early March after the company refused to allow Claude to be used for autonomous weapons or mass surveillance. President Trump ordered federal agencies to stop using Anthropic's technology. A D.C. appeals court denied Anthropic's bid to block the blacklisting last week, though a San Francisco judge had earlier ruled in the company's favor, calling the designation "Orwellian." The legal fight continues on two fronts.
So the administration considers Anthropic a national security threat in one context and a critical cybersecurity partner in another. VP JD Vance and Bessent even held a phone call with tech CEOs the week before the Mythos release, including Anthropic's Dario Amodei alongside Elon Musk, Sundar Pichai, Sam Altman, and Satya Nadella, to discuss AI security risks. Nobody in Washington seems bothered by the contradiction.
London gets nervous too
The concern isn't staying domestic. According to Bloomberg, the Bank of England plans to put Mythos on the agenda at its Cross Market Operational Resilience Group and CMORG AI Taskforce meetings within the next two weeks. The Financial Conduct Authority, HM Treasury, and the National Cyber Security Centre are all involved. British banks, insurers, and exchanges will be briefed on the risks.
Canada moved even faster. Canadian bank executives and regulators met on Friday to discuss the implications.
"The dangers of getting this wrong are obvious, but if we get it right, there is a real opportunity to create a fundamentally more secure internet and world than we had before," Amodei wrote on X alongside the Glasswing announcement. That framing, the idea that the same tool that terrifies regulators is also the best defense against itself, is convenient for Anthropic. It might also be true, which is what makes this so complicated for everyone involved.
The Bank of England's CMORG meetings are expected within the next two weeks. Anthropic's Pentagon legal battle heads to expedited proceedings. And somewhere in all of this, over 99% of the vulnerabilities Mythos found are still sitting unpatched in software that runs the global financial system.
