Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell pulled the CEOs of America's largest banks into an emergency meeting at Treasury headquarters in Washington on Tuesday. The subject: Anthropic's Claude Mythos Preview, an AI model the company itself considers too dangerous to release publicly.
Citigroup's Jane Fraser, Morgan Stanley's Ted Pick, Bank of America's Brian Moynihan, Wells Fargo's Charlie Scharf, and Goldman Sachs' David Solomon all showed up, according to people familiar with the matter who spoke to Bloomberg. JPMorgan's Jamie Dimon was invited but couldn't make it. The bank chiefs were already in town for a Financial Services Forum board meeting when the special session was called.
What spooked the regulators
Mythos Preview, which Anthropic rolled out on April 7 to a restricted group of partners, can find and exploit software vulnerabilities with a proficiency that makes previous AI models look like amateurs. During testing, the model identified thousands of zero-day flaws across major operating systems and web browsers, including one in OpenBSD that had sat undetected for 27 years.
The kicker: none of this was intentional. Anthropic's safety report says the vulnerability-finding capability emerged from general improvements in coding and reasoning. "The same improvements that make the model substantially more effective at patching vulnerabilities also make it substantially more effective at exploiting them," the company wrote. That sentence should keep a few CISOs up tonight.
Why banks specifically
A White House spokesperson confirmed that Treasury plans to lead more coordination meetings with regulators and institutions on an ongoing basis, calling it part of "the first phases of a plan to ensure the United States and Americans are protected." The Fed declined to comment, which is the Fed's way of confirming something happened.
The financial sector's exposure here isn't abstract. Many large banks still run core systems on legacy code, the kind of aging infrastructure where zero-day vulnerabilities love to hide. JPMorgan Chase, notably, is already a Project Glasswing partner, meaning it has early access to Mythos for defensive scanning. The other banks at Tuesday's meeting? They're on the outside looking in.
The bigger mess
This meeting didn't happen in a vacuum. Anthropic is simultaneously fighting a designation from the Department of Defense as a supply chain risk to national security, a label slapped on after the company refused to let the Pentagon use its technology for autonomous weapons. So the same week Bessent and Powell are telling bankers to take Anthropic's model seriously, Secretary of War Pete Hegseth has barred federal contractors from using Anthropic's products entirely.
Cybersecurity stocks took the hint. Cloudflare dropped 8.6% and CrowdStrike fell 7.5% on April 9, partly because neither company made the Glasswing partner list. Being excluded from the room where the vulnerabilities get found first is, it turns out, a material risk.
Anthropic's head of frontier red teaming, Logan Graham, told Axios that other labs are six to eighteen months from producing models with comparable capabilities. OpenAI is reportedly finalizing something similar through its "Trusted Access for Cyber" program. So the window for defenders to get ahead is short, and shrinking.
Anthropic has committed up to $100 million in Mythos usage credits to Glasswing partners and $4 million to open-source security organizations. The next round of coordination meetings, per Treasury's statement, is already being planned.
