US Treasury Secretary Calls Bank Chiefs Meeting Over Anthropic Mythos Cybersecurity Risks

--- headline: "US Treasury Secretary Calls Bank Chiefs Meeting Over Anthropic Mythos Cybersecurity Risks" slug: treasury-mythos-cybersecurity-bank-chiefs category: policy story_number: 14 date: 2026-05-27 ---

Treasury Secretary Bessent and Fed Chair Powell summoned the CEOs of America's largest banks to a closed-door emergency session, warning that Anthropic's Mythos model poses a systemic cyber threat to the financial system.

When Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell jointly summon Wall Street's most powerful executives to an unscheduled meeting, the financial world takes notice. On April 7, the two officials did exactly that, convening the CEOs of five of America's six largest banks for an urgent, closed-door session at the Treasury Department focused on a single topic: the cybersecurity upheaval triggered by Anthropic's Claude Mythos Preview.

The meeting reflected a stark new reality. Mythos, announced just days earlier, had demonstrated an unprecedented ability to discover critical zero-day vulnerabilities in software -- the kind of flaws that, in the wrong hands, could allow attackers to breach banking systems, payment networks, and the digital infrastructure underpinning trillions of dollars in daily transactions.

Who Was in the Room

Bank of America CEO Brian Moynihan, Citigroup CEO Jane Fraser, Goldman Sachs CEO David Solomon, Morgan Stanley CEO Ted Pick, and Wells Fargo CEO Charles Scharf all attended. JPMorgan Chase CEO Jamie Dimon was the only major banking chief absent -- a notable detail given that JPMorgan was among the initial launch partners for Anthropic's defensive cybersecurity initiative, Project Glasswing.

The presence of both the Treasury Secretary and the Fed Chair underscored just how seriously the administration views AI-driven cyber risk. According to reporting from CNBC and Bloomberg, the meeting was described by attendees as a signal that advanced AI capabilities have become a top national security concern -- one that could threaten the very foundation of the U.S. financial system.

The Scale of the Threat

The numbers alone are staggering. Anthropic disclosed that Mythos had identified more than 10,000 high- or critical-severity vulnerabilities across critical software systems, including flaws in every major operating system and every major web browser. More alarming still, the company acknowledged that more than 99% of those vulnerabilities remained unpatched at the time of disclosure.

The model's power was illustrated vividly by a single case study: Mozilla reported that Mythos discovered 271 vulnerabilities in Firefox during a single evaluation pass, leading to the emergency release of Firefox 150 with patches for the most critical flaws. Three of those were assigned formal CVE identifiers -- CVE-2026-6746, CVE-2026-6757, and CVE-2026-6758.

For the banking sector, the implications are profound. Financial institutions rely on vast, interconnected software ecosystems -- from trading platforms to customer-facing mobile apps to back-end payment processing systems. A model that can find thousands of exploitable flaws in widely used software effectively collapses the traditional asymmetry of cybersecurity, where attackers need to find only one weakness while defenders must secure them all.

Project Glasswing: Defense Before Offense

Anthropic's response has been to pursue a controlled rollout rather than a broad public release. The company launched Project Glasswing, a cooperative initiative giving approximately 40 technology companies and major institutions early access to Mythos so they can identify and patch vulnerabilities in their own systems before the capability becomes widely available.

Launch partners include Amazon, Apple, Google, Microsoft, Nvidia, and Cloudflare, alongside JPMorgan Chase. The strategy is straightforward: give defenders a head start. Anthropic has framed the initiative as a way to ensure that the organizations responsible for critical infrastructure can harden their systems before adversaries gain access to comparable AI-driven exploit discovery.

Within days of the bank CEO meeting, the Treasury Department's own technology team moved to secure access to Mythos. Treasury Chief Information Officer Sam Corcos was reportedly working to gain access to the model so federal systems could begin their own vulnerability assessments, according to reporting from Semafor and Bloomberg.

What Comes Next

The April 7 meeting marked a turning point in how Washington thinks about AI and financial stability. Regulators have long focused on AI risks in terms of bias in lending algorithms or automated trading volatility. Mythos introduced a different kind of threat -- one where a single model can map the attack surface of an entire industry's digital infrastructure in hours rather than years.

For the banking sector, the immediate priority is clear: get inside the Glasswing tent and start patching. But the longer-term policy questions remain unresolved. How should regulators oversee AI models with dual-use cybersecurity capabilities? What disclosure obligations should apply when an AI discovers vulnerabilities in critical financial software? And what happens when the next Mythos-class model emerges from a company or government less inclined toward controlled release?

The Treasury and the Fed have put Wall Street on notice. The era of AI-driven cyber risk to the financial system is not a hypothetical -- it arrived on April 7, 2026, in a closed room with six of the most powerful people in American finance.