Treasury Secretary Scott Bessent and Fed Chair Jerome Powell convened an pressing assembly with Wall Road leaders this week, bypassing the routine briefing cadence and pulling financial institution CEOs right into a direct dialog about AI-driven cyber danger.
Stories famous that the assembly aimed to make sure banks understood the dangers posed by Mythos and comparable fashions and had been already taking defensive steps.
When the Treasury secretary and the Fed chair collectively pull financial institution chiefs into an pressing room, they’re speaking that the chance is systemic.
The irony working by way of this episode is sharp.
On Mar. 2, the Treasury, State, and HHS moved to cease utilizing Anthropic merchandise, performing on a presidential directive, with Bessent publicly stating that Treasury was terminating all use.
On Mar. 9, the Common Providers Administration terminated Anthropic’s government-wide contract. On Apr. 8, a federal appeals courtroom declined to dam the Pentagon’s blocklisting of Anthropic whereas litigation continues.
So, in the identical week, officers had been managing an lively procurement and nationwide safety dispute with Anthropic, whereas additionally warning the nation’s largest banks to organize for the chance posed by Anthropic-class capabilities.
What Mythos truly modified
The evidentiary foundation for the official alarm rests on Anthropic’s personal supplies, that are extra particular than typical mannequin launch claims.
Anthropic says Mythos has discovered hundreds of high-severity vulnerabilities, together with flaws in each main working system and each main internet browser, and that greater than 99% of them are nonetheless unpatched.
The corporate’s system card describes the mannequin as able to figuring out and exploiting zero-days throughout these platforms. That is the form of functionality that, within the unsuitable fingers or launched with out coordination, compresses the timeline between vulnerability discovery and weaponized assault.
Anthropic’s response to its personal findings was to limit entry beneath a construction it calls Mission Glasswing, limiting launch to launch companions together with Amazon Net Providers, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan, the Linux Basis, Microsoft, Nvidia, and Palo Alto Networks, plus greater than 40 further organizations that construct or keep vital software program infrastructure.
Anthropic dedicated as much as $100 million in utilization credit and $4 million in donations to open-source safety organizations as a part of the hassle.
The corporate additionally says it briefed US officers and key stakeholders earlier than launch, which implies the Treasury assembly mirrored an knowledgeable official judgment grounded upfront disclosure.
| Anthropic declare / reality | Why it issues to banks and regulators |
|---|---|
| Hundreds of high-severity vulnerabilities discovered | Suggests functionality shouldn’t be theoretical or slim |
| Flaws present in each main working system | Implies broad assault floor throughout shared infrastructure |
| Flaws present in each main internet browser | Expands publicity past one vendor or one stack |
| Greater than 99% nonetheless unpatched | Raises urgency round protection timelines |
| Mannequin can establish and exploit zero-days | Compresses the hole between discovery and weaponization |
| Entry restricted beneath Mission Glasswing | Alerts even Anthropic considered launch as excessive danger |
| 40+ further infrastructure organizations concerned | Reveals concern extends past one firm to core software program ecosystems |
| Advance briefings to U.S. officers | Suggests the Treasury/Fed response was knowledgeable, not reactive theater |
Banks are on the middle of this concern as a result of they depend upon the broader software program stack.
Treasury’s January 2025 Monetary Providers Sector Threat Administration Plan identifies cloud focus, software program provide chains, and rising applied sciences, together with AI, as high sector dangers, warning that reliance on widespread distributors and software program creates circumstances for cascading failures.
Banks share cloud suppliers, software program distributors, cost rails, and clearing techniques throughout the sector. A cyber functionality that may effectively discover and exploit unpatched zero-days throughout each main working system can hit an interconnected monetary system with compounding drive.
On this panorama, shared infrastructure means a single class of vulnerability can attain each node concurrently.
The coverage observe making this an inevitability
On Feb. 18, Treasury introduced a public-private initiative explicitly designed to develop sensible instruments for monetary establishments to handle AI-specific cybersecurity dangers.
On Mar. 23, Treasury and the Monetary Stability Oversight Council launched an AI Innovation Collection, stating that insights from it could inform Treasury and FSOC work on reinforcing resilience and monetary stability as AI embeds itself throughout core monetary capabilities.
The Federal Reserve’s July 2025 cybersecurity report listed assessing AI dangers, bolstering cloud resilience, and exercising cyber-incident response plans amongst its joint FBIIC/FSSCC priorities.
Washington had additionally been constructing the conceptual framework for longer than that.
In June 2024, Treasury and FSOC hosted a convention on AI and monetary stability. At it, then-Secretary Yellen recognized opacity, insufficient danger administration, and focus amongst mannequin distributors, knowledge suppliers, and cloud suppliers as channels by way of which AI may create systemic vulnerabilities.
The FSB’s November 2024 AI report then codified 4 fundamental systemic-vulnerability channels: third-party dependencies and service-provider focus, market correlations, cyber dangers, and mannequin, knowledge, and governance failures.
The IMF had individually discovered that cyberattacks on monetary corporations account for practically 20% of all incidents it studied, and that the dimensions of utmost losses had grown to $2.5 billion.
Mythos compelled officers to operationalize a danger framework that they had spent practically two years developing.
| Date | Establishment | Occasion | Why it issues |
|---|---|---|---|
| Jun. 2024 | Treasury / FSOC | Convention on AI and monetary stability | Established early systemic-risk framing |
| Jun. 2024 | Yellen | Warned about opacity, weak danger administration, and focus | Recognized core vulnerability channels |
| Nov. 2024 | FSB | AI report on systemic-vulnerability channels | Worldwide coverage codification |
| Jan. 2025 | Treasury | Monetary Providers Sector Threat Administration Plan | Named cloud, provide chain, and AI as high dangers |
| Jul. 2025 | Federal Reserve | Cybersecurity report | Included AI danger, cloud resilience, and incident workout routines |
| Feb. 18, 2026 | Treasury | Public-private AI cyber initiative | Shift from idea to instruments |
| Mar. 23, 2026 | Treasury / FSOC | AI Innovation Collection launched | Linked AI adoption to resilience and stability |
| Apr. 2026 | Treasury / Fed | Pressing financial institution CEO assembly | Operationalized the framework |
The contradiction between Washington’s procurement retreat and its monetary stability warning was, by design, run by way of two separate determination tracks.
Slicing authorities contracts with a vendor on supply-chain or national-security grounds is a procurement and coverage determination that flows by way of a single set of channels. Assessing whether or not a frontier mannequin’s cyber capabilities create new systemic danger for the monetary sector runs by way of a special set completely.
The assembly makes clear that these channels reached the identical conclusion about functionality from reverse instructions, and that procurement officers moved to restrict the federal government’s publicity to Anthropic as a vendor.
Monetary stability officers moved to warn banks that what Anthropic had constructed posed a class of danger that warranted pressing consideration.
Each reactions presuppose the identical underlying judgment: that Mythos-class functionality carries real operational consequence.
The decision is that Washington’s concern about what Anthropic constructed survived Washington’s break with Anthropic as a vendor.
What may comply with
Within the bull case, Mission Glasswing performs as designed.
Anthropic and its companions establish and patch materials vulnerabilities earlier than copycat capabilities attain open entry, banks take in the expertise as a structured resilience train, and the episode turns into the primary demonstration that frontier AI can ship a web optimistic to cyber protection by discovering flaws sooner than adversaries can exploit them.
Anthropic’s restricted rollout, its companion set, and its useful resource commitments assist this risk, as does the truth that officers acquired an advance briefing, coming into the dialog forward of public disclosure.
Within the bear case, further frontier fashions arrive with comparable or larger offensive capabilities, or disclosures round Mythos reveal a extra compressed assault timeline than the present managed framing publicly acknowledges.
Treasury, the Fed, and monetary regulators then transfer from personal warnings to stricter supervisory expectations: stricter software program provenance necessities, obligatory vendor focus evaluations, tighter incident reporting timelines, and extra rigorous operational resilience requirements for banks sharing widespread cloud or software program dependencies.
The FSB and Treasury supplies already provide the conceptual and regulatory foundation for that escalation. The IMF’s extreme-loss estimates and the FSB’s warnings about disruption to vital monetary infrastructure clarify why officers moved to lively preparation with out ready for a demonstrable incident.
How shortly the offense-defense steadiness shifts as extra labs strategy comparable functionality ranges is the open variable in each eventualities.
Glasswing assumes that coordinated, managed entry can maintain the benefit lengthy sufficient for patches to shut the gaps Mythos discovered. That assumption holds solely so long as the hole between frontier entry and open entry stays extensive sufficient to provide the hassle actual buy.
| State of affairs | Set off | Coverage response | Impression on banks |
|---|---|---|---|
| Bull case | Glasswing works, vulnerabilities get patched, entry stays managed | Continued closed-door coordination, restricted new guidelines | Banks deal with this as a resilience drill |
| Base case | Extra concern, however no seen incident | Extra steerage, extra exams, extra vendor evaluations | Larger compliance and patch-management strain |
| Bear case | Extra fashions present comparable offensive functionality | Tighter supervisory expectations, software program provenance guidelines, incident reporting strain | Higher operational burden and sooner management modifications |
| Tail danger | Materials disruption tied to shared software program/cloud publicity | Disaster-style coordination throughout Treasury, Fed, regulators | Market confidence and operational continuity change into key considerations |
Powell and Bessent’s determination to convene financial institution CEOs on an pressing foundation is the clearest official acknowledgment that US officers imagine that distance is narrowing sooner than the monetary system’s present cyber posture can take in.
