Anthropic’s latest AI model – Claude Mythos has sparked alarm among banks and regulatory authorities across the world

Banks are worried because AI isn’t just writing code anymore. It’s finding ways to break it. Anthropic’s latest AI model – Claude Mythos has already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser. Bugs missed for decades.

Project Glasswing¹ is a new initiative that brings together Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks in an effort to secure the world’s most critical software.

Official statement:

„We formed Project Glasswing because of capabilities we’ve observed in a new frontier model trained by Anthropic that we believe could reshape cybersecurity. Claude Mythos2 Preview is a general-purpose, unreleased frontier model that reveals a stark fact: AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities.

Mythos Preview has already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser. Given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely. The fallout – for economies, public safety, and national security – could be severe. Project Glasswing is an urgent attempt to put these capabilities to work for defensive purposes.

As part of Project Glasswing, the launch partners listed above will use Mythos Preview as part of their defensive security work; Anthropic will share what we learn so the whole industry can benefit. We have also extended access to a group of over 40 additional organizations that build or maintain critical software infrastructure so they can use the model to scan and secure both first-party and open-source systems. Anthropic is committing up to $100M in usage credits for Mythos Preview across these efforts, as well as $4M in direct donations to open-source security organizations.

Project Glasswing is a starting point. No one organization can solve these cybersecurity problems alone: frontier AI developers, other software companies, security researchers, open-source maintainers, and governments across the world all have essential roles to play. The work of defending the world’s cyber infrastructure might take years; frontier AI capabilities are likely to advance substantially over just the next few months. For cyber defenders to come out ahead, we need to act now.”

Project Glasswing has sparked alarm among regulatory authorities across the world

The US government was briefed on the Mythos model ahead of its public launch last week, on its “offensive and defensive cyber capabilities”.

On Tuesday, US Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell met with bank CEOs in Washington DC to discuss the dangers of the new model, sources reported to Bloomberg.

The meeting was convened to warn banks on the risks posed by Mythos. The CEOs that were reportedly present at the meeting were Citigroup, Morgan Stanley, Bank of America, Wells Fargo, and Goldman Sachs.

Also, according to Finextra, UK regulators are holding urgent talks with bank and cyber security authorities amid fears over the potential danger to critical infrastructure exposed by Anthropic’s latest AI model, Mythos.

Anthropic said last week that the model had already identified “thousands of high-severity vulnerabilities, including some in every major operating system and web browser”. The company added that some of these flaws had remained undetected for decades and warned that “the fallout – for economies, public safety, and national security – could be severe.”

In the UK, the central bank is convening with the FCA, HM Treasury, and the National Cyber Security Centre to assessed the potential for damage before reporting back with directions to financial institutions.

Linas Beliunas commented: „Thousands of zero-day vulnerabilities discovered in weeks by Mythos. Bugs missed for decades (27-year-old OpenBSD flaw, 16-year-old FFmpeg issue). 181 working Firefox exploits vs 2 from prior models. Chains exploits end-to-end (escape → access → execute) overnight.

That’s exactly why Anthropic didn’t release it. Instead, they gave it to a small group (AWS, Microsoft, JPMorgan) to patch critical infrastructure before others catch up.

And banks weren’t called in for curiosity. They were called in because:

→ Financial systems run on legacy code;
→ Legacy code is exactly what this model targets;
→ AI-assisted attacks don’t scale linearly, they cascade.

This is probably the first time regulators are treating AI like a direct threat to financial stability. Not a tool but a risk vector. Cyber risk might have just become systemic risk.„