Treasury Secretary Scott Bessent and Fed Chair Jerome Powell convened an pressing assembly with Wall Road leaders this week, bypassing the routine briefing cadence and pulling financial institution CEOs right into a direct dialog about AI-driven cyber threat.
Studies famous that the assembly aimed to make sure banks understood the dangers posed by Mythos and related fashions and had been already taking defensive steps.
When the Treasury secretary and the Fed chair collectively pull financial institution chiefs into an pressing room, they’re speaking that the danger is systemic.
The irony working by way of this episode is sharp.
On Mar. 2, the Treasury, State, and HHS moved to cease utilizing Anthropic merchandise, performing on a presidential directive, with Bessent publicly stating that Treasury was terminating all use.
On Mar. 9, the Basic Providers Administration terminated Anthropic’s government-wide contract. On Apr. 8, a federal appeals courtroom declined to dam the Pentagon’s blocklisting of Anthropic whereas litigation continues.
So, in the identical week, officers had been managing an energetic procurement and nationwide safety dispute with Anthropic, whereas additionally warning the nation’s largest banks to organize for the danger posed by Anthropic-class capabilities.
What Mythos really modified
The evidentiary foundation for the official alarm rests on Anthropic’s personal supplies, that are extra particular than typical mannequin launch claims.
Anthropic says Mythos has discovered 1000’s of high-severity vulnerabilities, together with flaws in each main working system and each main net browser, and that greater than 99% of them are nonetheless unpatched.
The corporate’s system card describes the mannequin as able to figuring out and exploiting zero-days throughout these platforms. That is the sort of functionality that, within the improper palms or launched with out coordination, compresses the timeline between vulnerability discovery and weaponized assault.
Anthropic’s response to its personal findings was to limit entry beneath a construction it calls Venture Glasswing, limiting launch to launch companions together with Amazon Net Providers, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan, the Linux Basis, Microsoft, Nvidia, and Palo Alto Networks, plus greater than 40 further organizations that construct or preserve important software program infrastructure.
Anthropic dedicated as much as $100 million in utilization credit and $4 million in donations to open-source safety organizations as a part of the hassle.
The corporate additionally says it briefed US officers and key stakeholders earlier than launch, which implies the Treasury assembly mirrored an knowledgeable official judgment grounded prematurely disclosure.
| Anthropic declare / reality | Why it issues to banks and regulators |
|---|---|
| Hundreds of high-severity vulnerabilities discovered | Suggests functionality will not be theoretical or slender |
| Flaws present in each main working system | Implies broad assault floor throughout shared infrastructure |
| Flaws present in each main net browser | Expands publicity past one vendor or one stack |
| Greater than 99% nonetheless unpatched | Raises urgency round protection timelines |
| Mannequin can determine and exploit zero-days | Compresses the hole between discovery and weaponization |
| Entry restricted beneath Venture Glasswing | Alerts even Anthropic considered launch as excessive threat |
| 40+ further infrastructure organizations concerned | Reveals concern extends past one firm to core software program ecosystems |
| Advance briefings to U.S. officers | Suggests the Treasury/Fed response was knowledgeable, not reactive theater |
Banks are on the middle of this concern as a result of they rely on the broader software program stack.
Treasury’s January 2025 Monetary Providers Sector Danger Administration Plan identifies cloud focus, software program provide chains, and rising applied sciences, together with AI, as prime sector dangers, warning that reliance on widespread distributors and software program creates situations for cascading failures.
Banks share cloud suppliers, software program distributors, cost rails, and clearing methods throughout the sector. A cyber functionality that may effectively discover and exploit unpatched zero-days throughout each main working system can hit an interconnected monetary system with compounding power.
On this panorama, shared infrastructure means a single class of vulnerability can attain each node concurrently.
The coverage observe making this an inevitability
On Feb. 18, Treasury introduced a public-private initiative explicitly designed to develop sensible instruments for monetary establishments to handle AI-specific cybersecurity dangers.
On Mar. 23, Treasury and the Monetary Stability Oversight Council launched an AI Innovation Sequence, stating that insights from it could inform Treasury and FSOC work on reinforcing resilience and monetary stability as AI embeds itself throughout core monetary features.
The Federal Reserve’s July 2025 cybersecurity report listed assessing AI dangers, bolstering cloud resilience, and exercising cyber-incident response plans amongst its joint FBIIC/FSSCC priorities.
Washington had additionally been constructing the conceptual framework for longer than that.
In June 2024, Treasury and FSOC hosted a convention on AI and monetary stability. At it, then-Secretary Yellen recognized opacity, insufficient threat administration, and focus amongst mannequin distributors, knowledge suppliers, and cloud suppliers as channels by way of which AI may create systemic vulnerabilities.
The FSB’s November 2024 AI report then codified 4 most important systemic-vulnerability channels: third-party dependencies and service-provider focus, market correlations, cyber dangers, and mannequin, knowledge, and governance failures.
The IMF had individually discovered that cyberattacks on monetary companies account for almost 20% of all incidents it studied, and that the scale of utmost losses had grown to $2.5 billion.
Mythos compelled officers to operationalize a threat framework they’d spent almost two years setting up.
| Date | Establishment | Occasion | Why it issues |
|---|---|---|---|
| Jun. 2024 | Treasury / FSOC | Convention on AI and monetary stability | Established early systemic-risk framing |
| Jun. 2024 | Yellen | Warned about opacity, weak threat administration, and focus | Recognized core vulnerability channels |
| Nov. 2024 | FSB | AI report on systemic-vulnerability channels | Worldwide coverage codification |
| Jan. 2025 | Treasury | Monetary Providers Sector Danger Administration Plan | Named cloud, provide chain, and AI as prime dangers |
| Jul. 2025 | Federal Reserve | Cybersecurity report | Included AI threat, cloud resilience, and incident workouts |
| Feb. 18, 2026 | Treasury | Public-private AI cyber initiative | Shift from principle to instruments |
| Mar. 23, 2026 | Treasury / FSOC | AI Innovation Sequence launched | Linked AI adoption to resilience and stability |
| Apr. 2026 | Treasury / Fed | Pressing financial institution CEO assembly | Operationalized the framework |
The contradiction between Washington’s procurement retreat and its monetary stability warning was, by design, run by way of two separate resolution tracks.
Slicing authorities contracts with a vendor on supply-chain or national-security grounds is a procurement and coverage resolution that flows by way of a single set of channels. Assessing whether or not a frontier mannequin’s cyber capabilities create new systemic threat for the monetary sector runs by way of a unique set solely.
The assembly makes clear that these channels reached the identical conclusion about functionality from reverse instructions, and that procurement officers moved to restrict the federal government’s publicity to Anthropic as a vendor.
Monetary stability officers moved to warn banks that what Anthropic had constructed posed a class of threat that warranted pressing consideration.
Each reactions presuppose the identical underlying judgment: that Mythos-class functionality carries real operational consequence.
The decision is that Washington’s concern about what Anthropic constructed survived Washington’s break with Anthropic as a vendor.
What may observe
Within the bull case, Venture Glasswing performs as designed.
Anthropic and its companions determine and patch materials vulnerabilities earlier than copycat capabilities attain open entry, banks take up the expertise as a structured resilience train, and the episode turns into the primary demonstration that frontier AI can ship a internet optimistic to cyber protection by discovering flaws quicker than adversaries can exploit them.
Anthropic’s restricted rollout, its accomplice set, and its useful resource commitments help this risk, as does the truth that officers acquired an advance briefing, coming into the dialog forward of public disclosure.
Within the bear case, further frontier fashions arrive with comparable or better offensive capabilities, or disclosures round Mythos reveal a extra compressed assault timeline than the present managed framing publicly acknowledges.
Treasury, the Fed, and monetary regulators then transfer from personal warnings to stricter supervisory expectations: stricter software program provenance necessities, obligatory vendor focus opinions, tighter incident reporting timelines, and extra rigorous operational resilience requirements for banks sharing widespread cloud or software program dependencies.
The FSB and Treasury supplies already provide the conceptual and regulatory foundation for that escalation. The IMF’s extreme-loss estimates and the FSB’s warnings about disruption to important monetary infrastructure clarify why officers moved to energetic preparation with out ready for a demonstrable incident.
How rapidly the offense-defense steadiness shifts as extra labs strategy related functionality ranges is the open variable in each situations.
Glasswing assumes that coordinated, managed entry can maintain the benefit lengthy sufficient for patches to shut the gaps Mythos discovered. That assumption holds solely so long as the hole between frontier entry and open entry stays extensive sufficient to present the hassle actual buy.
| Situation | Set off | Coverage response | Influence on banks |
|---|---|---|---|
| Bull case | Glasswing works, vulnerabilities get patched, entry stays managed | Continued closed-door coordination, restricted new guidelines | Banks deal with this as a resilience drill |
| Base case | Extra concern, however no seen incident | Extra steering, extra exams, extra vendor opinions | Greater compliance and patch-management strain |
| Bear case | Extra fashions present related offensive functionality | Tighter supervisory expectations, software program provenance guidelines, incident reporting strain | Larger operational burden and quicker management modifications |
| Tail threat | Materials disruption tied to shared software program/cloud publicity | Disaster-style coordination throughout Treasury, Fed, regulators | Market confidence and operational continuity turn into key issues |
Powell and Bessent’s resolution to convene financial institution CEOs on an pressing foundation is the clearest official acknowledgment that US officers imagine that distance is narrowing quicker than the monetary system’s present cyber posture can take up.
