Does Claude Mythos Pose a Threat to Financial Security? U.S. Treasury Secretary and Federal Reserve Chair Hold an Emergency Meeting to Warn of Risks

U.S. Treasury Secretary and Federal Reserve Chairmen urgently convened Wall Street executives to issue a warning about Anthropic’s latest model, Mythos. The model has been classified by authorities as a systemic risk to the financial system.

Finance chiefs urgently convene Wall Street leaders; AI cyber threats are upgraded to systemic risk

According to a report by Bloomberg, U.S. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell urgently convened Wall Street’s major bank CEOs last week at the Treasury Department headquarters in Washington, D.C., to issue warnings about potential cybersecurity risks posed by the AI company Anthropic’s latest model, “Claude Mythos Preview.”

Bank executives attending the meeting included Citigroup CEO Jane Fraser, Morgan Stanley CEO Ted Pick, Bank of America CEO Brian Moynihan, Wells Fargo CEO Charlie Scharf, and Goldman Sachs CEO David Solomon; JPMorgan Chase CEO Jamie Dimon was unable to attend. All of the above institutions have been designated by regulators as systemically important financial institutions.

The meeting was personally attended by the Treasury Secretary and the Fed chair, which industry observers viewed as an unusual move. In the past, government intervention on AI risk often stayed at the working-group level within institutions; now, it has been directly escalated to a warning delivered personally by the highest leaders of the financial authorities, clearly signaling that authorities have classified AI cyber threats as a systemic risk to the stability of the financial system.

Mythos model’s capabilities are astonishing; it can autonomously uncover large numbers of zero-day vulnerabilities

According to technical documentation published by Anthropic on the same day, Mythos is capable of identifying and exploiting vulnerabilities across all mainstream operating systems and web browsers. In the testing phase, the model autonomously found thousands of previously unknown zero-day vulnerabilities, including a vulnerability lurking for as long as 27 years in the security-oriented open-source operating system OpenBSD; in addition, the model also discovered a vulnerability in the video and audio processing library FFmpeg that automated testing tools still failed to detect even after running 5M times of procedures.

Anthropic researchers emphasized that Mythos’s ability to discover vulnerabilities stems from overall progress in the model’s coding, reasoning, and autonomy, rather than results from deliberately training it to do so.

In a statement, the company said, “The same capability that makes the model more effective at patching vulnerabilities also makes it more effective at exploiting vulnerabilities.” This highlights Mythos’s dual nature: the line between defense and attack all but disappears in the face of models like this.

Anthropic refuses to publicly disclose; limits access by launching the “Project Glasswing”

Because the capabilities are too powerful, Anthropic decided not to publicly release Mythos and instead adopted a strategy to limit access, opening it only to certain partner enterprises. The company also announced the launch of a defensive cybersecurity collaboration program called “Project Glasswing,” working with more than 40 enterprise partners including AWS, Apple, Cisco, Google, JPMorgan Chase, Microsoft, NVIDIA, and others, with the goal of proactively finding and patching vulnerabilities in key software before attackers strike.

Photo source: X/@AnthropicAI Anthropic also simultaneously announced the launch of a defensive cybersecurity collaboration program called “Project Glasswing”

Anthropic said: “Given the powerful capabilities of the model, we are taking a cautious approach to how we release it. We are currently working with a small group of early access customers to test the model, and we believe this is the most breakthrough generation we have built so far.”

The company also disclosed that it has briefed government officials on the offensive and defensive application scenarios of Mythos, and continues discussions with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the AI Standards Innovation Center. The focus of subsequent outside attention centers on how regulators will set release review standards for similar models, what specific defensive measures financial institutions should take, and whether coordination among international regulators can keep pace with the speed of technological evolution.

This article is generated by a consolidated encryption Agent’s compilation of information from various parties, and has been reviewed and edited by 《Crypto City》; it is still in the training stage and may contain logical deviations or information errors. The content is for reference only and should not be regarded as investment advice.