Treasury Secretary Scott Bessent and Fed Chair Jerome Powell convened an urgent meeting with Wall Street leaders this week, bypassing the routine briefing cadence and pulling bank CEOs into a direct conversation about AI-driven cyber risk.
Reports noted that the meeting aimed to ensure banks understood the risks posed by Mythos and similar models and were already taking defensive steps.
When the Treasury secretary and the Fed chair jointly pull bank chiefs into an urgent room, they are communicating that the risk is systemic.
The irony running through this episode is sharp.
On Mar. 2, the Treasury, State, and HHS moved to stop using Anthropic products, acting on a presidential directive, with Bessent publicly stating that Treasury was terminating all use.
On Mar. 9, the General Services Administration terminated Anthropic’s government-wide contract. On Apr. 8, a federal appeals court declined to block the Pentagon’s blocklisting of Anthropic while litigation continues.
So, in the same week, officials were managing an active procurement and national security dispute with Anthropic, while also warning the country’s largest banks to prepare for the risk posed by Anthropic-class capabilities.
What Mythos actually changed
The evidentiary basis for the official alarm rests on Anthropic’s own materials, which are more specific than typical model launch claims.
Anthropic says Mythos has found thousands of high-severity vulnerabilities, including flaws in every major operating system and every major web browser, and that more than 99% of them are still unpatched.
The company’s system card describes the model as capable of identifying and exploiting zero-days across those platforms. This is the kind of capability that, in the wrong hands or released without coordination, compresses the timeline between vulnerability discovery and weaponized attack.
Anthropic’s response to its own findings was to restrict access under a structure it calls Project Glasswing, limiting release to launch partners including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks, plus more than 40 additional organizations that build or maintain critical software infrastructure.
Anthropic committed up to $100 million in usage credits and $4 million in donations to open-source security organizations as part of the effort.
The company also says it briefed US officials and key stakeholders before release, which means the Treasury meeting reflected an informed official judgment grounded in advance disclosure.
| Anthropic claim / fact | Why it matters to banks and regulators |
|---|---|
| Thousands of high-severity vulnerabilities found | Suggests capability is not theoretical or narrow |
| Flaws found in every major operating system | Implies broad attack surface across shared infrastructure |
| Flaws found in every major web browser | Expands exposure beyond one vendor or one stack |
| More than 99% still unpatched | Raises urgency around defense timelines |
| Model can identify and exploit zero-days | Compresses the gap between discovery and weaponization |
| Access restricted under Project Glasswing | Signals even Anthropic viewed release as high risk |
| 40+ additional infrastructure organizations involved | Shows concern extends beyond one company to core software ecosystems |
| Advance briefings to U.S. officials | Suggests the Treasury/Fed response was informed, not reactive theater |
Banks are at the center of this concern because they depend on the broader software stack.
Treasury’s January 2025 Financial Services Sector Risk Management Plan identifies cloud concentration, software supply chains, and emerging technologies, including AI, as top sector risks, warning that reliance on common vendors and software creates conditions for cascading failures.
Banks share cloud providers, software vendors, payment rails, and clearing systems across the sector. A cyber capability that can efficiently find and exploit unpatched zero-days across every major operating system can hit an interconnected financial system with compounding force.
In this landscape, shared infrastructure means a single class of vulnerability can reach every node simultaneously.
The policy track making this an inevitability
On Feb. 18, Treasury announced a public-private initiative explicitly designed to develop practical tools for financial institutions to manage AI-specific cybersecurity risks.
On Mar. 23, Treasury and the Financial Stability Oversight Council launched an AI Innovation Series, stating that insights from it would inform Treasury and FSOC work on reinforcing resilience and financial stability as AI embeds itself across core financial functions.
The Federal Reserve’s July 2025 cybersecurity report listed assessing AI risks, bolstering cloud resilience, and exercising cyber-incident response plans among its joint FBIIC/FSSCC priorities.
Washington had also been building the conceptual framework for longer than that.
In June 2024, Treasury and FSOC hosted a conference on AI and financial stability. At it, then-Secretary Yellen identified opacity, inadequate risk management, and concentration among model vendors, data providers, and cloud providers as channels through which AI could create systemic vulnerabilities.
The FSB’s November 2024 AI report then codified four main systemic-vulnerability channels: third-party dependencies and service-provider concentration, market correlations, cyber risks, and model, data, and governance failures.
The IMF had separately found that cyberattacks on financial firms account for nearly 20% of all incidents it studied, and that the size of extreme losses had grown to $2.5 billion.
Mythos forced officials to operationalize a risk framework they had spent nearly two years constructing.
| Date | Institution | Event | Why it matters |
|---|---|---|---|
| Jun. 2024 | Treasury / FSOC | Conference on AI and financial stability | Established early systemic-risk framing |
| Jun. 2024 | Yellen | Warned about opacity, weak risk management, and concentration | Identified core vulnerability channels |
| Nov. 2024 | FSB | AI report on systemic-vulnerability channels | International policy codification |
| Jan. 2025 | Treasury | Financial Services Sector Risk Management Plan | Named cloud, supply chain, and AI as top risks |
| Jul. 2025 | Federal Reserve | Cybersecurity report | Included AI risk, cloud resilience, and incident exercises |
| Feb. 18, 2026 | Treasury | Public-private AI cyber initiative | Shift from theory to tools |
| Mar. 23, 2026 | Treasury / FSOC | AI Innovation Series launched | Linked AI adoption to resilience and stability |
| Apr. 2026 | Treasury / Fed | Urgent bank CEO meeting | Operationalized the framework |
The contradiction between Washington’s procurement retreat and its financial stability warning was, by design, run through two separate decision tracks.
Cutting government contracts with a vendor on supply-chain or national-security grounds is a procurement and policy decision that flows through a single set of channels. Assessing whether a frontier model’s cyber capabilities create new systemic risk for the financial sector runs through a different set entirely.
The meeting makes clear that those channels reached the same conclusion about capability from opposite directions, and that procurement officials moved to limit the government’s exposure to Anthropic as a vendor.
Financial stability officials moved to warn banks that what Anthropic had built posed a category of risk that warranted urgent attention.
Both reactions presuppose the same underlying judgment: that Mythos-class capability carries genuine operational consequence.
The resolution is that Washington’s concern about what Anthropic built survived Washington’s break with Anthropic as a vendor.
What could follow
In the bull case, Project Glasswing performs as designed.
Anthropic and its partners identify and patch material vulnerabilities before copycat capabilities reach open access, banks absorb the experience as a structured resilience exercise, and the episode becomes the first demonstration that frontier AI can deliver a net positive to cyber defense by finding flaws faster than adversaries can exploit them.
Anthropic’s restricted rollout, its partner set, and its resource commitments support this possibility, as does the fact that officials received an advance briefing, entering the conversation ahead of public disclosure.
In the bear case, additional frontier models arrive with comparable or greater offensive capabilities, or disclosures around Mythos reveal a more compressed attack timeline than the current controlled framing publicly acknowledges.
Treasury, the Fed, and financial regulators then move from private warnings to stricter supervisory expectations: stricter software provenance requirements, mandatory vendor concentration reviews, tighter incident reporting timelines, and more rigorous operational resilience standards for banks sharing common cloud or software dependencies.
The FSB and Treasury materials already supply the conceptual and regulatory basis for that escalation. The IMF’s extreme-loss estimates and the FSB’s warnings about disruption to critical financial infrastructure explain why officials moved to active preparation without waiting for a demonstrable incident.
How quickly the offense-defense balance shifts as more labs approach similar capability levels is the open variable in both scenarios.
Glasswing assumes that coordinated, controlled access can hold the advantage long enough for patches to close the gaps Mythos found. That assumption holds only as long as the gap between frontier access and open access stays wide enough to give the effort real purchase.
| Scenario | Trigger | Policy response | Impact on banks |
|---|---|---|---|
| Bull case | Glasswing works, vulnerabilities get patched, access stays controlled | Continued closed-door coordination, limited new rules | Banks treat this as a resilience drill |
| Base case | More concern, but no visible incident | More guidance, more exams, more vendor reviews | Higher compliance and patch-management pressure |
| Bear case | More models show similar offensive capability | Tighter supervisory expectations, software provenance rules, incident reporting pressure | Greater operational burden and faster control changes |
| Tail risk | Material disruption tied to shared software/cloud exposure | Crisis-style coordination across Treasury, Fed, regulators | Market confidence and operational continuity become key concerns |
Powell and Bessent’s decision to convene bank CEOs on an urgent basis is the clearest official acknowledgment that US officials believe that distance is narrowing faster than the financial system’s existing cyber posture can absorb.
