Why the US Treasury Secretary and Fed Chair Just Summoned Wall Street Over an AI Model

An AI Found a 27-Year-Old Bug. Then Wall Street Got a Phone Call.

On April 8, something unusual happened at the US Treasury building in Washington, D.C. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell summoned five of America's most powerful banking executives to an emergency meeting. Bank of America's Brian Moynihan, Citigroup's Jane Fraser, Goldman Sachs' David Solomon, Morgan Stanley's Ted Pick, and Wells Fargo's Charlie Scharf all showed up. Only JPMorgan's Jamie Dimon couldn't make it.

The reason was simple and alarming. Anthropic had just rolled out its latest AI model, Mythos, in a limited capacity -- and it had discovered thousands of zero-day vulnerabilities (previously unknown security flaws) across every major operating system and web browser.

The oldest vulnerability Mythos found was a 27-year-old bug in OpenBSD that had survived decades of human security review.

---

What Exactly Is Mythos?

Mythos Preview isn't your typical chatbot upgrade. It's a cybersecurity-specialized AI that can identify software vulnerabilities and write working exploit code to prove they're real.

Here's the deal: the benchmark numbers alone tell a story.

Benchmark	Mythos Preview	Claude Opus 4.6	GPT-5.4
SWE-bench Verified	93.9%	80.8%	~82%
SWE-bench Pro	77.8%	53.4%	57.7%
GPQA Diamond	94.6%	~90%	94.4%
CyberGym	83.1%	N/A	N/A

That 93.9% on SWE-bench Verified represents a 13-point leap over the previous best. But benchmarks don't capture what really matters here.

In Firefox vulnerability testing, Mythos developed 181 working exploits and achieved register control on 29 more. In one case, it chained four separate vulnerabilities together, writing a complex JIT heap spray (a technique that abuses a browser's code compiler) that escaped both the renderer sandbox and the OS sandbox. On Linux, it combined subtle race conditions with KASLR bypasses to achieve local privilege escalation -- autonomously.

Think of it like this: Mythos did in hours what would take a team of elite security researchers weeks.

Anthropic built Mythos starting in late 2025, recognizing that AI would transform both sides of the cybersecurity equation. The model shares architectural DNA with Opus 4.6 but represents what Anthropic calls "a distinct model category" -- particularly in code analysis, vulnerability pattern recognition, and multi-step exploit chain construction.

---

Why Wall Street Panicked

Banks Run on Legacy Code

Major banks operate some of the world's largest software systems. JPMorgan Chase alone spends $17 billion annually on technology. The problem is that much of this code sits on top of decades-old legacy systems -- exactly the kind of codebase where 27-year-old bugs hide.

Mythos demonstrated that AI can systematically discover vulnerabilities in this kind of legacy code far faster than humans. Bessent and Powell's concern was straightforward: if a model with these capabilities falls into adversarial hands, the financial system's security walls could crumble.

Current financial cybersecurity rests on an assumption: defenders have more resources than attackers. AI threatens to flip that equation entirely.

Anthropic's Response: Project Glasswing

Anthropic chose not to release Mythos publicly. Instead, it created Project Glasswing -- a restricted access program.

Detail	Specification
Access	40+ whitelisted organizations only
Target users	Critical software infrastructure builders and maintainers
Pricing	$25 / $125 per million tokens (input/output)
Public release	Not planned

The $25/$125 pricing is steep compared to Claude Opus 4.6 ($15/$75), and access is tightly controlled. Anthropic is trying to thread a needle: let defenders use the tool while keeping it away from bad actors.

---

The Bigger Picture: AI Cybersecurity's Paradigm Shift

This event raises a fundamental question for the entire AI industry. When AI gets dramatically better at finding vulnerabilities, does that help defenders or attackers more?

On the defense side, organizations can now systematically discover and patch flaws they never knew existed. Anthropic has already notified major software vendors, and security teams are building new detection playbooks based on Mythos findings.

On the offense side, similar capabilities in the wrong hands could outpace defensive responses. Nation-state hacking groups are widely believed to be developing comparable AI tools. The gap between "vulnerability discovered" and "patch deployed" is the window attackers need.

The Bessent-Powell meeting wasn't just a warning. It was effectively an executive order: rebuild your cyber defenses for the AI era. Now.

---

What This Means For You

You won't be using Mythos directly -- it's not publicly available. But the ripple effects matter.

Banking apps and financial services will likely see accelerated security updates as institutions adopt AI-powered vulnerability scanning at scale. The classification of AI models by "risk tier" will become an industry standard. And if you're a developer, the bar for code security just moved from "good enough for human review" to "resilient against AI-powered analysis."

When the Treasury Secretary and Fed Chair personally summon bank CEOs, it signals that AI's cybersecurity impact has crossed from a tech industry concern into a matter of national economic security.

---

Sources

• Bessent, Powell Summon Bank CEOs to Urgent Meeting Over Anthropic's New AI Model - Bloomberg
• Anthropic's Claude Mythos Preview sparks race to fix critical bugs - Tom's Hardware
• Anthropic says its most powerful AI cyber model is too dangerous to release publicly - VentureBeat