U.S. Treasury and Federal Reserve Officials Urge Banks to Test Anthropic's AI for Cybersecurity Vulnerabilities

The proactive engagement of U.S. regulators with major banks signals a significant shift in how financial institutions approach cybersecurity.

• On April 7, 2026, U.S. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell urged major banks to test Anthropic's Claude Mythos AI model for cybersecurity vulnerabilities.
• Banks including JPMorgan Chase and Goldman Sachs have begun internal testing as part of Anthropic's restricted Project Glasswing initiative.
• This meeting follows concerns over the model's ability to autonomously discover zero-day vulnerabilities, amidst ongoing tensions between Anthropic and the Department of Defense.

• Claude Mythos Preview, announced on the same day, is designed to excel in identifying cybersecurity flaws without specific training.
• The U.S. Department of Defense previously labeled Anthropic as a supply-chain risk, leading to a lawsuit from the company.
• Global regulators are increasingly focused on balancing innovation in AI with the need to protect critical infrastructure from cyber threats.

The April 7 meeting in Washington, D.C., marked a pivotal moment in the intersection of finance and advanced technology. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened top executives from major U.S. banks, urging them to leverage Anthropic's Claude Mythos AI model to test their internal systems for vulnerabilities. This initiative is part of a broader regulatory push to harness AI's capabilities for defensive cybersecurity, reflecting an urgent response to escalating cyber threats.

The Claude Mythos model is notable for its advanced capabilities in discovering zero-day vulnerabilities—flaws that are unknown to the software vendor and have no existing patches. By autonomously identifying these vulnerabilities, the model can potentially enhance the security posture of financial institutions, which are prime targets for cyberattacks. The banks involved, including JPMorgan Chase, Goldman Sachs, and Citigroup, are now testing the model under the auspices of Anthropic's Project Glasswing, which restricts access to vetted partners for defensive purposes only.

This regulatory push comes against a backdrop of geopolitical tensions and ongoing debates about AI safety. The Department of Defense's designation of Anthropic as a supply-chain risk has raised concerns about the dual-use nature of AI technologies, where advancements in cybersecurity could also be exploited for malicious purposes. The lawsuit filed by Anthropic against the DoD underscores the complexities of navigating innovation while ensuring national security.

As banks begin to integrate AI-driven testing into their cybersecurity frameworks, the implications are far-reaching. The financial sector is already experiencing a ripple effect, with cybersecurity stocks declining following the disclosures about Mythos. The Goldman Sachs software basket fell approximately 5%, while firms like CrowdStrike saw drops of around 7%. These market reactions indicate that investors are closely monitoring the evolving landscape of AI in cybersecurity, particularly as international regulators, including the Bank of England, initiate assessments of risks to banks and insurers.

In essence, the meeting and subsequent testing of Claude Mythos represent a critical juncture for the financial industry, where the need for robust cybersecurity measures is increasingly intertwined with the adoption of advanced AI technologies.

• Cybersecurity professionals in financial institutions will need to adapt to new AI tools and methodologies.
• Bank executives must navigate the regulatory landscape while ensuring their institutions remain secure.
• Investors in cybersecurity firms will be affected by market fluctuations as AI capabilities evolve.

• Testing outcomes from banks: The results of internal tests on Claude Mythos will reveal its effectiveness and influence future cybersecurity strategies.
• Regulatory responses: How regulators respond to the findings from these tests could shape the framework for AI use in cybersecurity across industries.
• Market reactions: Continued fluctuations in cybersecurity stock prices will indicate investor confidence in AI-driven solutions.