When the central banks of the United States, the United Kingdom, the European Union, and Australia simultaneously convene emergency meetings over a single technology announcement — it’s no longer just an IT event. On April 7, 2026, Anthropic unveiled its Mythos model, and within two weeks it became the top agenda item for financial regulators around the world. Let’s break down what’s happening and why it matters to everyone who uses banking services.
What Is Anthropic Mythos and Why It’s Different
Anthropic is the company behind Claude AI, one of the most popular AI assistants in the world. But Mythos is on a different level entirely. It’s what’s known as a frontier AI model — the most powerful system publicly available today.
Here’s what Anthropic itself has claimed about Mythos’s capabilities:
- The model autonomously identifies and exploits zero-day vulnerabilities across all major operating systems
- Mythos finds security flaws in every major web browser
- The system has discovered thousands of critical vulnerabilities — autonomously, without any human involvement
The term “zero-day” is key here: these are vulnerabilities that developers are not yet aware of, meaning there is no existing defense. Previously, finding such a vulnerability required a team of highly skilled hackers working for months. Mythos does it in hours.
Project Glasswing: Restricted Access as a Safety Measure
Anthropic is well aware of the risks its own technology poses. Rather than a public release, the company announced Project Glasswing on April 7, 2026 — a restricted access program for selected partners.
Around 40 organizations joined the program, including Amazon, Apple, Google, Microsoft, Nvidia, and JPMorgan Chase. The goal is to give these companies time to identify and close vulnerabilities in their own systems before Mythos becomes publicly available.
Anthropic has committed $100 million in credits to program participants and $4 million to open-source cybersecurity organizations.
The Response from Global Regulators: From London to Sydney
United Kingdom: “This Could Crack the Whole Cyber Risk World Open”
Bank of England Governor Andrew Bailey, speaking at Columbia University in New York, issued a stark warning: Mythos could “crack the whole cyber risk world open.” He called on regulators to urgently assess the extent to which the model can identify and exploit vulnerabilities in financial infrastructure.
Following his remarks, the Bank of England’s Cross Market Operational Resilience Group (CMORG) and its AI Taskforce scheduled emergency meetings specifically to discuss the threats posed by Mythos.
United States: Emergency Meeting with Top Bank CEOs
Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened an urgent meeting with the CEOs of the largest American banks. The gathering took place in Washington, where bank executives were already attending the Financial Services Forum board meeting.
During separate quarterly earnings calls, top bank executives spoke publicly about Mythos:
— Goldman Sachs CEO David Solomon: the bank already has access to the model and is using it for defensive purposes. “We have hypersensitivity to the enhanced capabilities of new models.”
— JPMorgan Chase CEO Jamie Dimon: AI has made cyber risks “worse” and “harder.” On Mythos specifically, he said: “It shows that a lot more vulnerabilities need to be fixed.”
— JPMorgan CFO Jeremy Barnum: tools like Mythos “can make it easier to find vulnerabilities, but then also potentially be deployed by bad actors in attack mode.”
European Union and Australia
ECB President Christine Lagarde gave a candid comment to Bloomberg TV: there is currently no governance framework in place “to actually mind those things.” It was a frank admission that the regulatory infrastructure has not kept pace with the technology.
Australia’s securities regulator ASIC confirmed on April 20 that it is actively monitoring Mythos alongside peer regulators worldwide, to assess potential implications for the Australian financial market.
Why the Banking System Is Particularly Vulnerable
To understand the scale of the problem, you need to know how the IT infrastructure of banks actually works.
| Risk Factor | Why It’s a Problem |
|---|---|
| Legacy systems | Banks have layered new technologies on top of aging systems for decades, accumulating undetected vulnerabilities along the way |
| Cloud dependency | A small number of large providers (AWS, Azure, Google Cloud) serve most banks. A vulnerability in one means risk for all |
| Interconnectedness | Banks are tightly integrated with one another. A single breach can cascade across the entire system |
| AI-scale attacks | Mythos operates at speeds no human can match — thousands of vulnerabilities identified within hours |
The core fear among regulators: if bad actors gain access to Mythos’s capabilities and direct them against the cloud providers that underpin the banking system, the consequences for global financial infrastructure could be catastrophic.
The Debate Over Restricted Access
Not everyone in the industry supports Anthropic’s approach. IBM Senior Vice President Rob Thomas publicly criticized the Project Glasswing strategy, arguing that “security improves more often through scrutiny than through concealment.” In his view, restricted access merely delays the problem rather than solving it.
This debate reflects a fundamental question facing modern AI: should the most powerful models be kept under restricted access in the name of safety — or is broader community review more effective?
Anthropic has chosen the first path. Time will tell whether it’s the right one.
What Mythos Means for Everyday Users
If you’re not a banker or a regulator — why does this news concern you?
First, your money is stored in banks that depend on the very IT infrastructure being discussed. Second, your personal data lives in the browsers and operating systems whose vulnerabilities Mythos has already uncovered. Third, this situation reveals a new reality: artificial intelligence is no longer just an assistant for writing text or answering questions. It’s a tool capable of shifting the balance of power in cybersecurity at a global scale.
The good news: thanks to Project Glasswing, major tech companies are already patching the vulnerabilities Mythos has identified. The same technology that creates risks is simultaneously the tool being used to eliminate them.
Timeline: From Launch to Global Alarm
- April 7, 2026 — Anthropic launches Claude Mythos Preview through Project Glasswing for ~40 selected partners
- April 9 — The US Treasury and the Federal Reserve convene an emergency meeting with major bank CEOs
- April 10 — Major US banks (JPMorgan, Goldman, Citi, BofA, Morgan Stanley) begin internal testing of Mythos
- April 13 — Reuters publishes an investigation: Mythos could expose banks to “unprecedented cyber risks”
- April 16 — Bank of England Governor Andrew Bailey issues a warning at the Financial Stability Board level
- April 17–18 — ECB President Lagarde acknowledges the absence of a regulatory framework
- April 20 — ASIC (Australia) joins the international regulatory monitoring effort
What Comes Next
Anthropic says Mythos will remain under restricted access until partners have addressed the main vulnerabilities. But there are no specific timelines — and that uncertainty is itself unsettling for regulators.
Meanwhile, the question of AI governance is shifting from a technical matter to a political one. At the IMF and World Bank spring meetings in Washington, Mythos became one of the central topics on the agenda. More meetings, more regulatory initiatives, and most likely new requirements for companies developing frontier AI models are all ahead.
One thing is clear: the era when artificial intelligence was simply a “smart chatbot” is over. Mythos has demonstrated that AI can influence the systems on which global financial stability depends. And everyone — regulators, banks, and ordinary users — will need to adapt.
Key Takeaways: Mythos and Banking Risks at a Glance
- Anthropic Mythos — a frontier AI model that autonomously identifies zero-day vulnerabilities in operating systems and browsers
- Project Glasswing — restricted access for ~40 companies, including JPMorgan, Amazon, and Google
- Regulators on alert: Bank of England, the Fed, the ECB, the US Treasury, and ASIC in Australia
- The risk to banks: legacy systems + cloud dependency = vulnerability to cascading attacks
- Mythos’s dual role: the same model that finds vulnerabilities is also being used to close them
Article prepared by the TechVisor team — practical tech media for people.
