Mythos Found Your Bank's Flaws

Welcome to Memorandum Deep Dives. In this series, we go beyond the headlines to examine the decisions shaping our digital future 🗞️

This week’s subject is Anthropic’s Claude Mythos preview, which prompted Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell to convene an emergency meeting with CEOs of America’s largest banks.

The surface reading was familiar: new AI model arrives, security community reacts. That understates what happened. Mythos independently found thousands of previously unknown zero-day vulnerabilities across major operating systems and browsers, then built working exploits without human guidance, achieving an 83% detection rate, compared with roughly 14% for its predecessor.

The deeper signal is not capability but timeline compression. The gap between discovering a vulnerability and weaponizing it has collapsed to the point where banking’s standard defenses, periodic audits, staged patching, and managed disclosure look structurally inadequate against threats operating at machine speed.

AI compresses the vulnerability lifecycle

Over the past few days, several channels covering artificial intelligence have discussed the advances Anthropic has made in the field. Such headlines have often done so through the lens of Mythos, or rather its preview version, announced on April 7. According to Anthropic’s internal testing, the model can identify thousands of previously unknown security flaws (known in the industry as zero-day vulnerabilities) across every major operating system and web browser.

In one instance, it found a 27-year-old bug in OpenBSD, an operating system specifically designed for security, that could crash any machine running it with just two network packets. In another, it found a 17-year-old flaw in FreeBSD’s file-sharing system that allowed complete remote control of a server, and then wrote the exploit code to use it, entirely on its own.

And now, according to a Reuters report, it is being viewed as a significant challenge for the banking industry due to its legacy technology systems.

Why banks are uniquely exposed

The problem arises because banks run some of the oldest and most layered technologies in any industry. A typical large financial institution operates software stacks that mix modern cloud tools with programs originally built decades ago, systems for processing transactions, onboarding customers, and running compliance checks that have been updated many times but never fully replaced.

That architecture has always carried risk, but what has changed now is that the new class of AI models can scan those layered systems, find vulnerabilities that human reviewers and automated testing tools missed for years, and in some cases build working exploits for them, all without a person guiding the process step by step.

Banks are particularly vulnerable to AI systems like Mythos because they combine two conditions that make these exploits especially potent: deeply entrenched legacy infrastructure and tightly interconnected systems.

The force multiplier of shared systems

TJ Marlin, CEO of AI security firm Guardrail Technologies, told Reuters that Mythos can scan complex architectures, including legacy infrastructure where undiscovered vulnerabilities have accumulated over time. Costin Raiu, co-founder of cybersecurity firm TLPBLACK, pointed to decades-old IBM systems still in active use across the industry, suggesting that a model like Mythos would find substantial exploitable flaws in them.

The interconnection problem compounds the legacy one. Many banks rely on the same narrow set of third-party vendors for know-your-customer checks, transaction processing, and regulatory compliance. Naresh Raheja, a former Office of the Comptroller of the Currency official, told Reuters that because the industry is heavily regulated and specialized, there are extensive IT interconnections, with many banks using the same solutions. A vulnerability found in a widely used vendor’s software would not affect a single bank; it could affect dozens or hundreds simultaneously. Marlin described that as a force multiplier, making any AI-powered exploit potentially catastrophic at scale.

The extent of the problem is evident in the unusual response from government agencies working to bring the banking industry together to address the issue.

When governments start to worry

According to a Bloomberg report, Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened an emergency meeting with CEOs of major U.S. banks on April 8 to discuss the risks posed by Mythos. The executives included Jane Fraser of Citigroup, Ted Pick of Morgan Stanley, Brian Moynihan of Bank of America, Charlie Scharf of Wells Fargo, and David Solomon of Goldman Sachs. JPMorgan CEO Jamie Dimon was invited but did not attend. Outside the U.S., government officials in Canada and Britain have held similar briefings with their banking sectors.

The U.S. Treasury said the administration was pushing financial institutions to understand and anticipate these developments, with further meetings planned.

The Cloud Security Alliance, a coalition of cybersecurity executives and former senior U.S. government officials, warned in a strategy briefing that Mythos lowers the cost and skill floor for discovering and exploiting vulnerabilities faster than organizations can patch them.

And while governments and banks try to figure out how to address the latest threat from AI, Anthropic has said it will not release Mythos to the public.

Anthropic’s response to Mythos’ abilities

Instead, the company launched Project Glasswing, a defensive initiative that gives a coalition of 12 launch partners access to the model to scan and harden their own systems. Those partners include AWS, Apple, Google, Microsoft, Cisco, CrowdStrike, JPMorgan Chase, NVIDIA, Palo Alto Networks, Broadcom, and the Linux Foundation. Over 40 additional organizations have also received access. Anthropic is also backing the effort with up to $100M in usage credits and $4M in donations to open-source security organizations.

JPMorgan Chase, the only bank among the launch partners, described its involvement as a unique, early-stage opportunity to evaluate next-generation AI tools for defensive cybersecurity across critical infrastructure.

However, for Anthropic, the story does not end there. The company is currently embroiled in a political tussle with the current U.S. administration, which further complicates the context.

The Pentagon designated Anthropic a supply chain risk in early March after the company refused to grant the military unrestricted use of its AI models for autonomous weapons and mass surveillance. The designation bars defense contractors from using Claude. A federal judge in San Francisco called the move an attempt to punish Anthropic and issued a preliminary injunction blocking it. Still, an appeals court in Washington allowed the blacklisting to remain while the case proceeds.

The result is that the same administration blacklisting Anthropic through the Pentagon is, through the Treasury and the Federal Reserve, urging the country’s biggest banks to adopt its technology. Anthropic co-founder Jack Clark acknowledged the tension at a Semafor event, saying the company has a narrow contracting dispute with the DOD but does not want that to obstruct its national security work.

However, while the government and Anthropic appear to be working towards a solution to both their political differences and the threat posed by Mythos, not everyone agrees that the company’s latest models represent a clean break from what was already possible.

The capability is already diffusing

Researchers at AISLE, an AI security startup, tested Anthropic’s showcase vulnerabilities on small, cheap, open-weight models and found that all eight models they tested could detect the FreeBSD flaw, including a model with just 3.6B parameters costing 11 cents per million tokens. A 5.1B-parameter model recovered the core analysis chain of the OpenBSD bug.

There’s an important nuance here: AISLE’s researchers directed models toward known buggy code, whereas Mythos independently uncovered vulnerabilities across entire codebases, a much more complex challenge. The performance gap reflects that difference. While Opus 4.6 identified exploits about 14% of the time and rarely executed them successfully, Mythos reached an 83% detection rate with a 72.4% success rate. In Firefox tests, it even generated 181 working exploits, compared to just two from its predecessor.

Even if the current models are unable to replicate the model’s success, Logan Graham, who leads offensive cyber research at Anthropic, has said he expects competing models with similar capabilities to appear within 6 to 18 months.

What remains unresolved

Anthropic has committed to a public findings report from Project Glasswing within 90 days, expected in early July 2026. That report is widely expected to trigger a high-volume patch cycle across operating systems, browsers, and infrastructure software. Meanwhile, over 99% of the vulnerabilities Mythos identified remain unpatched.

For banks, the issue is no longer just whether vulnerabilities exist, but whether they can be found and weaponized faster than the systems designed to contain them can respond. Models like Mythos collapse that timeline to the point where the traditional assumptions of cybersecurity, periodic audits, staged patching, and managed disclosure begin to look structurally outdated. In an industry built on layers of legacy infrastructure and shared dependencies, even a small delay can propagate across institutions. The deeper concern, then, is whether the architecture underlying modern banking can operate reliably in a world where exploits are discovered at machine speed.