Banks Warned as Anthropic Unveils Claude Mythos Preview, Undermining AGI Hype

Anthropic released Claude Mythos Preview on April 7, touting unprecedented code‑analysis skills, the company said (Fast Company). In internal tests the model “found and exploited vulnerabilities” that “surpassed all but the most skilled humans,” flagging flaws in every major OS and browser (Fast Company). It uncovered a 28‑year‑old hole in OpenBSD and a 16‑year‑old bug in FFMPEG that survived millions of automated scans (Fast Company).

Treasury Secretary Scott Bessent warned bank CEOs that running the new model on internal networks could expose sensitive customer data (The New York Times). He said the software’s ability to locate hidden security weaknesses makes it a potent tool for malicious actors. The warning was delivered in a hastily convened meeting in Washington that also included Federal Reserve Chair Jerome Powell (The New York Times).

Powell, who has recently highlighted cyber‑risk to the financial system, echoed Bessent’s concerns (The New York Times). He urged the banks to treat Claude Mythos Preview as a “high‑risk” technology until safeguards are proven. Executives from Bank of America, Citi and Wells Fargo were told to restrict the model’s access to production environments (The New York Times).

Anthropic’s claim that Mythos can “detect security flaws in every major operating system and web browser” raises the stakes for regulators (Fast Company). If the model can automate vulnerability discovery at scale, it could accelerate both defensive patching and offensive exploitation. The Treasury and Fed now face pressure to draft guidance on AI‑driven cyber threats.

The episode underscores a growing tension: AI firms push capabilities that outpace existing security controls, while regulators scramble to contain the fallout. As banks grapple with the immediate risk, the broader AI community watches whether the hype around artificial general intelligence will be tempered by practical security concerns.