← Back to stories Firefighters in orange uniforms attend a strategic training session in Mato Grosso, Brazil.
Photo by Bombeiros MT on Pexels
凤凰科技 2026-04-17

Emergency meeting at Treasury and Fed as AI "Mythos" raises systemic cyber fears

What happened — sudden summit over an AI model

It has been reported that U.S. Treasury Secretary Janet Yellen — the article names Scott Bessent, but confirm? — met with Federal Reserve Chair Jerome Powell in an unannounced emergency session at Treasury headquarters to brief top bank CEOs on a single technical threat: Anthropic’s Claude Mythos Preview. The invitees reportedly included senior leaders from Citigroup, Morgan Stanley, Bank of America, Wells Fargo and Goldman Sachs. Why would finance chiefs be summoned to discuss an AI model? Because Mythos is said to automate zero‑day discovery and exploit generation at speeds that outpace conventional defenses — and that poses a potential systemic risk to financial infrastructure.

What Mythos reportedly does

It has been reported that Anthropic designed Mythos as a large model trained specifically for vulnerability discovery and exploit development. In tests against Firefox’s JavaScript engine, the model reportedly produced working exploit code in 181 instances, yielding a success rate cited around 72.4 percent — a dramatic jump from prior general‑purpose models. Mythos also allegedly triggered long‑dormant faults in OpenBSD and FFmpeg and produced hundreds of crashes in Google’s OSS‑Fuzz corpus, including instances of full control‑flow hijack on patched targets. Reportedly these outcomes demonstrate a new "speed gap": minute‑scale AI attacks versus hour‑ or day‑scale human response.

Industry response and controlled rollouts

Big tech and security vendors have responded by gating access. It has been reported that Anthropic is not releasing Mythos to the public and instead is working with a defenders’ consortium called Project Glasswing, whose founding members reportedly include AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan, the Linux Foundation, Microsoft, NVIDIA and Palo Alto Networks to vet and remediate codebases. OpenAI has reportedly tightened its own defensive offering, rolling out a GPT‑5.4‑Cyber variant with restricted access for vetted security teams. Access controls are intended to limit abuse, but they also raise questions about concentration of offensive and defensive capability in a small set of firms.

Why this matters to finance and national security

The episode underlines how AI advances are bleeding into macro‑prudential and national‑security domains. It has been reported that Treasury technical teams are seeking access to run proactive scans of government networks. Regulators worry that if such offensive capabilities leak, attackers could target payment rails, clearing systems and core bank infrastructure. Against a backdrop of heightened geopolitical cyber tensions and ongoing export controls on advanced chips and software, the Mythos episode shows regulators, banks and cloud operators grappling with a new calculus: can you safely restrict and remediate a technology that simultaneously empowers defense and magnifies the potential for catastrophic, automated attacks?

AI
View original source →