The Treasury Secretary and Fed Chair convened an urgent meeting this week with the chiefs of Citigroup, Morgan Stanley, Bank of America, Wells Fargo and Goldman Sachs to warn that Anthropic's new Mythos model can identify and exploit software vulnerabilities at a speed and cost the current defensive stack was never designed to resist. For crypto, the implications are sharper still.
Scott Bessent and Jerome Powell pulled the CEOs of America's largest banks into Treasury this week to warn them that an AI model built by Anthropic can identify and exploit software vulnerabilities faster than any defensive tool currently deployed inside their institutions. The meeting — held at the Treasury Department in Washington — was attended by the chiefs of Citigroup, Morgan Stanley, Bank of America, Wells Fargo and Goldman Sachs. JPMorgan's Jamie Dimon did not attend.
The subject was Mythos, the offensive-security model Anthropic unveiled earlier this week under a controlled-release programme it calls Project Glasswing. The company's own technical report describes the tool in terms that should unsettle anyone running a financial system: Mythos can "identify and exploit weaknesses across every major operating system and every major web browser." In one benchmark, the model found a 27-year-old denial-of-service flaw in OpenBSD for a compute cost of under $50; in another, it discovered a 16-year-old integer-overflow bug in FFmpeg's H.264 codec that had survived roughly five million prior automated scans.
Bessent and Powell are not prone to performative alarm. That they convened the meeting at all suggests regulators now view automated exploitation as an infrastructure-level risk rather than a theoretical one. Treasury has declined to describe the specific threat briefings delivered to the bank chiefs, and for their part the banks have declined to comment on the substance of the conversation.
For crypto, the implications are sharper than for traditional finance. Anthropic has said Mythos found critical weaknesses in cryptography libraries including TLS, AES-GCM and SSH — the plumbing on which almost every wallet, exchange and custody platform depends. The company warned in its own release that "mitigations whose security value comes primarily from friction rather than hard barriers may become considerably weaker against model-assisted adversaries." Multisig governance is friction. Timelocks are friction. Third-party audits are friction. None of these were designed to resist an attacker that can enumerate every reachable code path in an afternoon for the price of a modest cloud bill.
The timing is uncomfortable. Nine days ago, an estimated $285 million was drained from Drift Protocol in what investigators have attributed to a North Korean social-engineering operation that exploited the protocol's Security Council governance — not a code bug, but the friction layer meant to catch one. A Mythos-class tool would not have built that social-engineering campaign, but it would have made the initial reconnaissance — and the discovery of signing-flow weaknesses — dramatically cheaper.
Anthropic's decision to hand Mythos to roughly forty large technology and financial firms rather than publish it is an attempt to front-run that asymmetry. Google, Microsoft and Apple are among the participants. The company is offering up to $100 million in usage credits to Glasswing members and a further $4 million to open-source security organisations, which gives defenders a head start measured in months at most. The head start is the whole point; the model itself will eventually diffuse, either through leak, imitation or open-weights equivalents that a sufficiently resourced nation-state can build in parallel.
The market response has been almost the opposite of what you would expect. The CoinDesk DeFi Select Index is up roughly 7% in the last twenty-four hours, outperforming both bitcoin and ether. That is partly because DeFi traders already priced in security risk after Drift, and partly because retail investors do not read cybersecurity threat models before buying a token. But it is also a bet that the defenders keep winning, and that bet has thinned.
What the banks were told behind closed doors was presumably less sanguine. The institutions in the room oversee trillions of dollars of deposits and an attack surface that grows every time a new cloud vendor is onboarded. Against that, the defensive stack is still overwhelmingly the same stack that missed a 27-year-old OpenBSD bug for 27 years. Treasury is reportedly asking the banks for internal inventories of how frontier AI is being used both for defence and for auditing legacy code.
What happens next is mostly a question of how quickly bank-side and crypto-side security teams can absorb a tool they did not ask for, and deploy it across systems they did not build to resist it. The meeting gave the institutions advance warning. It did not give them more time.
