Wall Street banks have begun testing Anthropic’s Mythos model internally, while members of the Trump administration encourage them to use the tool to detect vulnerabilities.
Although JPMorgan Chase was the only bank named by name as part of the Mythos testing initiative, other large financial institutions have also had access or expect to have access in the coming days, according to people familiar with the matter.
Goldman Sachs, Citigroup, Bank of America and Morgan Stanley are among the banks that have been testing the technology internally, these sources said. The institutions either declined to comment or did not respond immediately.
During the meeting with Wall Street leaders, convened by US Treasury Secretary Scott Bessent and Federal Reserve Chairman Jerome Powell, executives were warned that they should take the Mythos model seriously and use its capabilities to detect vulnerabilities, reported the sources, who requested anonymity because the information is not public.
Government officials have not highlighted any specific threat to the financial system and have generally encouraged banks to run the model on their own systems to bolster their defenses, these people said.
Earlier, the Bloomberg had reported that Bessent and Powell convened a group of bank executives at Treasury headquarters in Washington on April 7 at short notice to ensure that institutions were aware of the potential risks posed by Mythos and similar models from Anthropic. The executives were already in the capital for a meeting of the Financial Services Forum, a lobby group that brings together the largest banks.
A Treasury representative did not respond to a request for comment. A Federal Reserve spokesperson also had no immediate comment.
The pressure from the Trump administration highlights growing concern among regulators that a new generation of cyberattacks is among the biggest risks to the financial industry. All banks called to the meeting are classified as “systemically important” by main regulators, meaning their stability is a priority for the global financial system.
Anthropic said it had been talking to U.S. officials before the Mythos’ recent launch about its “offensive and defensive cybersecurity capabilities.”
Continues after advertising
The company initially limited access to Mythos to a few dozen companies. These companies, which include JPMorgan, Amazon.com Inc. and Apple Inc., are part of the so-called “Project Glasswing”, an initiative aimed at protecting critical systems before other similar AI models reach the market.
When releasing Mythos to a very restricted set of companies, Anthropic pointed out several vulnerabilities that the system was able to both identify and potentially exploit during testing. None of the examples specifically referred to financial institutions, but in one case, the company’s security team claimed to have managed to compromise a web browser so that a website controlled by a hacker could read data from another website — “for example, the victim’s bank.”
According to a post from the Anthropic security team, Mythos Preview “completely autonomously discovered” a way to read information stored in “several different browsers” and then used that ability to find ways to exploit it.
Continues after advertising
In one of the tests, Anthropic said that Mythos found a way to exploit browsers by combining multiple vulnerabilities. This tactic often presents a challenge for human hackers, who have difficulty locating and triggering multiple flaws at the same time. These so-called “chains of vulnerabilities” can open the way for intrusions into highly protected systems — as occurred in the Stuxnet attack, which damaged centrifuges at an Iranian nuclear facility.
At the same time, Anthropic has been fighting a legal dispute with the Trump administration. The Pentagon has classified the company as a supply chain risk, a designation Anthropic disputes. Earlier this week, a federal appeals court rejected, at least for now, the company’s request to suspend the Pentagon’s classification.
Kevin Hassett, director of the National Economic Council, said in an interview with Fox News that there is a sense of urgency as U.S. officials pressure banks to bolster their digital defenses using AI technology.
Continues after advertising
“It was appropriate for Secretary Bessent to do what he did,” he said, referring to the meeting with Wall Street leaders.
“We are taking all possible measures to ensure that everyone is protected from these potential risks, including reaching an agreement with Anthropic to hold back the public launch of the model until our authorities have clarified everything,” he said.
In recent years, regulators have started to require banks to maintain specific capital linked to the risk of cyberattacks, in addition to other so-called operational risks, such as legal proceedings and the actions of dishonest employees. Institutions sometimes complain about these requirements, claiming that operational risk is much more difficult to measure than market and credit risks, which also influence banks’ capital calculations.
Continues after advertising
© 2026 Bloomberg L.P.
