Wall Street Banks Try Out Anthropic’s Mythos as US Urges

Link copied

Wall Street Banks Try Out Anthropic’s Mythos as US Urges.

stock :: 10hrs ago :: source - bloomberg

By Jordan Robertson, Todd Gillespie and Sridhar Natarajan

(Bloomberg) -- Wall Street banks are starting to test Anthropic PBC’s Mythos model internally as Trump administration officials encourage them to use it to detect vulnerabilities.

While JPMorgan Chase & Co. was the only bank named as part of an initiative to test the Mythos model, other major financial institutions have also gained access or expect to in the coming days, according to people familiar with the matter.

Goldman Sachs Group Inc., Citigroup Inc., Bank of America Corp. and Morgan Stanley are among the banks testing the technology internally, the people said. Those firms either declined to comment or had no immediate response.

During a meeting this week with Wall Street leaders, summoned by US Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell, executives were warned that they should take the Mythos model seriously and deploy its capabilities to detect vulnerabilities, the people said, asking not to be identified because the information isn’t public.

Government officials didn’t raise any specific threat to financial institutions and more generally encouraged the banks to run the model against their own systems to improve their own defenses, they said.

Bloomberg reported earlier that Bessent and Powell had assembled the group of banking executives on April 7 at Treasury’s headquarters in Washington on short notice to ensure that banks were aware of possible risks raised by Anthropic’s Mythos and similar models. The executives were in town already for a meeting of the Financial Services Forum, an advocacy group made up of the biggest lenders.

A representative from the Treasury Department didn’t respond to a request for comment. A Federal Reserve spokesperson declined to comment.

The urging by Trump officials underscores the concern growing among regulators that a new breed of cyberattacks is one of the biggest risks facing the financial industry. All the banks summoned to the meeting are classified as systemically important by top regulators, meaning their stability is a priority for the global financial system.

Anthropic has said that it has been in discussions prior to its recent release with US officials about Mythos and its “offensive and defensive cyber capabilities.”

The company has limited the release of Mythos to a few dozen firms initially. Those companies, which include JPMorgan, Amazon.com Inc. and Apple Inc., are part of what’s being called “Project Glasswing,” which will work to secure the most important systems before other similar AI models become available.

In releasing Mythos to a very limited set of companies, Anthropic pointed to several vulnerabilities that the AI system was capable of both identifying and potentially exploiting during testing. None of the examples related specifically to financial institutions, but in one instance, the firm’s security team said it was able to compromise a web browser so that a website set up by a hacker could read data from another website “e.g., the victim’s bank.”

Mythos Preview “fully autonomously discovered” a way of reading information stored in “multiple different web browsers” and then used that ability to find ways to exploit them, according to a post from Anthropic’s security team.

In one case, Anthropic said, Mythos found a means of exploiting web browsers that utilized multiple vulnerabilities. That tactic often represents a challenge for human hackers who struggle to find and exploit multiple flaws at once. So-called vulnerability chains can serve as pathways into otherwise highly secure systems, such as in the Stuxnet hack that damaged centrifuges at an Iranian nuclear facility.

Anthropic has separately been battling the Trump administration in court. The Pentagon had labeled the company as a supply-chain risk, a designation that Anthropic has opposed. Earlier this week, a federal appeals court declined, at least for now, Anthropic’s request that it put a pause to the Pentagon’s designation.

National Economic Council Director Kevin Hassett said during an interview with Fox News that there’s a sense of urgency as US officials push banks to improve their digital defenses with AI technology.

“It was appropriate that Secretary Bessent do what he did,” he said of the meeting with Wall Street leaders.

“We’re taking every step we can to make sure that everybody is safe from these potential risks, including Anthropic agreeing to hold back the public release of the model until our officials have figured everything out,” he said.

In recent years, regulators have required banks to hold some capital tied to the potential for cyberattacks, as well as other so-called operational risks such as lawsuits and rogue employees. Banks have sometimes chafed at those requirements, given that operational risk is more difficult to measure than the market and credit risks that also factor into banks’ capital levels.

--With assistance from Katanga Johnson, Katherine Doherty and Hannah Levitt.

(Updates with Fed declining to comment in seventh paragraph.)

Most Read From Bloomberg