Anthropic’s Mythos Preview has pushed a familiar cyber risk into a sharper phase: software vulnerabilities are no longer just something human attackers hunt for manually, because a frontier AI model can now help find and exploit them at scale. Banks and regulators are already treating the model as a serious concern, especially because many financial institutions still run a mix of modern systems and older legacy software.
Anthropic says Mythos Preview is its most capable model yet for coding and agentic tasks, and the company’s own security team says it has already identified thousands of high-severity vulnerabilities during testing.
Cybersecurity experts say that banks rely on layered technology stacks, and those stacks often combine current tools with decades-old software that has been patched many times. That kind of environment creates a broad attack surface. Many banks use the same vendors and the same solutions for customer onboarding, know-your-customer checks, and transaction handling, which means a weakness in one layer can ripple across the sector instead of staying isolated inside one institution.
Anthropic’s public response has been to limit access and frame the model as a defensive-security tool. The company says Mythos Preview will not be generally available. Instead, it created Project Glasswing, a private program for major technology firms, cybersecurity vendors, JPMorgan Chase, and several dozen other organizations that build or maintain critical software infrastructure. Anthropic says participants will use the model to scan and secure first-party and open-source systems, and the company has committed up to $100 million in usage credits and $4 million in donations to open-source security groups.
The company says Mythos Preview can identify and exploit zero-day vulnerabilities in every major operating system and every major web browser when directed to do so. Anthropic’s researchers say the model found thousands of high- and critical-severity vulnerabilities, including a 16-year-old flaw in FFmpeg and a bug in an unnamed virtual machine monitor. The company also says more than 99% of the vulnerabilities it found had not yet been patched, which is why it withheld many details.
A model that can move from vulnerability discovery to exploit development shortens the time available to defenders. Reuters quoted the Cloud Security Alliance as saying Mythos represents “a step change” because it lowers the cost and skill floor for discovering and exploiting weaknesses faster than organizations can patch them. In practical terms, that means a threat that once required specialist knowledge can be accelerated by a system that works overnight and reasons across large codebases with little supervision.
The response from governments shows the concern is not limited to the technology sector. Officials in the United States, Canada, and Britain have met with top banking officials to discuss the threat posed by Claude Mythos Preview. U.S. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell warned major bank CEOs about the cybersecurity implications of Anthropic’s model in an urgent meeting on April 10, 2026. That level of attention suggests the issue is being treated as a financial-stability question, not just a software-security issue.
Banks can patch software, but they cannot patch at the same speed that a capable AI model can search for weaknesses. Anthropic’s own materials say the security challenge is moving faster than the industry’s normal response cycle, and the company says frontier AI capabilities are likely to advance substantially over the next few months. That is a sober warning, not a marketing claim. It suggests the gap between vulnerability discovery and vulnerability exploitation is narrowing, while the time required for defense is not shrinking at the same pace.
[Also Read: Anthropic Launches ‘Project Glasswing’ with Tech Giants to Boost Global Cybersecurity ]
