When U.S. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell on April 7 convened an emergency, closed-door meeting with the leaders of the largest U.S. banks to discuss cybersecurity vulnerabilities discovered by Claude Mythos Preview, it was clear federal officials were concerned about the capabilities of Anthropic’s new frontier artificial intelligence tool.
The meeting came on the same day Anthropic announced it had allowed large software providers and major banks like J.P. Morgan Chase & Co., Bank of America Corp. and Citigroup to test Claude Mythos Preview as part of Project Glasswing — its “initiative to secure the world’s most critical software with early access to frontier AI.”
In a statement, Anthropic said Project Glasswing produced results so concerning, it would not release Claude Mythos to the general public. “We found that Mythos Preview is capable of identifying and then exploiting zero-day vulnerabilities in every major operating system and every major web browser when directed by a user to do so,” the statement reads.
Zero-day vulnerabilities are security bugs that are previously unknown — even to software developers and vendors. That means they are open to exploits by malicious actors.
Chad Knutson, CEO of SBS CyberSecurity, which provides cybersecurity audit and consulting services, says that while it is not unheard of for an AI system to expose zero-day vulnerabilities, the ability to exploit them autonomously is new. “So, that’s probably the piece that stuck out the most for me was that the adversaries [will be] getting a little better now when these tools become available,” he says.
Forget Traditional Approaches
The Financial Services Information Sharing and Analysis Center (FS-ISAC), a global cybersecurity organization for the financial services sector, issued its own Sector Risk Advisory within weeks of Anthropic’s warning. “Recent announcements of AI frontier models’ advanced vulnerability discovery and chaining capabilities to create exploits indicate an important change in the risk landscape for financial services,” the advisory begins. “Traditional assumptions and approaches for vulnerability management no longer hold.”
The Federal Deposit Insurance Corporation (FDIC) clearly took that warning seriously. FinXTech obtained a copy of an April 28 letter the FDIC sent to bankers that linked to the FS-ISAC advisory. “The FDIC remains focused on cybersecurity risks and is closely monitoring developments related to emerging AI models, including Anthropic Claude Mythos Preview,” the letter reads in part.
All the noise definitely has financial institution executives asking questions, says Steve Sanders, chief risk officer at CSI, a provider of banking and risk management solutions. “The one I got a lot is, ‘What are you doing about Mythos?’” Sanders says. “I think that the real question is, ‘So, now [that] we’ve discovered that AI is getting better at discovering vulnerabilities, and this is going to get in the hands of the bad guys, what are you doing to reduce that risk?’”
Sanders says Mythos has already exposed specific vulnerabilities in open source software. Anthropic pointed out one case in which it found a 27-year-old bug in OpenBSD — an open source operating system used by many financial institutions.
Knutson says that’s concerning, because he’s not sure most banks or credit unions even realize just how much open source software they are using. Other security experts have pointed out that Mythos can easily find and exploit unauthenticated application programming interfaces (APIs), which don’t require a login, passkey or any sort of identity check to access.
Whether Anthropic makes Mythos publicly available or not, its mere existence means other AI models are not far behind. In fact, the UK’s AI Security Institute (ASI), which has tracked AI cyber capabilities since 2023, found that already might be the case. In its evaluation of Claude Mythos Preview, the ASI found that ChatGPT 5.4, released on March 5, is a very close second in terms of capability.
Don’t Panic. Patch.
While those risks are real and could soon impact banks, many of the vulnerabilities Mythos exploited were already being manually exploited by hackers, says Dan Schiappa, president of technology and services at Arctic Wolf, one of the largest managed detection and response providers for financial institutions. “While it’s really good at that, that capability’s been in our industry for a long time,” he says. “There’s a whole industry built around finding these vulnerabilities and people still didn’t patch it fast enough.”
A patch is a fix to an existing software vulnerability that makes it secure. Many community banks and credit unions rely on their core providers, vendors or managed security service providers (MSSPs) to look for vulnerabilities in the various systems they use and patch them.
Knutson says that needs to start happening at a much faster rate. “We are still a little slow as bankers in putting patches out,” he says. “We even have some end-of-life systems you can’t patch. Is now the time to get rid of some of that infrastructure?”
FS-ISAC’s answer to that question is “yes.” Replacing end-of-life technology, patching current vulnerabilities, aggressively testing for new ones and increasing patch frequency are all included in a list of nine action items FS-ISAC recommends to financial services providers.
Jouk Pleiter, the CEO and founder of the operating platform and software provider Backbase, thinks Anthropic has a history of using scare public relations, but agrees the industry needs to take the issue seriously. Like a lot of companies, he doesn’t have access to Claude Mythos Preview yet, so his teams are running the latest versions of other AI tools to look for vulnerabilities.
Sanders says there is also a high likelihood that many of the large software providers involved in Project Glasswing will publicly release patches for the vulnerabilities Mythos finds in their products. That means bad actors will know about them too. “If we do get a surprise, and all of a sudden the next Microsoft patch is three times the size of normal or you start finding out that all your vendors are releasing patches, is your IT team really equipped to handle getting those patches out as fast as you need to?” he asks.
Knutson recommends that bank and credit union IT teams run a few tabletop exercises to help mitigate future risks. “And role play,” he says. “‘What would happen if someone got a Fiserv exploit working and took a shot at our system? What would we do? How does this change it?’”
While Mythos has found and exploited several zero-day vulnerabilities, Schiappa points out those account for less than 5% of all cyber attacks. “The bigger problem is the other 95% of the attacks,” he says. “We’re seeing massive amounts of AI-generated malware. Obviously, social engineering attacks (phishing) are very heavily advanced with AI.”
The experts all agree frontier AI tools will increase the speed and effectiveness of those attacks sooner than later. “Maybe as soon as 12 months, probably no more than 24, we’re going to find the way vulnerabilities are managed and remediated is going to radically change,” Sanders says.
And that will mean security teams need to stay on their toes.
Previous