Anthropic introduced Claude Mythos Preview on April 7 as its “most capable” model yet for coding and agentic tasks, drawing attention for its ability to identify cybersecurity weaknesses and potentially exploit them. Officials in the United States, Canada, and the United Kingdom have recently met with banking officials to discuss the threats the model could pose to the financial sector. Concern is especially acute in banking because modern tools are often layered onto decades-old legacy systems, creating complex environments with hidden weaknesses.
Security specialists say Claude Mythos Preview can analyze highly interconnected infrastructure and expose vulnerabilities that were previously difficult to find. Guardrail Technologies chief executive TJ Marlin said the model can examine complex architectures, including legacy infrastructure, where undiscovered vulnerabilities and complexities become accessible as threat factors. Former Office of the Comptroller of the Currency official Naresh Raheja said banks share vendors and solutions across a heavily regulated and specialized industry, increasing the potential for widespread risk if common systems are exposed.
Anthropic has said Claude Mythos Preview will not be made generally available, instead launching Project Glasswing to let major tech companies, cybersecurity vendors, and JPMorgan Chase privately evaluate the model and prepare defenses. Anthropic said the model can identify and exploit previously unknown vulnerabilities in every major computer operating system and every major web browser. The company said Mythos Preview has already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser, and warned that such capabilities could soon spread beyond organizations committed to safe deployment.
As part of Project Glasswing, partners will use the model for defensive security work, and Anthropic plans to share lessons learned so the broader industry can benefit. The company has also expanded access to more than 40 additional organizations that build or maintain software infrastructure, allowing them to scan and secure first-party and open-source systems. Anthropic is committing up to $100M in usage credits for Mythos Preview across these efforts, along with $4M in direct donations to open-source security organizations.
Warnings from industry groups have reinforced the sense of urgency. In an April 12 strategy briefing, a Cloud Security Alliance coalition said Mythos represents “a step change” in capable Artificial Intelligence models and lowers the cost and skill floor for finding and exploiting vulnerabilities faster than organizations can patch them. Costin Raiu of TLPBLACK said the banking sector’s repeatedly updated legacy systems could be especially vulnerable, adding that a model like Mythos would “have a field day finding exploits” in certain environments.
