Anthropic’s Claude Mythos Preview can hack major banking networks at scale. It’s already catalogued thousands of high-severity vulnerabilities across every major operating system and web browser. And the public won’t get access to it. Not yet, possibly not ever.
The model, Mythos, is being kept out of general release because of what it’s capable of. Instead, the White House is pushing large banks to run controlled tests with it, using the tool to shore up their own defenses before someone else weaponizes something like it. The window for that may be narrower than anyone in government wants to say out loud.
Security expert David Lindner told Fortune that containment is probably a fantasy. “Even if they, quote unquote, don’t release it, China will have a version in five or six months, and there’ll be an open-source version within a year or two,” he said. Lindner’s other point cuts even deeper: the real problem isn’t the AI itself. It’s the backlog of known vulnerabilities that security teams haven’t patched. That list is long. Mythos just made clearing it a matter of urgency rather than preference.
Security researcher Costin Raiu told Reuters the situation is especially acute inside legacy banking infrastructure. IBM-built systems from decades back are particularly exposed. “A model like Mythos would have a field day finding exploits” in those systems, Raiu said. “And it’s just one example of ancient technologies powering the financial industry.” Most major banks are still running on software that predates smartphones. It’s not a secret exactly, but it’s not something the industry advertises. IBM’s own assessment describes Mythos as “forcing enterprise security teams to rethink their defenses from the ground up.”
Anthropic co-founder Jack Clark confirmed this week that the Trump administration had been briefed on what Mythos can do. That conversation moved fast. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened a meeting with banking executives, where officials said institutions should be positioned “to understand and anticipate a wide range of market developments” given the model’s existence. Counterpart meetings happened in the UK and Canada too.
The Mythos announcement didn’t arrive alone. Anthropic also launched Project Glasswing, a joint effort with Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. The coalition’s stated aim is to “secure the world’s most critical software.” JPMorgan Chase, one of the banks currently running preview access, called the effort “a unique, early-stage opportunity to evaluate next-generation AI tools for defensive cybersecurity across critical infrastructure.” That’s a lot of competitors in the same room agreeing something’s changed.
The Cybersecurity and Infrastructure Security Agency hasn’t issued formal guidance specific to Mythos as of this writing, but the agency has been looped into the broader conversations happening in 2026 around AI-enabled threat modeling.
What’s clear from the 04/15 briefing timeline is that officials didn’t sit on this. Between the White House outreach and the Bessent-Powell meeting, the government moved on Mythos inside two weeks. That’s fast for an administration that doesn’t have a reputation for speed on tech policy. Whether the banks can actually move that fast is a different question. Legacy systems don’t get patched on a news cycle, and Mythos won’t wait.