An AI Model Scared the Federal Reserve and US Treasury Into Summoning Wall Street

On April 6, JPMorganChase CEO Jamie Dimon published his annual shareholder letter. In it, he warned that AI introduces serious new cybersecurity risks and called on companies, regulators, and governments to prepare.

Two days later, the two most powerful financial regulators in the United States decided preparation could not wait.

US Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened an urgent meeting at Treasury headquarters in Washington on Tuesday, April 8, summoning the CEOs of the country's largest banks.

The objective was to discuss cybersecurity risks posed by Anthropic's Claude Mythos Preview, an unreleased frontier AI model the company itself describes as too dangerous for general release.

The meeting was first reported by Bloomberg on Thursday. Reuters separately confirmed it with two sources familiar with the matter.

What the Meeting Signals

The structure of what happened on April 8 is significant beyond its immediate subject matter. The Treasury Secretary and the Federal Reserve Chair do not jointly convene bank CEOs for routine cybersecurity briefings.

The last time Washington assembled Wall Street in this way was in response to threats to the stability of the financial system itself.

What Bessent and Powell did on April 8 is treat an AI model's cybersecurity capabilities as a threat of comparable seriousness, not a technology problem for individual banks to address on their own timelines, but a collective risk requiring coordinated regulatory attention.

The meeting was aimed at ensuring banks are aware of the potential risks posed by Mythos and similar models and are taking steps to defend their systems, according to sources cited by both Bloomberg and Reuters.

The phrase "and similar models" is notable, this was not a briefing about Anthropic specifically. It was a briefing about a new category of AI capability that Mythos represents, and what it means for financial infrastructure going forward.

What Claude Mythos Can Do

The urgency of the meeting is grounded in what Anthropic's model has already demonstrated. Claude Mythos Preview, a general-purpose frontier model not specifically trained for cybersecurity, has identified thousands of zero-day vulnerabilities across every major operating system and every major web browser, according to Anthropic's announcement on April 7.

The model identified a bug in the open-source operating system OpenBSD that had gone undetected for 27 years.

Anthropic described the capabilities plainly in its announcement: AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities.

The company said it has no plans to make Mythos Preview generally available. "Given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely," Anthropic said. "The fallout for economies, public safety, and national security could be severe."

The company proactively briefed senior US government officials and key industry stakeholders on Mythos's capabilities ahead of its release, according to a third source cited by Reuters.

That decision to brief regulators before launch reflects a calculation that the model's offensive capabilities required government awareness before it was made available even to a restricted group of partners.

The CEOs present at the April 8 meeting were Jane Fraser of Citigroup, Ted Pick of Morgan Stanley, Brian Moynihan of Bank of America, Charlie Scharf of Wells Fargo, and David Solomon of Goldman Sachs, according to Bloomberg.

They were already in Washington for a banking lobby group meeting when invitations were extended, according to one of the Reuters sources. Jamie Dimon was invited but could not attend, one source told Reuters. The absence is notable for a specific reason.

JPMorganChase is the only major US bank that is a founding launch partner of Project Glasswing, Anthropic's initiative to give select institutions access to Mythos Preview for defensive cybersecurity work.

Dimon published his annual letter on April 6 warning that AI introduces serious cybersecurity vulnerabilities and calling for coordinated preparation, then joined Project Glasswing the following day. Yet he was the one major bank CEO absent from the meeting that brought both threads together.

Goldman Sachs and the Federal Reserve declined to comment. The Treasury, the attending banks, and Anthropic did not respond to requests for comment from Reuters.

The Regulatory Posture Is Shifting

The April 8 meeting did not happen in isolation. It is the most visible expression of a regulatory posture toward AI that has been building across multiple agencies for months.

The California Department of Financial Protection and Innovation sent a bulletin to its regulated institutions in early March warning of heightened cyber awareness following the outbreak of the Iran war, noting that Iranian state-sponsored groups were using generative AI to craft spear-phishing attacks and deepfakes targeting US financial institutions.

The New York Department of Financial Services issued a similar letter to chief information security officers of its regulated institutions.

Fitch Ratings warned in March that hacktivists and state-sponsored groups may target critical infrastructure through cyberattacks.

What the April 8 meeting adds to that picture is federal-level escalation. The DFPI and NYDFS actions were state regulatory responses.

Bessent and Powell convening bank CEOs at Treasury is Washington treating AI-augmented cybersecurity risk as a matter of national financial stability, a systemic challenge that the federal regulatory apparatus is now actively engaged with.

Anthropic has said it is in ongoing discussions with US government officials about Claude Mythos Preview's offensive and defensive cyber capabilities and intends to report publicly within 90 days on vulnerabilities fixed and improvements made through Project Glasswing.

The April 8 meeting suggests those discussions have moved well beyond the company's own initiative.

What Banks Are Now Expected to Do

Banks present at the April 8 meeting were urged to assess potential threats and strengthen their defenses, according to sources cited by Bloomberg and Reuters.

In practical terms, that means vulnerability detection, penetration testing, endpoint security reviews, and black box testing of critical systems, the same categories of defensive work that Project Glasswing partners are using Mythos Preview to execute.

The gap is significant. Project Glasswing gives its twelve launch partners and roughly 40 additional organisations direct access to a model capable of identifying zero-day vulnerabilities at a scale and speed no human team can match.

Banks outside that group have no equivalent tool. The institutions in the room on April 8 were told to prepare for a threat that only a handful of organisations currently have the means to fully assess.