Alarm has been raised within the U.S. government over Anthropic’s new artificial intelligence model, “Claude Mythos Preview,” with Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convening an emergency meeting with heads of major banks in Washington to assess potential cyber risks and urge financial institutions to reinforce their systems in time.

The trigger for this emergency response was Anthropic’s own admission that Mythos is so powerful that it cannot yet be released to the general public. The company announced that it has suspended its general rollout and is, for now, limiting it to a closed collaboration framework with major technology and financial companies, until it determines what safeguards and security rules are required before any wider release.

This move is telling in itself: one of the leading companies in the sector is publicly stating that its new model is so powerful that normal commercial release would be premature and potentially dangerous.

In practice, Mythos has been included in the new “Project Glasswing,” an Anthropic initiative involving companies such as Amazon Web Services, Apple, Microsoft, Google, Cisco, Nvidia, Palo Alto Networks, CrowdStrike and JPMorgan Chase.

The rationale behind the initiative is that organizations managing critical digital infrastructure will gain first access to the model, allowing them to test their own systems, identify vulnerabilities and share findings before such a tool reaches hands that could use it offensively.

The concern is not theoretical. Anthropic has reported that, in internal testing, Mythos was able to identify and then exploit weaknesses “in every major operating system and every major web browser” when given the appropriate instruction by a user. In some cases, the model reportedly discovered thousands of serious vulnerabilities, including long-standing flaws that had evaded conventional auditing tools for years.

Close
It found decades-old vulnerabilities that no one had detected
Anthropic does not describe Mythos in vague terms. In its technical documentation, it states that in internal testing the model was able to identify and exploit zero-day vulnerabilities “in every major operating system and every major web browser,” when prompted by a user.

Moreover, it did not rely only on simple or known techniques: in one case it generated a browser exploit that combined four different vulnerabilities, bypassing protection layers of both the browser and the operating system. In another, it identified a 27-year-old bug in OpenBSD, an operating system known for its strong security reputation, and also found a 16-year-old vulnerability in FFmpeg, a library that has been extensively audited for years using automated tools.

What banks really fear
This is precisely where the deeper concern of Washington and the financial system lies.

Large banks and markets do not rely only on “modern” cloud systems, but also on vast layers of legacy software, browsers, endpoint environments, middleware, supply chains and applications connecting payments, trading, custody, data feeds and internal communication. A system like Mythos does not simply mean that a new vulnerability can be found.

It means that it dramatically shortens the time between the discovery of a weakness and its operational exploitation. In simple terms, it reduces the window in which defenders can fix a problem before it turns into a real attack. This is the dimension that explains why the issue reached directly the Treasury and the Fed.

Anthropic argues that Mythos was not originally designed as a cybersecurity tool, but as a general-purpose model with highly advanced capabilities in reasoning, programming and solving complex problems.

However, it is precisely these capabilities that, according to the company, allow it to function as an extremely effective mechanism for identifying—or even exploiting—security gaps. For this reason, the company has already discussed the model’s “offensive and defensive” cyber capabilities with U.S. authorities, without specifying which agencies were involved.

The message now coming from Washington is that the issue goes far beyond a typical corporate announcement of a new AI product. The emergency meeting at the U.S. Treasury, with the participation of Bessent and Powell themselves, shows that American financial authorities see in Mythos a preview of the next major threat: AI models so advanced that they can function simultaneously as a defensive tool and as a weapon for large-scale cyberattacks.

Anthropic insists that it is trying to give “an advantage to the defenders.” For this reason, Glasswing is accompanied by $100 million in usage credits for participants, as well as additional funding for open-source and security organizations, while the company has committed to publishing a public report within 90 days on findings, vulnerabilities fixed and conclusions that can be shared without creating new risks. The goal is to shape new standards for vulnerability disclosure, patching, software supply chains, secure-by-design practices and frameworks for regulated sectors.

The case also has a second reading for the market. Anthropic, already at the center of the global race for ever more powerful AI models, is now trying to set a precedent: access first to “defenders,” then to the public. Whether this logic will become the new standard for the most advanced AI systems remains to be seen. For now, however, Washington and Wall Street are treating Mythos as a technological leap that could change the rules of the game in cybersecurity.

Meta joins the race for “superintelligence” with Muse Spark
Meta is also stepping up in the AI race, presenting its new model Muse Spark, the result of a costly investment aimed at developing “superintelligence,” meaning AI that can surpass human cognitive abilities. Muse Spark is the first model in a new series, internally known as Avocado.

Unlike previous Llama models, Meta is not proceeding with a fully open release, but is initially offering only limited access (“private preview”) to selected partners. The model will first be available via the Meta AI app and will gradually be integrated into platforms such as WhatsApp, Instagram, Facebook and the company’s smart glasses.

According to Meta, Muse Spark has been designed to be “small and fast,” yet capable of handling complex queries in fields such as science, mathematics and health. Independent evaluations show that the model approaches the performance of top competitors in language and visual understanding but lags in programming and abstract reasoning. It ranked fourth overall in the Artificial Analysis benchmark.

The company’s CEO, Mark Zuckerberg, has already hinted at gradual performance improvements, noting that the first models will mainly demonstrate Meta’s “rapid trajectory of development.”