Recently, something significant enough to force the leaders of the largest banks in the United States to meet with the Federal Reserve Chair and the Treasury Secretary at short notice occurred, and it had nothing to do with interest rates or the Iran War.
According to the report, Treasury Secretary Scott Bessent and Fed Chair Jerome Powell called an unexpected emergency meeting with the CEOs of the nation’s most “systemically important” financial institutions on April 7 at Treasury headquarters in Washington. The topic is Anthropic’s Mythos AI model, which has the ability to drastically alter and destabilize cybersecurity throughout the world’s financial system.
Jane Fraser of Citigroup, Ted Pick of Morgan Stanley, Brian Moynihan of Bank of America, Charlie Scharf of Wells Fargo, and David Solomon of Goldman Sachs were present. Jamie Dimon of JPMorgan couldn’t make it.
A breach of any one of the represented banks might have a significant impact on the global financial system because they are all categorized as globally systemically important.
The Mythos of Anthropic and its Distinctions
Anthropic’s most potent AI model to date, Mythos, was made available on April 7 to a select group of four finance and technology companies rather than the general public.
Although it wasn’t created with hacking in mind, its sophisticated coding and reasoning skills have given it something far more concerning: the capacity to identify and take advantage of software flaws that human security specialists have overlooked for decades.
Anthropic’s security team claims that Mythos has already found thousands of “zero-day,” or previously undiscovered, vulnerabilities in all major operating systems and online browsers.
Among the discoveries were a weakness in OpenBSD, widely regarded as one of the most secure operating systems available, that had gone undiscovered for 27 years, and a fault in the video processor FFmpeg that had passed five million automated security tests without being detected, according to Quartz.
Regulators are particularly concerned about Mythos not just because it can identify these vulnerabilities but also because it can independently connect several vulnerabilities to create functional exploits.Logan Graham, Anthropic’s lead for offensive cyber research, told, “We’ve frequently seen it chain vulnerabilities together”. “The degree of its autonomy and sort of long-range-ness, the ability to put multiple things together, I think, is a particular thing about this model.”
Anthropic observed that these cyber capabilities emerged as a result of advancements in autonomy, thinking, and coding rather than being explicitly trained into Mythos.
Why banks are under attack and the implications for Americans
Regulators are particularly concerned about what can happen if a tool like Mythos falls into the wrong hands or if a rival facility creates something comparable without the same safety precautions.
The purpose of the discussion was to make sure that banks are aware that they would soon have to defend their systems against AI-powered attackers who can discover vulnerabilities more quickly than any human security team could fix them.
Because the summoned banks manage mortgages, make payments, keep trillions in deposits, and assist hundreds of millions of Americans with their retirement funds, this is significant to the general public.
A successful, widespread cyberattack on any one of them, made possible by a tool like Mythos, might interfere with money access, jeopardize account information, or lead to a general decline in trust in the financial system.
Anthropic’s response to it
Instead of making Mythos available to the general public, Anthropic started Project Glasswing, a program that provides access to the model to a limited number of technology and finance businesses in order to identify and address weaknesses before malicious actors may take advantage of them.
Amazon, Apple, Microsoft, Google, Cisco, Nvidia, and JPMorgan are among the fourteen launch partners. Model access to scan and secure systems is available to another forty or so crucial software businesses.
As part of the endeavor, Anthropic claims to be “committing up to $100 million in usage credits” and “directly donating €4 million to open-source security organizations”.
According to Anthropic’s frontier red team cyber head, Newton Cheng, “Frontier AI capabilities are likely to advance substantially over just the next few months,” which implies that similar tools will eventually reach hostile actors.
Giving defenders an advantage is the aim of Project Glasswing.
The first thing the typical bank customer learns is that those in charge of safeguarding their funds are taking this seriously enough to call emergency meetings. No one in Washington is yet able to respond to the question of whether such preparation is sufficient.
