U.S. Bank Chiefs Were Summoned Over AI Cyber Risk. That Alone Signals a New Phase.

Financial stability officials are reacting before a model is widely released

The reported decision by U.S. Treasury Secretary Scott Bessent to summon major American bank chiefs to Washington over cyber risks tied to Anthropic’s latest AI model marks a notable shift in how frontier AI is being treated by policymakers. This is no longer just a debate among researchers and model developers. It is being discussed as a matter of systemic financial risk.

According to the report, the meeting took place after the release of information around Anthropic’s Claude Mythos model, which the company says poses unprecedented cybersecurity risks. Jerome Powell, chair of the Federal Reserve, was reportedly among those gathered, underscoring the seriousness with which officials are approaching the issue.

The concern is tied to software exploitation capabilities

Anthropic said in a blog post at the beginning of the month that AI models had surpassed “all but the most skilled humans at finding and exploiting software vulnerabilities.” The company warned that the consequences for economies, public safety, and national security could be severe.

The immediate backdrop to that warning was a recent leak of Claude’s code, which appears to have increased scrutiny around what the model could enable if its capabilities were misused or insufficiently controlled. The report says Anthropic has stated that its Mythos model, which has not yet been broadly released, has exposed thousands of vulnerabilities in software and popular applications.

That claim helps explain why regulators and bank executives would treat the issue as urgent. Large financial institutions depend on immense software estates, legacy systems, vendor connections, and digital channels that collectively create broad attack surfaces. If AI systems materially reduce the skill threshold for finding exploitable weaknesses, the defensive burden on banks rises quickly.

Anthropic is restricting access in an unusual move

The company’s response is itself notable. The report says this is the first time Anthropic has restricted the release of a product. Access to Mythos has reportedly been limited to a small group of businesses, including Amazon, Apple, Microsoft, Cisco, Broadcom, and the Linux Foundation.

That restriction matters for two reasons. First, it suggests Anthropic believes the cyber implications of the model are exceptional enough to justify a more cautious rollout than usual. Second, it signals that the frontier-AI sector may be entering a phase in which model access decisions increasingly resemble export-control logic, security clearance logic, or critical-infrastructure governance rather than ordinary product launches.

For the financial sector, that raises difficult questions. If a model with strong vulnerability-discovery capabilities exists, banks must consider not only whether they can use it defensively, but also whether adversaries, contractors, or third parties might gain access through leaks, derivative systems, or future releases.

Why banks are at the center of the concern

The guest list reportedly focused on leaders of systemically important banks, institutions whose disruption or collapse would threaten financial stability. Those present reportedly included executives from Goldman Sachs, Bank of America, Citigroup, Morgan Stanley, and Wells Fargo. JPMorgan’s Jamie Dimon was invited but unable to attend.

The focus on these banks indicates that the issue is not being framed as generic cyber hygiene. It is being treated as a concentration risk. A serious cyber event affecting a major bank can spill into payments, markets, confidence, and liquidity. AI-enhanced vulnerability discovery therefore becomes more than a technical issue; it becomes a macroprudential one.

Dimon’s annual shareholder letter, also cited in the report, fits that framing. He warned that cybersecurity remains one of the company’s biggest risks and that AI will almost certainly make that risk worse.

A policy threshold may have been crossed

There have long been warnings that advanced AI could transform cyber offense and defense. What is changing is the degree to which senior economic and regulatory officials appear willing to act on that possibility before a public crisis forces the issue. Convening top bank leaders is itself a statement that frontier-model capability is now relevant to national financial resilience planning.

It also creates pressure for more formal coordination among AI companies, financial regulators, and critical-infrastructure operators. If model developers are discovering thousands of vulnerabilities, governments will increasingly want to know how that information is handled, who gets access, how mitigations are coordinated, and what guardrails are in place before broader deployment.

The Mythos episode does not yet prove that a specific attack wave is imminent. But it does show that senior officials are no longer waiting for perfect certainty before escalating the matter. For banks, that likely means higher expectations around patching, monitoring, red-teaming, and model-risk awareness. For AI companies, it means capability claims may now trigger national-security style scrutiny as much as product interest.

From frontier model launch to infrastructure risk

The larger significance of the meeting lies in the category shift it represents. Frontier AI systems are no longer being evaluated only as productivity tools or research milestones. In some cases, they are being treated as technologies with direct implications for critical infrastructure and systemic stability.

That is a new phase. The financial sector is one of the first places where the consequences of that shift are becoming visible.

This article is based on reporting by The Guardian. Read the original article.