Anthropic built a model so capable of finding and exploiting software vulnerabilities that it initially determined it was too dangerous to release publicly. That model — Mythos — is now landing inside the largest financial institutions in the world, and its arrival is generating a rare combination of official encouragement and genuine alarm.
Over the past week, Bloomberg has published a series of articles documenting what may be one of the most consequential AI deployments in the history of financial services. The U.S. Treasury Department, JPMorgan Chase, and a growing list of global banks have either gained access to Mythos or are expected to do so within days. In the UK, Anthropic is preparing to roll out the model to British financial institutions this week.
What Makes Mythos Different
Anthropic has described Mythos as a model capable of identifying and then exploiting vulnerabilities in every major operating system and web browser when directed to do so by a user. That is an unusual capability to disclose publicly — most AI labs would be reluctant to characterize a model in terms of its offensive potential. The disclosure itself signals both the severity of what Mythos can do and Anthropic’s attempt to be transparent about its dual-use nature.
The Trump administration has encouraged Wall Street banks to use Mythos defensively — essentially deploying an AI capable of attack-level reasoning as an internal red-teaming tool. The argument is that financial institutions already face sophisticated adversaries with access to advanced AI, and using Mythos to proactively hunt for vulnerabilities gives defenders an edge they would otherwise lack.
The U.S. Treasury’s Chief Information Officer Sam Corcos has confirmed that the department’s technology team is seeking access to Mythos specifically to find systemic weaknesses in federal financial infrastructure, with access expected as early as mid-April.
Where Regulators Are Drawing Lines
Not everyone is comfortable with how this deployment is unfolding. The American Securities Association has warned that Mythos poses a risk to the Consolidated Audit Trail — the SEC’s comprehensive database of securities transactions — arguing that bad actors equipped with comparable tools could use AI to conduct mass identity theft and expose individuals’ entire trading histories.
The warning reflects a broader tension: the same capability that makes Mythos useful to a bank’s security team is precisely what makes it dangerous if it reaches adversaries, whether criminal organizations, rogue insiders, or foreign intelligence services. Anthropic has chosen to mitigate that risk through controlled access rather than public release, but access controls that work at the model level become harder to enforce once a model is deployed across thousands of employees at a major financial institution.
Bloomberg’s reporting also suggests that the speed of deployment is itself a concern. Rolling out a model of this sensitivity to UK banks “within the next week” leaves limited time for the kind of institutional review that financial regulators would normally require for a novel technology with systemic implications.
The Broader Precedent
Mythos represents an important inflection point regardless of how the immediate deployment plays out. It is the first widely-reported case of an AI model being characterized primarily by its offensive security capabilities, deployed commercially, and simultaneously flagged as a systemic risk by regulatory bodies — all within the same week.
For financial institutions, the Mythos episode is a preview of decisions they will face repeatedly: when does using the most capable available AI tool create more risk than it mitigates? That question does not have an easy answer, but it is becoming impossible to defer. Wall Street traders are already breaking volume records while Mythos takes the spotlight. The next chapter depends on whether the deployment creates the security dividend its proponents are promising — or whether it introduces vulnerabilities no one has yet mapped.
