Whalesbook
Urgent Meeting on AI and Bank Security
An emergency summit took place this week at the Treasury Department in Washington. Top financial regulators, led by Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell, met with the CEOs of the U.S.'s largest banks. Discussions focused on the growing cybersecurity risks from advanced artificial intelligence models, such as Anthropic's Mythos. The meeting shows a major shift in how regulators see AI: no longer just a tech upgrade, but a potential source of large-scale financial instability. Leaders from Citigroup, Morgan Stanley, Bank of America, Wells Fargo, and Goldman Sachs attended. Authorities now believe AI development is moving faster than current security and risk management practices in the financial sector.
Anthropic's Mythos AI: Capabilities and Concerns
Anthropic's Mythos AI is a major advancement specifically designed to find and exploit software weaknesses. Unlike AI for general tasks, Mythos focuses on advanced cybersecurity. It can automatically create complex exploits and uncover 'zero-day' flaws—vulnerabilities missed by human experts for years. Mythos can detect and report weaknesses in operating systems and web browsers in real-time and at low cost. Anthropic is limiting access through its 'Project Glasswing' initiative to select major tech and financial firms. Partners like Amazon Web Services, Apple, Google, Microsoft, and JPMorgan Chase are using Mythos defensively to find and fix critical software flaws before attackers can use similar AI tools. This project forms a defensive alliance, recognizing the AI's powerful offensive capabilities.
AI's Growing Impact on Crypto
Advanced AI's impact on cybersecurity is already visible in the cryptocurrency world. The decentralized finance (DeFi) sector is especially at risk from AI finding new vulnerabilities. These flaws can be discovered and exploited extremely fast and cheaply. This has caused major financial losses and upended the old security balance where attacks cost more than they were worth. AI's speed in analyzing code and finding bugs could overwhelm current security systems. This trend serves as an early warning for the wider financial system. As blockchain use grows and AI gets smarter, a new look at privacy and security for digital assets is needed.
Industry Collaboration on AI Defense
The fast pace of AI in cybersecurity has started an arms race, leading major companies to respond strategically. OpenAI is developing its own competing cybersecurity AI model, showing strong competition. In response to threats, Anthropic launched Project Glasswing. This collaboration includes tech rivals like Google and Microsoft, plus infrastructure firms and security leaders like CrowdStrike and Palo Alto Networks. Anthropic is backing the project with up to $100 million in credits. The goal is to find and fix vulnerabilities in key global software before they are exploited. These alliances show that no single company can defend against AI-powered cyber threats alone, requiring a shared effort to improve overall security. The focus is shifting to overall system governance and deployment for effective cybersecurity.
Pentagon's Supply Chain Risk Designation
Anthropic is in a legal dispute with the Pentagon, which has labeled the AI company a 'supply chain risk.' This designation comes after Anthropic declined to let the military use its Claude AI model for sensitive tasks like mass surveillance or autonomous weapons, citing ethical reasons. A California judge initially stopped the Pentagon's actions, but an appeals court has now allowed the designation to remain while it reviews the case, favoring the government's national security concerns. This conflict shows the difficult balance between promoting AI innovation and protecting national security. The government is asserting its power in buying critical technology. The legal issues highlight the challenges AI developers face when their ethical limits clash with government security needs, which could affect future deals and market access.
Persistent AI Cybersecurity Threats
Even with Anthropic's efforts in Project Glasswing, Mythos's core abilities pose serious risks. The AI can find and exploit long-standing vulnerabilities—like a 27-year-old flaw in OpenBSD or a 16-year-old bug in FFmpeg—making traditional security update schedules outdated. This rapid progress creates a 'governance gap' for banks, many of which struggle with old systems and complicated ownership to safely adopt AI. The AI cybersecurity field is also rapidly changing. While Project Glasswing focuses on defense, there's a real threat that its offensive capabilities could be copied or spread. The Pentagon's 'supply chain risk' label for Anthropic serves as a strong reminder that geopolitical and ethical factors can create major business and strategic weaknesses, affecting a company's operations and partnerships with the government.
Future Regulatory Outlook
Regulators face a difficult challenge: encouraging AI innovation while protecting financial stability. The U.S. Treasury's new Financial Services AI Risk Management Framework (FS AI RMF) aims to set standards for governance and security across the industry. This framework aligns with NIST guidelines and promotes transparency and fairness. As AI capabilities grow even faster, banks will face more pressure to show strong AI risk management and open operations. The continuing AI race in cybersecurity points to a future of constant change, where active defense and industry teamwork will be key to staying ahead of advanced, AI-powered cyber threats. Expect more intense regulatory oversight and a steady focus on keeping financial systems safe from evolving AI cyber risks.