Photo: TSGT CEDRIC H. RUDISILL, USAF | Public domain | Wikimedia Commons
IMF Chief, U.S. Financial Regulators Flag Anthropic Mythos Cyber Risks as Project Glasswing Rolls Out to Major U.S. Firms
Anthropic’s Claude Mythos Preview — being rolled out in a tightly restricted “Project Glasswing” program to roughly 50 selected organizations (including major tech and finance firms and experimental use by Linux kernel maintainers) — has reportedly found thousands of high‑severity vulnerabilities across every major operating system and web browser and is better than prior models at devising ways to exploit them. Alarmed by the prospect of AI‑driven mass cyber risk, IMF Managing Director Kristalina Georgieva called for central banks and financial institutions to tighten guardrails while Treasury Secretary Scott Bessent and Fed Chair Jerome Powell convened an emergency meeting with CEOs of systemically important banks (including Bank of America, Goldman Sachs, Citigroup, Morgan Stanley and Wells Fargo) to discuss the threat amid Anthropic’s dispute with the Pentagon over a supply‑chain designation.
📌 Key Facts
- IMF Managing Director Kristalina Georgieva warned the world lacks the ability to protect the international monetary system from “massive cyber risks” posed by advanced AI, saying “time is not our friend,” and urged central banks and key financial institutions to coordinate and implement guardrails to protect financial stability.
- Treasury Secretary Scott Bessent and Fed Chair Jerome Powell held an in‑person emergency meeting at Treasury headquarters with CEOs of Fed‑designated ‘structurally important’ banks to discuss Anthropic’s Mythos cyber risks; attendees included Bank of America (Brian Moynihan confirmed), Goldman Sachs, Citigroup, Morgan Stanley and Wells Fargo, while JPMorgan CEO Jamie Dimon was invited but did not attend.
- Anthropic is running a restricted deployment called Project Glasswing, granting access to roughly 50 selected organizations (including Amazon, Apple, Cisco, JPMorgan Chase, Nvidia and some Linux kernel maintainers); Anthropic says it has no plans to release the Mythos Preview model publicly and has privately briefed senior U.S. officials and industry stakeholders on its capabilities.
- Anthropic says its Claude Mythos Preview has already found “thousands” of high‑severity vulnerabilities — including in every major operating system and web browser — and that the model can outperform all but the most skilled humans at finding and devising ways to exploit software flaws.
- Security experts warn that AI is already being used to sharpen phishing and ransomware attacks and that tools with Mythos‑class capabilities could substantially increase the number and exploitability of vulnerabilities once more widely available, though some researchers emphasize that everyday users today remain more exposed to basic threats like credential theft.
- Anthropic previously lost a $200 million Pentagon contract after refusing to support autonomous weapons and domestic surveillance; the Pentagon labeled Anthropic a supply‑chain risk and a federal appeals court recently rejected Anthropic’s attempt to block that designation.
- Reporting notes a noticeable acceleration in AI models’ bug‑finding ability beginning in early 2026 (e.g., hackers using AI against tools like cURL), and projects such as the Linux Foundation’s maintainers have begun experimenting with Mythos under Project Glasswing to ease maintainer workloads while raising concerns about proliferation and misuse risks.
📊 Relevant Data
In 2024, Black consumers (14%) and Latino consumers (13%) were twice as likely to experience financial loss from cyber attacks and scams compared to White consumers (6%).
Report: Black and Latino consumers twice as likely to be prone to online financial fraud — Texas Standard
In the US cybersecurity workforce, White individuals comprise 65.7% of cyber security analysts, followed by Asian (9.6%), Black or African American (9.2%), and Hispanic or Latino (9.0%).
101 Cybersecurity Statistics and Trends for 2026 — National University
Women make up 25% of cybersecurity professionals in 2026, projected to increase to nearly 33% by 2031.
The Latest Women in Cybersecurity Stats (Mar 2026) — National University Programs
📰 Source Timeline (6)
Follow how coverage of this story developed over time
April 11, 2026
9:00 AM
How AI is getting better at finding security holes
New information:
- Details that Mythos Preview has already been used experimentally by maintainers of the Linux kernel under Project Glasswing, with Linux Foundation CEO Jim Zemlin saying it can meaningfully ease the workload of overworked maintainers.
- Anthropic states Mythos Preview found high‑severity vulnerabilities, including at least some in every major operating system and web browser, and is better than prior models at devising ways to exploit those flaws.
- Access to Mythos Preview is currently restricted to roughly 50 select organizations under Project Glasswing, with Anthropic explicitly saying it has no plans to release this particular model to the general public because of misuse risks.
- Proofpoint VP of Threat Research Daniel Blackford says average users should worry more about basic threats like handing over passwords than about Mythos‑class tools, framing current risks as concentrated among security professionals and sophisticated actors.
- NPR’s reporting notes that noticeable improvements in AI models’ ability to find exploitable bugs began in early 2026, citing cURL lead developer Daniel Stenberg’s experience that hackers are using AI to find vulnerabilities in widely used internet data‑transfer tools.
April 10, 2026
9:19 PM
Anthropic's potent new AI model is a "wake-up call," security experts say
New information:
- Anthropic is operating a restricted deployment of Mythos under an initiative called Project Glasswing, sharing the model only with selected major companies including Amazon, Apple, Cisco, JPMorgan Chase and Nvidia.
- Anthropic says Mythos has already uncovered 'thousands' of vulnerabilities across 'every major operating system and web browser.'
- CBS reports that Treasury Secretary Scott Bessent and Fed Chair Jerome Powell held a closed‑door meeting with top bank CEOs on Tuesday to discuss Mythos and other AI‑driven cyber risks.
- Anthropic has privately briefed senior U.S. government officials and key industry stakeholders on Mythos’s capabilities, according to CBS.
- Security experts quoted by CBS warn that hackers are already using existing AI tools to sharpen phishing and ransomware attacks, and expect 'a lot more vulnerabilities' and cyberattacks once tools like Mythos are more widely available.
8:47 PM
IMF chief concerned about Anthropic cybersecurity risks: "Time is not our friend"
New information:
- IMF Managing Director Kristalina Georgieva publicly states the world currently lacks the ability to protect the international monetary system against 'massive cyber risks' from advanced AI, saying 'time is not our friend on this one.'
- Georgieva explicitly calls for central banks and other key financial institutions to work together and be 'very attentive' in managing AI‑driven cyberattack risks.
- CBS confirms via sources that the urgent meeting Treasury Secretary Scott Bessent and Fed Chair Jerome Powell held with major bank CEOs on Tuesday was specifically to discuss cybersecurity risks from Anthropic’s Claude Mythos Preview.
- Anthropic, in a blog post quoted here, says Mythos Preview has already found 'thousands of high‑severity vulnerabilities, including some in every major operating system and web browser,' and warns such capabilities may soon proliferate beyond actors committed to safe deployment.
8:12 PM
IMF chief says she's concerned about cybersecurity risks posed by Anthropic's latest AI model
New information:
- Kristalina Georgieva, in a CBS ‘Face the Nation’ interview, explicitly names Claude Mythos as Anthropic’s ‘latest’ AI model the IMF is concerned about.
- She states the IMF is “very keen to see more attention to the guardrails that are necessary to protect financial stability in a world of AI.”
- The warning is being delivered via a high‑profile Sunday political show, signaling an effort to bring the AI‑cyber‑risk issue into mainstream U.S. policy discourse.
6:25 PM
Bessent, Powell summon Wall Street CEOs for emergency meeting over Anthropic AI risks amid Pentagon dispute
New information:
- Specifies that Treasury Secretary Scott Bessent and Fed Chair Jerome Powell called a last‑minute, in‑person meeting Tuesday at Treasury headquarters in Washington, D.C., and that every bank summoned is designated by the Fed as 'structurally important' to the global financial system.
- Names additional CEOs and institutions involved, including Bank of America CEO Brian Moynihan’s confirmed attendance, plus Goldman Sachs, Citigroup, Morgan Stanley and Wells Fargo, and clarifies that JPMorgan CEO Jamie Dimon was invited but did not attend.
- Details Anthropic’s own public claims that its Claude Mythos Preview model can outperform all but the most skilled humans at finding and exploiting software vulnerabilities and has already uncovered thousands of previously unknown flaws, including decades‑old bugs at firms seen as security strongholds.
- Adds background that Anthropic previously held a $200 million Pentagon contract that collapsed after the company refused to support autonomous weapons and domestic surveillance, prompting War Secretary Pete Hegseth to label Anthropic a supply‑chain risk and bar federal contractors from using its products.
- Notes that Anthropic has briefed senior U.S. government officials on Mythos’ risks and that a federal appeals court has just rejected Anthropic’s attempt to block the Pentagon’s supply‑chain‑risk designation.