On April 7, Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened an unannounced emergency meeting at Treasury headquarters in Washington. In the room were the CEOs of the country’s most systemically important financial institutions: Citigroup’s Jane Fraser, Morgan Stanley’s Ted Pick, Bank of America’s Brian Moynihan, Wells Fargo’s Charlie Scharf, and Goldman Sachs’s David Solomon. The subject was not a bank failure, a market crash, or a geopolitical crisis in the traditional sense. It was an AI model.
Anthropic’s unreleased Claude Mythos, the most capable AI system the company has ever built, had discovered thousands of previously unknown zero-day vulnerabilities across every major operating system and web browser. One flaw had gone undetected for 27 years. The implications were severe enough that within days, the Bank of England, the FCA, HM Treasury, the Bank of Canada, and their respective regulators had convened their own emergency sessions. I cannot recall a single AI capability demonstration that triggered simultaneous government-level responses across three continents.
What Mythos actually found and why Anthropic refused to release it
Mythos represents a step change in AI capability applied to security research. According to Anthropic’s own security disclosure, the model identified thousands of zero-day vulnerabilities, meaning flaws that no one, including the software vendors, knew existed. These were not theoretical weaknesses. They were exploitable pathways into the systems that run global finance, healthcare, government, and critical infrastructure.
The 27-year-old flaw in one of the world’s most secure operating systems is the detail that should keep every CISO awake. If a vulnerability can hide for nearly three decades in code that has been audited by thousands of security researchers, the implication is that the current model of human-led security research has fundamental blind spots that AI can see through. Anthropic’s security team recognized the dual-use nature of the discovery immediately. In the wrong hands, Mythos could be the most effective offensive cyber weapon ever created.
Rather than releasing Mythos publicly, Anthropic launched Project Glasswing, an initiative that gives a select group of technology and finance companies access to the model specifically to find and fix vulnerabilities before bad actors can exploit them. The decision to restrict access was the right call, and it was also the most significant admission by any AI lab that their own creation was too dangerous for general release. That precedent will shape how enterprises think about AI security for years.
Why the emergency meetings tell you more than the technology does
The meetings themselves are the real story. Bessent and Powell did not call in bank CEOs because Mythos found some interesting bugs. They called them in because the discovery exposed a structural reality that regulators had been slow to acknowledge: the entire cybersecurity apparatus of the global financial system was built for a world where vulnerability discovery happened at human speed.
At human speed, a talented security researcher might find a handful of critical zero-days per year. A well-funded team might find a few dozen. Mythos found thousands in what appears to have been a relatively short period. That compression of the discovery timeline changes everything about defensive security strategy. If an AI can find these flaws, so can a rival AI in the hands of a state-sponsored attacker or a criminal organization with sufficient compute resources.
The Globe and Mail reported that the discovery sparked a rush from both industry and government to “batten down defence hatches.” The UK’s National Cyber Security Centre is now coordinating with the Bank of England and HM Treasury. Canada assembled its own banks and regulators by the end of the week. The speed of the multinational response suggests that the classified briefings contained details more alarming than what has been made public.
What this means for enterprise security beyond banking
I think most enterprise security teams are drawing the wrong conclusion from the Mythos story. The obvious takeaway is that AI-discovered zero-days are a new threat vector. The deeper takeaway is that the entire vulnerability management lifecycle needs to be redesigned around the assumption that attack surfaces are being mapped by AI systems with capabilities that far exceed what human red teams can achieve.
Three implications stand out for enterprise leaders outside the banking sector. First, patch cycles measured in weeks or months are no longer viable if AI systems can discover and potentially exploit vulnerabilities in hours. The Mythos revelation should accelerate every enterprise’s transition toward continuous automated patching. Second, security audits that rely primarily on human penetration testing will miss what AI-powered adversaries can find. Enterprises need AI-augmented red teams. Third, vendor risk management needs to account for the possibility that your suppliers’ code contains decades-old flaws that no one has found yet.
The AI cybersecurity market was already projected to exceed $86 billion by 2030. After Mythos, I expect that timeline to compress. Palo Alto Networks’ $29 billion acquisition spree to build an AI agent security platform suddenly looks less like aggressive M&A and more like prescient positioning. Google’s $32 billion purchase of Wiz, which already felt like the defining deal of the current M&A cycle, now looks like table stakes.
The competitive dynamics of AI-powered vulnerability discovery
Anthropic chose responsible disclosure. The question every security professional should be asking is what happens when a less scrupulous actor builds a comparable system. China, Russia, North Korea, and Iran all have sophisticated state-sponsored cyber programs. The compute required to train a Mythos-class model is significant but not out of reach for a well-funded state actor.
The defensive advantage of Project Glasswing only holds if Anthropic’s participants can patch faster than adversaries can weaponize. That race condition will define enterprise cybersecurity for the next decade. The AI Security Institute is already evaluating whether Mythos represents a genuine paradigm shift or an overhyped demonstration. I lean toward the former. A model that finds a 27-year-old zero-day in one of the most audited operating systems on the planet is not overhyped. It is a preview of what every sufficiently advanced AI system will eventually be capable of.
The companies best positioned to benefit are those already integrating AI into their security operations: CrowdStrike, Palo Alto Networks, and the growing cohort of AI-native security startups that raised $3.6 billion in recent funding. The companies most exposed are those still running security programs designed around the assumption that adversaries are human.
My Take
Mythos is the first AI system that triggered emergency meetings across three governments in a single week. That reaction tells you everything you need to know about the severity. I think we are looking at the most consequential AI capability demonstration since GPT-4, and the enterprise security implications will take years to fully absorb. Every CISO who is not already building an AI-augmented security program just ran out of excuses.