Myth or Modern Threat? What Anthropic’s Mythos Signals for Cyber Risk
17th April 2026Recent weeks have seen growing attention on Mythos, Anthropic’s new AI model, following reports that the tool is considered too powerful for public release. Designed to autonomously identify software vulnerabilities, Mythos is claimed to have uncovered weaknesses not only at unprecedented speed, but also within highly scrutinised systems – including flaws that had reportedly gone undetected for more than two decades.
Anthropic has stated that releasing such a capability widely, without adequate preparation time for critical infrastructure operators, would be irresponsible. As a result, the company has delayed broader availability while it monitors Project Glasswing, a controlled initiative intended to give critical infrastructure and large institutions time to strengthen their environments before any wider rollout.
Sceptics argue that this framing reflects industry hype rather than substance – the latest in a long line of AI marketing narratives positioning tools as “too powerful” for general use. With limited visibility into Mythos itself, distinguishing genuine risk from promotional strategy has been difficult.
That ambiguity shifted when major financial institutions, unusually, chose to address Mythos directly during earnings calls. The decision by banks to dedicate time in formal market disclosures to discuss the tool – and its implications – suggests that this is not being treated as a speculative development, but as a material issue warranting broader discussion with investors, regulators, and the market at large
What Banks Are Saying About Mythos – And Why Cyber Risk Just Went Up
Mentions of Anthropic’s advanced AI model Mythos surfaced prominently in several large banks’ earnings calls this month, underscoring how rapidly cyber risk is evolving for the financial sector – and for large enterprises more broadly.
Senior executives at JPMorgan Chase, Goldman Sachs, and Morgan Stanley used earnings calls to acknowledge both active testing of Mythos and growing concern that frontier AI systems may accelerate the discovery and exploitation of software vulnerabilities faster than organisations can remediate them.
JPMorgan Chase: “AI Has Made It Worse, Not Better – For Now”
JPMorgan CEO Jamie Dimon told analysts that the bank is testing Anthropic’s Mythos preview and that early experience reinforces a hard truth: while AI may eventually strengthen defences, it is currently expanding the attack surface.
Dimon said AI “has made it worse, it’s made it harder,” noting that Mythos has already highlighted far more vulnerabilities across complex systems than previously understood. He emphasised that cyber risk does not stop at individual banks, pointing instead to dependencies on exchanges, vendors, and critical third‑party infrastructure – all of which increase systemic exposure.
The message from JPMorgan was clear: even institutions spending heavily on cyber defence should expect greater near‑term risk, not less.
Goldman Sachs: “Hyper‑Aware” and Accelerating Investment
Goldman Sachs CEO David Solomon confirmed on the bank’s earnings call that Goldman has access to Mythos via Anthropic’s restricted programme and is actively working with the model.
Solomon described the firm as “hyper‑aware” of the enhanced capabilities of frontier AI systems and said Goldman is accelerating investment in cyber and infrastructure resilience accordingly. He framed Mythos as part of a broader structural shift, rather than a one‑off event, signalling that AI‑driven cyber threats will demand sustained attention from boards and regulators alike.
Morgan Stanley: A Shared Industry Risk, Not a Competitive Edge
Morgan Stanley CEO Ted Pick told analysts that the firm is “permissioned” on the Mythos preview and that cyber risks associated with advanced AI are being discussed collectively across the Financial Services Forum.
Rather than portraying Mythos as a competitive differentiator, Pick characterised it as an industry‑wide challenge where collective improvement in defensive capabilities will be necessary – alongside the expectation that multiple competing AI models will soon emerge.
Why This Matters Beyond Banking
While these comments came from global banks, the implications extend far beyond financial services. Earnings calls are typically conservative forums, and the decision by multiple CEOs to explicitly name Mythos and highlight its risks signals a meaningful shift in enterprise cyber risk perception.
Banks are effectively acknowledging that:
- vulnerability discovery is moving faster than remediation,
- AI‑enabled threats are becoming systemic rather than local,
- and traditional assumptions about perimeter defence are increasingly fragile.
Key Cyber‑Risk Takeaways for Large Companies
1. “More visibility” also means “more exposure.”
Advanced AI tools like Mythos are surfacing vulnerabilities that have existed for years. Knowing about them is valuable, but it also compresses the time window between discovery and exploitation.
2. Cyber risk is now ecosystem‑wide.
As JPMorgan highlighted, your risk profile is only as strong as your weakest vendor, cloud provider, or software dependency. AI increases the likelihood that attackers will find those weak links faster.
3. Near‑term risk is rising, even as long‑term defences improve.
Executives are openly acknowledging that AI is worsening cyber risk in the short term. Large companies should plan controls, insurance, and incident response accordingly.
4. Regulators and boards are paying close attention.
The fact that earnings calls explicitly cited Mythos – and referenced government engagement – suggests heightened scrutiny. Expect questions around AI‑driven cyber risk governance, not just technical controls.
5. Investment alone is not a silver bullet.
Even organisations with substantial cyber budgets are signalling caution. Resilience, segmentation, third‑party risk management, and recovery capabilities are becoming as important as prevention.
Sources:
CNBC, “Jamie Dimon: Anthropic Mythos reveals ‘more vulnerabilities’ for cyberattacks,” 14 April 2026.
https://www.cnbc.com/2026/04/14/jamie-dimon-anthropic-mythos-vulnerabilities-cyber-attacks.html
Observer, “Wall Street CEOs’ First Reactions to Anthropic’s Mythos,” 14 April 2026.
https://observer.com/2026/04/jamie-dimon-david-solomon-test-anthropic-mythos/
Reuters, “Banking industry scrambles for Anthropic’s Mythos as global regulators review risks,” 20 April 2026.
https://www.reuters.com/world/banking-industry-scrambles-anthropics-mythos-regulators-review-risks-2026-04-20/
Bloomberg (reporting via The Business Times), “Singapore urges banks to fix security gaps amid concerns over Anthropic’s Mythos AI,” 20 April 2026.
https://www.businesstimes.com.sg/singapore/singapore-urges-banks-fix-security-gaps-amid-concerns-over-anthropics-mythos-ai