A CMS misconfiguration at Anthropic exposed a draft blog post about the unreleased model. Fortune, CNBC and CoinDesk reported on the leak; cybersecurity stocks slumped.

Bessent and Powell convened a closed-door meeting at Treasury HQ with the CEOs of Bank of America (Brian Moynihan), Citigroup (Jane Fraser), Goldman Sachs (David Solomon), Morgan Stanley (Ted Pick), and Wells Fargo (Charlie Scharf). JPMorgan's Jamie Dimon was unable to attend. Officials encouraged banks to run Mythos against their own systems.

Anthropic announced Claude Mythos Preview alongside Project Glasswing — a coalition of ~40 partners including AWS, Apple, Google, Microsoft, Nvidia, JPMorgan Chase, CrowdStrike. The model is restricted, not publicly released.

AISI published its evaluation finding 'continued improvement in capture-the-flag (CTF) challenges and significant improvement on multi-step cyber-attack simulations.' Mythos Preview was the first model to complete AISI's 32-step 'The Last Ones' attack range end-to-end (3 of 10 attempts).

Georgieva said the world does not have the ability 'to protect the international monetary system against massive cyber risks,' that risks were growing exponentially, and called for more attention to AI guardrails. Her line 'time is not our friend on this one' framed the issue ahead of the IMF Spring Meetings.

Regnier told reporters: 'We have a new AI model that is being released. It comes with a certain number of risks. We need information when it comes to these risks.' He confirmed a first meeting with Anthropic had taken place and more would follow. The Commission later said it was 'monitoring the security implications of this rapidly evolving technology.'

Solomon told analysts: 'We're aware of Mythos and its capabilities. We have the model. We're working closely with Anthropic and all of our security vendors to kind of harness frontier capabilities wherever it's possible.'

Dimon said: 'We read about Mythos, which we're testing now and looking at, and it does create additional vulnerabilities… It shows a lot more vulnerabilities need to be fixed.' Barnum: AI tools 'can make it easier to find vulnerabilities, but then also potentially be deployed by bad actors in attack mode.'

Singapore's Cyber Security Agency published an advisory warning of similar AI-cyber risks (without naming Mythos directly).

MSIT held a meeting with leading Korean cybersecurity firms to discuss the impact of Mythos and OpenAI's GPT-5.4-Cyber, plus separate talks with chief information security officers from 40 major companies.

FSS held a meeting with information security officials from financial firms to review Mythos-related risks.

FSC held an emergency meeting with chief information security officers from FSS, banks and insurers to review the risks (per Yonhap, citing industry sources).

Pick said: 'Yes, we are permissioned on Claude Mythos Preview… AI is our friend, OK? It is just the latest generation of technology that is going to be part of the ecosystem.'

Vince confirmed BNY is running Mythos Preview: 'What AI really is now is a superpower. It can be used for good and it can be used for evil.' Fraser said Citi is examining AI through four lenses including defensive cyber capabilities. Citi CFO Gonzalo Luchetti said the bank is approaching it with 'the degree of urgency that it requires.'

Lagarde: 'The development we've seen with Anthropic and Mythos is a good example of a responsible company… but if it falls in the wrong hands, it could be really bad.' She added: 'I don't think there is a governance framework that is there to actually mind those things. We need to work on that.'

Bailey called Mythos 'a very serious challenge for all of us' and said regulators must move fast. At Columbia: Mythos could 'crack the whole cyber risk world open.' On regulation timing: 'If you go too early with rules, you risk distorting evolution. If you go too late, things get out of control.'

Macklem said global financial systems must 'come to grips' with AI risks; the model was discussed at the BoC's financial sector resiliency group. Champagne called Mythos a 'test case' and 'unknown unknown.' AI Minister Evan Solomon met directly with Anthropic.

The Cross Market Operational Resilience Group (CMORG), co-chaired by the BoE's Duncan Mackinnon, scheduled an urgent meeting with NCSC, FCA, HM Treasury and major British banks/insurers/financial-infrastructure providers within a fortnight to examine vulnerabilities raised by Mythos.

ECB supervisors prepared to question euro-area lenders directly about Mythos readiness, gathering information ahead of a roundtable. The German Banking Association confirmed consultations with cyber experts at member banks, the Finance Ministry, the Bundesbank and BaFin.

Venkatakrishnan said in Washington that Mythos was a serious threat to the global banking system and likely to be followed by similar, more powerful cyberthreats.

MAS said advances in AI could speed up the discovery and exploitation of software vulnerabilities. 'Financial institutions need to redouble efforts to strengthen their security defences, proactively identify and close vulnerabilities, and raise vigilance on cyber hygiene, including timely security patching.' MAS coordinated with the Cyber Security Agency of Singapore.

HKMA said it had engaged with major banks and 'is highly vigilant to the evolving AI-driven cyber threats — such as Mythos — and is about to bring forward a new framework.' Confirmed it had contacted 'a range of major banks' to update risk assessments.

Nagel: 'Mythos is an AI model that appears capable of quickly identifying and exploiting security vulnerabilities in financial institutions' software.' He called for all institutions to have access to avoid competitive distortion: 'All relevant institutions should have access to this technology.' Warned of 'new and sophisticated' cyber risks from autonomous AI agents.

RBA said it was 'engaging with peer regulators, government and regulated entities' to assess implications. ASIC said it was closely monitoring developments and expected financial services licensees to 'be on the front foot.'

RBNZ described the risks as 'developing' and confirmed it was coordinating with domestic and Australian counterparts.

Reuters: RBI 'in talks with global regulators, Indian lenders and government officials' over Mythos. Held consultations with US Federal Reserve and Bank of England; possible direct engagement with Anthropic. NPCI sought early access alongside small group of banks to test for zero-day vulnerabilities in Indian payment systems.

Sitharaman chaired a meeting with bank chiefs, RBI officials and MeitY representatives, calling the risks 'unprecedented' and ordering creation of a real-time threat intelligence sharing system across banks, CERT-In and other agencies.

Financial Services Minister Satsuki Katayama announced a joint working group plan, approved at a meeting attended by BOJ Governor Kazuo Ueda, JPX CEO Hiromi Yamaji and the heads of MUFG, SMFG and Mizuho. 'Cyberattacks against the financial industry could immediately trigger credit uneasiness,' she said.

FINMA said it 'takes the rapid development of AI very seriously' and is 'in contact with the Federal Office for Cybersecurity, banks, and critical service providers' while 'coordinating with international authorities.' Banks 'must actively incorporate the evolving threat landscape into their risk management.'

CERT-In issued a high-severity advisory directly citing Mythos, telling organisations to treat every newly disclosed vulnerability as exploitable within hours, not weeks.

Reuters reported Goldman Sachs had stopped Hong Kong-based bankers from using Anthropic's Claude (terminated within prior weeks); Gemini and ChatGPT remained operational. HKMA confirmed it had contacted 'a range of major banks' to update risk assessments. The move came as US-China AI access tensions converged with Mythos scrutiny.

Theurer told Reuters: 'I consider it necessary that the European Commission and governments in Europe now also approach the company — or rather the United States — to request that the technology be shared. There has to be an official request so that we in Europe can also benefit from the insights.' Sources told Reuters Anthropic plans to provide access to European banks soon.

APRA published a formal letter calling for 'a step-change in how banks, insurers and superannuation trustees manage AI-related risks,' explicitly warning that frontier AI models such as Anthropic's Claude Mythos 'could enhance the discovery of vulnerabilities by bad actors.' Member Therese McCarthy Hockey: governance 'isn't keeping up' with AI adoption.

Asked the greatest risk to the global economy, Dimon — who for years had answered 'geopolitics' — replaced it with: 'Cyber. The bad guys can use cyber, and they're going to get stronger and more powerful in terms of finding vulnerabilities.'