anthropic

MYTHOS IS HERE: The AI That Can Crack Your Bank Account in 32 Steps—And It's Already Inside Wall Street

8 min read

MYTHOS IS HERE: The AI That Can Crack Your Bank Account in 32 Steps—And It's Already Inside Wall Street

Stop reading this and check your bank account. I'll wait.

Done? Good. Because what I'm about to tell you means that the money sitting in that account—your savings, your investments, your entire financial life—is potentially accessible to an artificial intelligence that can crack into systems previously thought unhackable.

I'm not talking about some theoretical future threat. I'm talking about Claude Mythos Preview, an AI model developed by Anthropic that has triggered emergency closed-door meetings between Federal Reserve Chair Jerome Powell, Treasury Secretary Scott Bessent, and the CEOs of America's largest banks.

When the Fed and Treasury start holding secret briefings about an AI, you should be paying very close attention.

The 73% Success Rate That Terrified the World's Most Powerful Regulators

On April 14, 2026, the UK AI Security Institute—Britain's government body responsible for evaluating frontier AI capabilities—published its assessment of Mythos. The numbers they reported should make every banking customer, every business owner, and every government official lose sleep.

73% success rate on expert-level cybersecurity capture-the-flag tasks.

Let me translate that for you. These aren't games. These are tasks that typically require professional penetration testers—highly skilled hackers paid six figures to find vulnerabilities in critical systems. Mythos succeeds at nearly three out of four of them.

But that's not even the most terrifying part.

Mythos became the first AI model in history to complete "The Last Ones"—a 32-step full enterprise network attack simulation representing a complete attack chain from initial access through lateral movement, privilege escalation, and data exfiltration.

This AI can autonomously execute an entire cyberattack. No human intervention required.

The UK AI Security Institute, an organization known for choosing its words with bureaucratic precision, described Mythos as "a step up over previous frontier models." When a fire marshal calls a building "quite warm," you run. When the AISI calls an AI "a step up," you should be running for the exits.

The 27-Year-Old Vulnerability Nobody Knew Existed

During Anthropic's internal testing, before the government evaluations even began, Mythos did something that should be mathematically impossible.

It discovered a vulnerability in OpenBSD—an operating system specifically designed for security, used in critical infrastructure worldwide—that had existed undetected for 27 years.

Think about that. For 27 years, the world's best security researchers, penetration testers, and intelligence agencies had been analyzing OpenBSD. Twenty-seven years of audits, reviews, and hardened deployments. And in a matter of hours, Mythos found something they all missed.

If Mythos can find a 27-year-old vulnerability in OpenBSD, what vulnerabilities does it see in your bank's software? In your retirement account platform? In the payment systems processing your credit card transactions?

The answer: thousands.

Anthropic itself confirmed that Mythos has already uncovered "thousands of weak points in every major operating system and web browser." Every. Major. Operating System.

Your iPhone. Your Android. Your Windows PC. Your Mac. The servers running your bank. The systems processing your healthcare records. The infrastructure controlling power grids, water treatment facilities, air traffic control.

All of it has vulnerabilities. And Mythos can find them.

The Emergency Meeting That Proves This Is Real

Here's where this stops being theoretical and starts being absolutely terrifying.

On April 8, 2026, Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened a closed-door meeting with the chief executives of America's largest banks.

The explicit subject of this meeting? The cybersecurity risks posed by Mythos-class AI and what it means for the systemic security of American financial infrastructure.

When was the last time you heard about the Treasury Secretary and Fed Chair holding an emergency briefing specifically about an AI model?

Never. That's when.

JPMorgan Chase—one of the banks present at that meeting—has already been given controlled access to Mythos through Anthropic's "Project Glasswing" initiative. They're using it to find vulnerabilities in their own systems before malicious actors can exploit them.

Goldman Sachs CEO David Solomon confirmed publicly that his bank is also working with Anthropic on defenses.

Think about what this means. The biggest banks in America are so concerned about this AI that they're actively using it to probe their own defenses—because they know that if they don't find the vulnerabilities first, someone else will.

The Global Panic Spreading Across Continents

The United States isn't the only country panicking.

In the United Kingdom, the Bank of England's executive director for supervisory risk, Duncan Mackinnon, has convened emergency sessions with major British financial institutions through the Cross Market Operational Resilience Group (CMorg). Attendees include the National Cyber Security Centre, the Financial Conduct Authority, and HM Treasury.

British authorities are treating this as the highest-priority emerging cybersecurity issue in the financial sector.

Bank of England Governor Andrew Bailey has publicly warned that new AI models like Mythos could "crack" cyber systems—and that regulators cannot keep pace with the speed of AI development.

Japan has joined the fray. Japanese regulators are assessing the implications of Mythos-class AI for Japanese banking and critical infrastructure—particularly concerning given Japan's status as a significant target for state-sponsored cyberattacks, especially from North Korean groups.

When the Federal Reserve, the Bank of England, and Japan's Financial Services Agency are all scrambling simultaneously, you know something unprecedented is happening.

Project Glasswing: The Desperate Race to Patch Before It's Too Late

Anthropic isn't releasing Mythos to the public. They're terrified of what would happen if it fell into the wrong hands—and they should be.

Instead, they've launched Project Glasswing, sharing Mythos with a select coalition of major companies including Amazon, Apple, Cisco, JPMorgan Chase, and Nvidia.

The goal? Let these companies test the model and strengthen their defenses before hackers inevitably gain access to Mythos or similar AI models.

Here's Alissa Valentina Knight, CEO of cybersecurity AI company Assail, speaking to CBS News: "What we need to do is look at this as a wake-up call to say, the storm isn't coming—the storm is here. We need to prepare ourselves, because we couldn't keep up with the bad guys when it was humans hacking into our networks. We certainly can't keep up now if they're using AI because it's so much devastatingly faster and more capable."

She's right. We've moved from a world where human hackers needed years of training and months of reconnaissance to breach systems—to a world where an AI can autonomously execute a 32-step attack in hours.

The IMF's Terrifying Admission

IMF Managing Director Kristalina Georgieva gave an interview that aired on April 13, 2026, where she made a stunning admission.

"The world does not have the ability to protect the international monetary system against massive cyber risks."

Let that sink in. The head of the International Monetary Fund—the organization that exists to maintain global financial stability—is publicly stating that we do not have the capability to defend the international monetary system against the cyber threats that AI is enabling.

"The risks have been growing exponentially," Georgieva said. "Yes, we are concerned. We are very keen to see more attention to the guardrails that are necessary to protect financial stability in the world of AI."

When the IMF admits they can't protect the system, what chance do individual banks have? What chance do you have?

What This Means for Your Money

I'm going to be direct with you, because this is too important to sugarcoat.

Your bank accounts are protected by cybersecurity systems designed by humans, audited by humans, and maintained by humans. Those humans cannot keep pace with AI that can autonomously discover and chain vulnerabilities across complex networks.

The gap between discovery and exploitation is narrowing. Regulators have told banks to expect a "large influx of AI-discovered vulnerability disclosures in 2026." The current plan is to use AI to patch what AI finds—but the window between when an AI finds a vulnerability and when a malicious actor exploits it is shrinking toward zero.

PwC's recent report confirms what the security community already knows: "AI-enabled tooling has empowered even low-skilled threat actors to execute high-speed, high-volume operations, whilst advanced adversaries are using AI to sharpen precision, scale automation and compress attack timelines."

They add: "The time between the public release of a new capability by an AI company and its weaponization by threat actors shrank dramatically [in 2025], a trend we assess will likely accelerate in 2026."

The Inevitable Conclusion

Anthropic, to their credit, is trying to handle this responsibly. They're not releasing Mythos publicly. They're working with governments and major institutions to prepare defenses.

But here's the uncomfortable truth: Mythos is just the beginning.

The capability it demonstrates—autonomous vulnerability discovery and exploit chaining—will become standard in AI models within months, not years. Other AI companies are racing to build similar capabilities. State actors are undoubtedly building their own versions in secret.

The model that can crack your bank's security today will be available to anyone with a GPU and technical knowledge tomorrow.

What happens when North Korean hackers deploy Mythos-class AI against global banking infrastructure? When ransomware groups use autonomous AI agents to identify and exploit vulnerabilities at machine speed? When the time between a vulnerability existing and it being exploited shrinks from months to hours?

We don't have good answers to these questions. The experts gathering in emergency meetings don't have good answers. The IMF doesn't have good answers.

What we have is a storm. And it's already here.

--