A single unreleased AI model has triggered emergency regulatory mobilization on both sides of the Atlantic. UK financial regulators are holding urgent talks with the government’s cybersecurity agency and major banks to assess risks posed by Anthropic’s Claude Mythos Preview — days after US Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened an emergency meeting with Wall Street’s top CEOs over the same concerns.
What do 1,000 journalists and PR pros know about AI that you don't? They took AI Quick Start, a 1-hour live class from The Media Copilot. 94% satisfaction. Find out how to work smarter with AI in just 60 minutes. Next class May 8. Get 20% off with the code AIPRO: https://mediacopilot.ai/ai-quick-start/
In the UK, officials from the Bank of England, Financial Conduct Authority, and Treasury are in talks with the National Cyber Security Centre. Representatives from major British banks, insurers, and exchanges are expected to be briefed on cybersecurity risks at a meeting with regulators within the next two weeks, according to Reuters. The BoE, FCA, and NCSC all declined to comment.
The US response was more public. White House national economic adviser Kevin Hassett confirmed on Fox News that Bessent and Powell had convened bank chiefs — including the CEOs of Citigroup, Morgan Stanley, Bank of America, Wells Fargo, and Goldman Sachs — to warn of cyber risks from the model. JPMorgan CEO Jamie Dimon was unable to attend. The urgency of the meeting reflected the capabilities Mythos Preview has demonstrated in controlled testing: the ability to identify and exploit weaknesses across every major operating system and every major web browser.
Anthropic has stopped short of a broad release, citing concerns the model could expose previously unknown cybersecurity vulnerabilities at scale. The company has been navigating an increasingly complex relationship with the broader tech and media ecosystem as its models grow more capable.
What Mythos Preview is — and who can use it
Despite not being publicly available, Claude Mythos Preview is already in active use — under strict controls. Under a program Anthropic calls Project Glasswing, select organizations have been granted access to the model for defensive cybersecurity work. Partners include Amazon, Microsoft, Apple, Google, Nvidia, CrowdStrike, and Palo Alto Networks. Access has since been extended to approximately 40 additional organizations responsible for critical software infrastructure.
Anthropic says Mythos Preview has already found “thousands” of major vulnerabilities in operating systems, web browsers, and other software. The company has committed up to $100 million in usage credits and $4 million in donations to open-source security groups as part of the program.
The framing is defensive. But the same capability that finds vulnerabilities can, by definition, be turned toward exploiting them — which is precisely what regulators appear to be stress-testing.
Why regulators are moving fast
The simultaneous and independent responses from UK and US financial regulators signal that Mythos Preview represents a qualitatively different kind of AI risk than those regulators have previously had to assess. Prior AI regulatory concerns have centered on bias, misinformation, and systemic market risks — as seen in ongoing debates around AI copyright policy and AI use certification. A model with demonstrated offensive capability against critical software infrastructure — in active use, even in a restricted form — is a different category of problem.
It is also a compressed timeline problem. The model exists. It is being used. The regulatory frameworks to manage it are still being assembled.
All three UK agencies — the BoE, FCA, and NCSC — declined to comment on the talks. Anthropic had not responded to a request for comment at the time of the Reuters report.
