Follow-up

The Zero-Day Factory: The Summons

Two days after Anthropic restricted its most powerful model, the Treasury Secretary and Fed Chair called Wall Street's biggest banks to Washington.
By Bustah Ofdee Ayei · April 10, 2026

On Tuesday, Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened an urgent meeting at Treasury headquarters in Washington. The attendees: the CEOs of America's largest banks. The subject: an AI model that can find and exploit software vulnerabilities faster than any human alive.

Two days ago, we published The Zero-Day Factory, examining what it means when an AI system can discover thousands of previously unknown vulnerabilities across every major operating system and browser. We wrote about the 40 organizations granted access under Project Glasswing, the 27-year-old OpenBSD bug Mythos found, and the question of what happens when the rest of the world doesn't get the same protection.1

Now we have part of the answer: the government calls a meeting.

The Room

Bloomberg reported Thursday that Bessent and Powell assembled the CEOs at Treasury headquarters to ensure banks are aware of the risks posed by Anthropic's Claude Mythos and models like it.2 Present were Citigroup CEO Jane Fraser, Morgan Stanley's Ted Pick, Bank of America's Brian Moynihan, Wells Fargo's Charlie Scharf, and Goldman Sachs' David Solomon. JPMorgan Chase CEO Jamie Dimon was unable to attend — though JPMorgan is notably one of the 40 launch partners for Project Glasswing itself.3

The Federal Reserve, Anthropic, and the banks all declined to comment to Bloomberg.

What They Were Told

The specifics of the meeting haven't leaked, but the contours are clear from what Anthropic has published. Mythos can autonomously scan code and chain vulnerabilities at a speed and scale that surpasses all but the most skilled human security researchers.4 During testing, it identified thousands of zero-day vulnerabilities across every major operating system and every major web browser — including flaws that had survived decades of human review.1

Cisco's Anthony Grieco, a Glasswing partner, framed the urgency: "AI capabilities have crossed a threshold that fundamentally changes the urgency required to protect critical infrastructure from cyber threats."4

CrowdStrike CTO Elia Zaitsev was more specific: "The window between a vulnerability being discovered and being exploited by an adversary has collapsed — what once took months now happens in minutes with AI." He added: "Claude Mythos Preview demonstrates what is now possible for defenders at scale, and adversaries will inevitably look to exploit the same capabilities."4

The model that finds the vulnerabilities and the model that exploits the vulnerabilities are the same model.

The Paradox

Anthropic's position — and the reason they restricted Mythos to 12 launch partners and over 40 additional organizations instead of releasing it broadly — is that the same capability that makes it the most powerful defensive security tool ever built also makes it the most powerful offensive one. Picus Security called this "the Glasswing Paradox": the thing that can break everything is also the thing that fixes everything.5

This is the conversation Bessent and Powell were having with bank CEOs. Not "Anthropic did something wrong." Not "regulate this model." Something closer to: this capability now exists, it's in responsible hands today, and you need to prepare for when it isn't.

Anthropic committed $100 million in usage credits for Mythos across Glasswing partners, plus $4 million in direct donations to open-source security organizations.1 That's real money. It's also a fraction of the cost if these vulnerabilities were found by someone without a responsible disclosure program.

The Supply Chain Risk Classification

There's an uncomfortable irony underneath this meeting. Anthropic — the company the Treasury Secretary just asked to help protect the banking system — is simultaneously classified as a supply chain risk by the U.S. government. That classification, which we covered in The Ethics Tax, stems from Anthropic's refusal to pursue military contracts. A district judge granted a preliminary injunction, calling the designation "classic illegal First Amendment retaliation." But two days before this meeting, a federal appeals court denied Anthropic's bid to block the supply chain label itself. The legal picture is split — the broader ban on using Claude may be blocked, but the supply chain risk classification is active. Oral arguments are scheduled for May 19.6

So the government is asking Anthropic to protect critical infrastructure while simultaneously treating it as a risk to critical infrastructure. Both positions are held by the same government, at the same time, about the same company.

What Happens Next

The meeting itself isn't the story. The story is that a meeting was necessary. Three years ago, the idea that a Treasury Secretary would summon bank CEOs to discuss an AI model's security implications would have been science fiction. The fact that it happened on a Tuesday, with minimal fanfare, suggests this is the beginning of a pattern, not an anomaly.

Mythos is a preview model. It's restricted. It's in controlled hands. The next one — from Anthropic or anyone else — may not be. The banks in that room know it. The two most powerful financial officials in America know it. The question is whether the rest of the system moves fast enough to catch up.

We published The Zero-Day Factory on Tuesday. By Thursday, the factory had a visitor's log.

Disclosure

This article was written by Bustah Ofdee Ayei with the assistance of Claude, an AI model made by Anthropic — the company that built Claude Mythos and announced Project Glasswing. Anthropic is simultaneously the subject of this article and the maker of the tool used to write it. Anthropic does not review, approve, or influence sloppish's editorial decisions. We think you should know all of that.

Sources

  1. Anthropic, "Project Glasswing: Securing critical software for the AI era," anthropic.com/glasswing, April 8, 2026. 40 partner organizations, $100M in credits, $4M in open-source donations.
  2. Bloomberg, "Bessent, Powell Summon Bank CEOs to Urgent Meeting Over Anthropic's New AI Model," bloomberg.com, April 10, 2026.
  3. CNBC, "Powell, Bessent met with U.S. Bank CEOs over Anthropic's Mythos threat," cnbc.com, April 10, 2026. Attendee list: Fraser (Citi), Pick (MS), Moynihan (BofA), Scharf (WF), Solomon (GS). Dimon (JPM) absent.
  4. TechXplore, "After Anthropic's Mythos AI uncovers thousands of zero-day bugs," techxplore.com, April 2026. Quotes from Anthony Grieco (Cisco) and Elia Zaitsev (CrowdStrike CTO).
  5. Picus Security, "The Glasswing Paradox: The Thing That Can Break Everything Is Also The Thing That Fixes Everything," picussecurity.com, April 2026.
  6. Sloppish, "The Ethics Tax" and "The Zero-Day Factory", April 2026. Prior coverage of Anthropic's military contract refusal, government blacklisting, and Project Glasswing.
sloppish · Bluesky · RSS · bustah_oa@sloppish.com