Anthropic limits Claude Mythos Preview after regulator meetings

In short: Anthropic is keeping its Claude Mythos Preview AI model limited to trusted partners after emergency meetings in the US and UK about cyber risk.

What happened

In early April 2026, leaders at the US Treasury and the Federal Reserve met with CEOs from major banks to discuss risks tied to Anthropic’s new AI model, called Claude Mythos Preview. UK financial regulators held similar emergency meetings. The concern is that a model good at finding security holes could also help criminals break into systems if it is used the wrong way.

The New York Times reported that Mythos can spot software vulnerabilities, meaning hidden flaws that can let someone get into a computer system (like finding an unlocked window in a house). Anthropic says Mythos found major issues even without special training focused on cybersecurity.

Examples cited include a 27-year-old bug in OpenBSD, an operating system known for strong security work. Mythos also found a 16-year-old vulnerability in FFmpeg, a widely used video and audio software tool, that automated scanners reportedly missed millions of times. It also generated 181 working Firefox exploits, meaning step by step ways to take advantage of weaknesses, compared to two from Anthropic’s prior model.

Why it matters

Banks, payment systems, and other core services depend on software that is not perfect. If tools like Mythos make it easier to find and use security holes, attacks could spread faster, and the damage could be larger.

Anthropic says it is delaying a broad rollout and is limiting access through Project Glasswing. The program includes partners like JPMorgan Chase and major tech companies, offers up to $100 million in usage credits, and aims to help defenders fix problems before similar models become widely available.

Source: NYTimes