Google introduces Pics, an AI design application aimed at competing with Canva.

      TL;DR: U.S. banking regulators are pausing certain cyber examinations of major banks to allow them time to address vulnerabilities revealed by Anthropic’s Mythos AI model. The Federal Reserve and OCC are allowing banks to focus on fixing flaws while conducting their own trials of Mythos, as Wall Street mobilizes hundreds of employees to strengthen their defenses.

      Following the release of Anthropic’s Mythos AI model, America’s leading banking regulators are stepping back from assessments to give the largest banks an opportunity to enhance their security measures. According to Bloomberg, the Federal Reserve and the Office of the Comptroller of the Currency are halting some cyber examinations of major U.S. banks. Officials clarify that this delay is a strategic choice to allow institutions to address the extensive list of software vulnerabilities that Mythos has revealed since its limited release in April.

      Last month, Anthropic announced it would limit access to its new frontier model after internal tests revealed that Mythos could detect thousands of zero-day vulnerabilities across various major operating systems and browsers, which could facilitate sophisticated cyberattacks if misused.

      On Wall Street, the initial response was one of concern. Through Project Glasswing, which gives select companies early access to Mythos for defensive testing, banks quickly recognized the model’s remarkable ability to navigate code and identify hacking weaknesses much faster than human teams.

      In April, Treasury Secretary Scott Bessent and former Fed Chair Jerome Powell brought top Wall Street leaders to a confidential briefing on the potential threat posed by Mythos. The meeting included CEOs from firms such as Goldman Sachs, Morgan Stanley, Citigroup, Bank of America, and Wells Fargo, aiming to ensure the industry grasped the magnitude of the vulnerabilities uncovered.

      After several weeks of testing, initial anxiety transitioned into a lengthy to-do list. The largest U.S. banks with access to Mythos, including JPMorgan Chase, Morgan Stanley, and Goldman Sachs, formed internal teams to prioritize and address the vulnerabilities highlighted by the model. Many of these banks are also collaborating with federal intelligence agencies to understand the wider threat landscape.

      JPMorgan CEO Jamie Dimon has emphasized the seriousness of the situation, stating that hundreds of employees are now dedicated to this work. Likewise, Goldman Sachs CEO David Solomon mentioned during an April earnings call that the bank is "working closely with Anthropic and all of our security vendors" to improve its defenses.

      The OCC is also running its own trial with Mythos, seeking to grasp its capabilities before resuming examinations of the banks' readiness. Fed Vice Chair for Supervision Michelle Bowman, during a Financial Stability Oversight Council roundtable, indicated that the pause should not be viewed as complacency. “Regulators will continue to focus on critical developments and communicate these risks to supervised institutions, as well as refining our cybersecurity approach,” she noted.

      The broader landscape shows an industry and its regulators trying to keep up with technology that has dramatically changed the cybersecurity landscape. Anthropic CEO Dario Amodei has cautioned that there’s a six- to twelve-month window to address tens of thousands of vulnerabilities before competing AI labs, including those in China, produce similar models.

      For banks, the examination pause allows time, but does not provide relief. Examiners remain actively engaged in cyber issues, and Anthropic is already updating the Financial Stability Board on the findings from Mythos. As 2026 approaches, anticipated to be the year of regulated cybersecurity AI, the focus is no longer on whether advanced models will transform financial sector security, but rather whether institutions can address vulnerabilities quickly enough to outpace attackers aiming to exploit the same technology.