Wall Street Watchdogs Pause Some Cyber Exams After Mythos Shock

The emergence of Anthropic’s Mythos model has thrust AI‑driven cyber risk into the spotlight for both regulators and financial institutions. Unlike earlier generative AI tools, Mythos can rapidly analyze code and uncover exploitable vulnerabilities, prompting the Federal Reserve and the Office of the Comptroller of the Currency to pause scheduled cyber examinations. This pause is not a relaxation of oversight; rather, it provides banks with a critical window to understand the model’s capabilities, align internal controls, and cooperate with regulators on more nuanced stress‑testing scenarios that reflect AI‑specific threats.

Banks such as JPMorgan Chase, Goldman Sachs, and Morgan Stanley have formed dedicated, often secretive, teams to engage directly with Mythos under the umbrella of Project Glasswing, an initiative co‑led by Anthropic and a handful of trusted partners including Apple. By granting limited, controlled access, the project enables these institutions to simulate attacks, refine detection mechanisms, and collaborate with security vendors and federal intelligence agencies. Executives like Jamie Dimon and David Solomon emphasize the scale of the effort, noting that hundreds of staff are now focused full‑time on safeguarding systems against AI‑enhanced intrusion techniques.

The regulatory pause underscores a broader shift toward integrating emerging technology risk into the supervisory toolkit. Fed Vice Chair Michelle Bowman and OCC officials are crafting new guidance that will likely embed AI risk metrics into routine cyber‑exams and capital adequacy assessments. As AI models become more sophisticated, the financial sector can expect tighter oversight, mandatory reporting of AI‑related incidents, and possibly industry‑wide standards for model testing. This proactive stance aims to prevent systemic vulnerabilities and maintain confidence in the resilience of the banking system amid rapid technological change.