The Same Day: Why Treasury Met Bank CEOs the Same Day Anthropic Announced Mythos

On Tuesday, April 7, 2026, Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened an urgent meeting at Treasury headquarters in Washington with the CEOs of Citigroup, Morgan Stanley, Bank of America, Wells Fargo, and Goldman Sachs. According to reporting from Bloomberg and Reuters, the purpose of the meeting was to make sure the leaders of some of the largest U.S. banks understood the cyber risks posed by Anthropic's new AI model and similar systems, and were taking precautions to defend their systems. Reuters reported that the invitations went out while most of the CEOs were already in Washington for other engagements.

Later that same day, Anthropic publicly announced Claude Mythos Preview and Project Glasswing.

The meeting and the announcement happened inside the same news cycle. The regulators did not assemble the CEOs a week in advance, or a month in advance, or even the day before. They assembled them on the day the public found out. That timing is the entire subject of this publication. It is the clearest documented example to date of an institutional response cycle compressing to match the speed of a frontier capability release, and even at that speed, the response looks like awareness, not preparedness.

What dC/dt actually measures

dC/dt is the rate at which competitive position is changing at a given moment in time. It is not where you stand. It is how fast the ground is moving beneath you. Most strategy frameworks, most governance frameworks, and most regulatory frameworks are built to manage position. Very few are built to manage rate.

The Mythos rollout is an excellent case study of that distinction the AI era in recent months.

Consider what Anthropic disclosed in its own Project Glasswing announcement. Over a period of weeks, Mythos Preview identified thousands of previously unknown vulnerabilities across every major operating system and every major web browser. On CyberGym, a standard benchmark for autonomous vulnerability reproduction, Anthropic's Glasswing post reports Mythos Preview scoring 83.1% against Opus 4.6's 66.6%. Across Anthropic's broader evaluations, Mythos Preview also posted substantial improvements over Opus 4.6 on agentic coding and reasoning benchmarks, SWE-bench Verified, Terminal-Bench, and others, which Anthropic attributes to the model's stronger general coding and reasoning skills rather than to cybersecurity-specific training.

Three examples from Anthropic's disclosure stand out. Mythos Preview found a 27-year-old vulnerability in OpenBSD, an operating system whose entire reputation is built on being among the most security-hardened code in the world, used to run firewalls and other critical infrastructure that much of the internet depends on. It found a 16-year-old vulnerability in FFmpeg, in a line of code that Anthropic says automated testing tools had hit five million times without catching. And it autonomously chained together multiple flaws in the Linux kernel, the software that runs most of the world's servers, to escalate from ordinary user access to complete control of the machine.

For twenty-seven years, the most security-conscious developers on earth looked at the OpenBSD code and did not see what a model found in a single sweep. That is not an improvement in tooling. It is a category change in what it means to audit software.

Every cyber insurance model currently underwriting bank risk was priced against the previous category. Every CISO budget approved this fiscal year was sized against the previous category. Every vendor security questionnaire, every SOC 2 attestation, every penetration testing contract in force at every major U.S. bank was negotiated under assumptions that no longer hold. The capability changed in weeks. The institutional apparatus around it is measured in budget cycles.

Why the advance briefing did not close the gap

The most uncomfortable detail in the Mythos story is not that Treasury was caught off guard. It is that Treasury was not caught off guard at all. Anthropic confirmed in its own Glasswing post that it had been in ongoing discussions with U.S. government officials about Mythos Preview's offensive and defensive cyber capabilities. Reuters reported that Anthropic proactively briefed senior U.S. officials and key industry stakeholders on the model's capabilities ahead of the public release. The April 7 meeting at Treasury was the visible surface of that briefing process, not its beginning.

And the meeting still had to be called urgently. The readout, as reported by Bloomberg, was essentially that the regulators wanted banks to be aware of the risks and to be taking precautions. There was no disclosed playbook, no coordinated defensive framework, no harmonized response protocol in the public account of the meeting. The advance briefing created awareness. It did not, on the evidence of what followed, create capacity.

Anthropic's own disclosure language reinforces the asymmetry. The company says it has identified thousands of zero-day vulnerabilities through Mythos Preview, and that over 99% of them have not yet been patched, which is why Anthropic is withholding the details from its public technical write-up and honoring a coordinated disclosure timeline. That timeline is itself a legacy of a slower era: the vulnerability disclosure pipeline, the coordinated patching cycle, the vendor notification processes that govern how flaws become fixes were all built around the assumption that discovery was the hard part. What used to take a skilled human researcher months of work, a model now produces at a pace the disclosure infrastructure was never designed to absorb.

The federal government knew Mythos was coming. The largest financial institutions in the country knew something was coming, at least at the level of their regulators. The gap between knowing and being ready was still wide enough to require an emergency meeting at the Treasury Department on the day of the announcement. The cycle time of model capability is now shorter than the cycle time of institutional response, and no amount of advance briefing closes that gap if the underlying response machinery is calibrated to a slower world.

A capability gap the public record raises

Anthropic's solution to this gap is Project Glasswing. According to Anthropic's official announcement, the initiative has twelve launch partners, Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks, plus more than forty additional organizations that build or maintain critical software infrastructure and have been granted access to scan their first-party and open-source systems. Anthropic has committed up to $100 million in model usage credits across these efforts, and an additional $4 million in donations to open-source security organizations.

The press framing has been almost entirely defensive: these firms get to harden their systems before similar capability becomes available to bad actors elsewhere. That framing is correct, as far as it goes, but it leaves a harder question unasked. JPMorgan Chase is the only U.S. bank named as a Glasswing launch partner. Citigroup, Morgan Stanley, Bank of America, Wells Fargo, and Goldman Sachs are not on the publicly disclosed launch partner list. The Federal Reserve, as of February 2026, designates eight U.S. banks as global systemically important: JPMorgan Chase, Bank of America, Citigroup, Goldman Sachs, Morgan Stanley, Wells Fargo, BNY Mellon, and State Street. One of the eight is a named Glasswing launch partner. Seven are not.

That does not settle the question of who has access to what. Anthropic has not publicly disclosed the full list of the 40+ additional participants, so it is possible that other U.S. GSIBs have access through the broader channel. On the basis of what has been publicly disclosed, however, a meaningful question sits on the record: whether the top of the U.S. banking system now contains a visible, AI-driven asymmetry in operational cyber resilience that its existing regulatory framework was not designed to address.

The U.S. GSIB framework is built around harmonized capital ratios, harmonized stress tests, and harmonized liquidity requirements. The consistent design intent of that framework, as I read it, is that risks of this magnitude should not accumulate unevenly across the group. Whether operational cyber resilience falls inside or outside the scope of that intent is a question that was not being asked out loud before April 7. It is being asked now, at least implicitly, by anyone looking at the Glasswing launch partner list alongside the Federal Reserve's GSIB designation list.

The competitive consequence will take time to become visible. It will be most visible if and when a Mythos-class capability reaches an actor outside the consortium, and the institutions that had access during the research preview turn out to be better prepared than those that did not. At that moment, the regulatory question will not be whether the gap existed. It will be whether the existing framework had any mechanism to equalize it in advance.

dC/dt framework does not care about the announcement. It cares about the slope of the line between the day Anthropic began briefing U.S. officials and the day every other bank in the world has to reckon with the same capability without the head start. On the basis of what has been publicly disclosed, that slope now runs through the middle of the U.S. global systemically important bank list.

What this means for the decisions on your desk

Three things follow from the Mythos sequence for any executive or board member responsible for AI strategy.

First, the assumption that capability gains are gradual is no longer safe. Mythos Preview's leap over Opus 4.6 on vulnerability reproduction, agentic coding, and reasoning benchmarks is documented in Anthropic's own disclosures and is sharp enough that the company has chosen not to release the model to the general public. A capability that did not meaningfully exist in the public model six months ago now finds twenty-seven-year-old flaws in the most hardened code on earth. Any strategy document, board memo, or risk register that extrapolates linearly from current model performance is operating on a model of the world that the model providers themselves have stopped using.

Second, advance briefing is not a substitute for operational readiness. The federal government received advance briefing on Mythos Preview and still had to convene an urgent meeting with bank CEOs on the day of the public announcement. If your AI governance framework assumes that you will have time to react when the next capability jump arrives, the Mythos sequence is the data point that should retire that assumption this quarter.

Third, the relevant question is no longer whether your organization has an AI strategy. It is whether your AI strategy is calibrated to the rate at which the underlying technology is changing, or to the rate at which your decision cycles can absorb that change. Those two rates are not the same. They have not been the same for some time. The April 7 meeting at Treasury is the clearest evidence yet that the gap between them is now wide enough to be visible at the top of the U.S. financial system.

Position is no longer the variable that matters most. The rate of change is. And the rate just changed again.