Bank executives reportedly met this week with senior U.S. officials to discuss using Anthropic’s Mythos model for detecting vulnerabilities—an effort that intersects with an ongoing dispute over whether Anthropic poses supply-chain risk to government systems. According to TechCrunch, the meeting involved Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell, and the model’s use is being tested by multiple major banks even as regulators and lawmakers scrutinize the implications of powerful AI models in high-stakes environments.
The story matters for technologists because it highlights a recurring pattern in enterprise AI adoption: models built for general capability can quickly become tools for security workflows, while governance and risk classifications struggle to keep pace. In this case, the technical promise—Mythos reportedly finding security vulnerabilities—runs alongside institutional concerns about how AI systems are supplied, controlled, and regulated.
Officials encourage Mythos testing in banking
Per a report cited by TechCrunch, Bloomberg says Bessent and Powell summoned bank executives for a meeting this week. The officials encouraged executives to use Anthropic’s new Mythos model to detect vulnerabilities, according to the Bloomberg account summarized by TechCrunch.
The same report indicates that JPMorgan Chase was the only bank listed as an initial partner organization with access to the model. TechCrunch adds that other large banks—Goldman Sachs, Citigroup, Bank of America, and Morgan Stanley—are reportedly testing Mythos as well.
From a technology standpoint, this suggests a practical evaluation path: instead of limiting AI to chat or knowledge tasks, banks are exploring how a model can be integrated into security testing processes. TechCrunch’s description is specific about the objective—vulnerability detection—but it does not detail the technical integration (for example, whether Mythos is used in automated scanning, code review workflows, or other security operations). As a result, observers may focus on how banks operationalize the model in ways that fit their existing security engineering pipelines.
Mythos enters the security conversation—despite non-cyber training
Anthropic announced Mythos this week, but TechCrunch reports that the company said it would be limiting access for now. The rationale, as presented in TechCrunch’s summary, includes a key technical point: Mythos is not trained specifically for cybersecurity, yet it is reportedly too good at finding security vulnerabilities.
TechCrunch also notes that others interpreted the response in different ways: some suggested the claim could be hype, while others described it as a smart enterprise sales strategy. The article does not attribute these interpretations to Anthropic; rather, it frames them as alternative explanations discussed alongside Anthropic’s own positioning.
This is a notable issue for AI engineering and security teams. If a general-purpose model can surface vulnerabilities without being trained exclusively on cybersecurity data, that raises questions about what the model is learning and how its outputs should be validated. Even though TechCrunch does not provide methodological details, the emphasis on “too good at finding security vulnerabilities” implies that the model’s behavior may produce findings at a rate or quality that exceeds expectations for a non-specialized system—something security teams would likely need to calibrate through triage and verification.
Supply-chain risk designation complicates adoption
TechCrunch describes the banking encouragement as “particularly surprising” in light of Anthropic’s current legal and regulatory situation. The report says Anthropic is battling the Trump administration in court over the U.S. Department of Defense designation of Anthropic as a supply-chain risk.
TechCrunch links the DoD designation to negotiations that reportedly failed. Specifically, the article says the designation came after negotiations fell apart over Anthropic’s efforts to limit how its AI models can be used by the government. The technical implication here is not just whether Anthropic is “approved” or “banned,” but how model access and usage constraints are defined—constraints that can determine whether an organization can deploy a model in government-adjacent or regulated environments.
For enterprise adopters, this creates a complex risk-management problem. Even if a model is useful for vulnerability detection, organizations may need to account for supply-chain policies, contractual terms, and legal exposure. TechCrunch’s framing suggests that the same model can be simultaneously treated as a security tool in private institutions and as a supply-chain concern in government procurement or oversight.
Regulators in the U.K. are also discussing Mythos risk
TechCrunch adds that the Financial Times reports U.K. financial regulators are discussing the risk posed by Mythos. While the source summary does not specify what “risk” entails—whether it is operational, compliance-related, model-behavior-related, or something else—it does establish that the debate is not limited to U.S. regulators.
For the technology industry, cross-border scrutiny can affect model availability, deployment patterns, and governance expectations. If regulators in multiple jurisdictions are actively discussing Mythos, banks and other financial institutions may treat AI security testing as a regulated capability rather than a purely internal experimentation track.
At the same time, the article’s details are limited to reported discussions and testing status. TechCrunch does not say whether regulators have issued formal guidance or whether Mythos has been approved for specific security use cases. That gap matters: it suggests that the industry may soon watch for concrete policy outcomes—such as access rules, documentation requirements, or evaluation standards—rather than relying on informal encouragement or early partner access.
Overall, the TechCrunch report ties together three threads: officials encouraging vulnerability detection using Mythos, Anthropic’s constrained access for now, and an ongoing supply-chain risk dispute involving the Department of Defense. Observers may interpret this as an early sign that AI models are moving quickly into security workflows, while governance frameworks for model supply and use are still being contested and updated.
Source: TechCrunch