Malta becomes first European country to offer free ChatGPT Plus to all residents
May 16, 2026
US banks are racing against time to patch hundreds of cybersecurity weaknesses after Anthropic’s expensive new Mythos AI tool exposed critical vulnerabilities in their systems. The discovery has triggered an industry-wide scramble to upgrade aging technology and fix security gaps that could leave financial institutions exposed to cyber attacks.
Only a handful of America’s largest banks currently have access to Mythos due to its high cost and technical requirements. These major lenders are now sharing their findings with smaller banks who cannot afford the tool, creating an unusual collaboration driven by shared cybersecurity concerns across the financial sector.
The situation highlights a fundamental shift in how cyber threats operate. According to Reuters, Mythos is particularly skilled at connecting lower-risk vulnerabilities to create high-risk attack paths – something that previously took human security experts much longer to identify.
“This is a wake-up call because cyber risk is moving to machine speed, while much of bank defense still operates at human speed,” said Nitin Seth, co-founder and CEO of data services firm Incedo. The AI tool breaks a long-standing assumption in banking security that vulnerabilities could remain hidden for extended periods before being discovered and exploited.
Mythos excels at finding weaknesses in both proprietary and open-source code, putting particular pressure on banks to upgrade legacy systems that no longer receive software support. The AI model is uncovering several hundred to thousands of low-to-moderate risk vulnerabilities that require immediate attention.
The accelerated pace of fixes creates new operational challenges for banks:
- Systems may need to go offline more frequently for patches and updates
- Vulnerabilities that previously took weeks to patch now need fixing within days
- IT teams face dramatically increased workloads to keep up with AI-speed threat detection
- Banks must balance rapid response with minimal customer disruption
The cost barrier for Mythos access is substantial. The AI model costs $25 per million input tokens and $125 per million output tokens – exactly five times more expensive than Anthropic’s widely available Opus 4.7 model. Smaller banks also lack the processing power needed to run such advanced AI tools effectively.
To address this gap, Anthropic has provided $100 million in credits to Glasswing partners and other customers. The company has also released a more accessible tool called Claude Security for vulnerability scanning, though it’s less powerful than Mythos.
Major Wall Street banks with confirmed or reported Mythos access include JPMorgan Chase, Goldman Sachs, Citigroup, Bank of America, and Morgan Stanley. These institutions are essentially serving as an early warning system for the broader banking industry.
Adam Meyers from cybersecurity firm CrowdStrike, which participates in Anthropic’s Project Glasswing, described his team’s initial reaction to Mythos access. They spent “a solid entire weekend trying to figure out how to best use this thing before we even started looking for bugs.” The tool required building entirely new methodologies and capabilities to use effectively.
Banking regulators are closely monitoring the situation. A senior regulatory official confirmed that Mythos has proven as powerful as anticipated, showing exceptional ability to quickly connect vulnerabilities that would take human analysts much longer to piece together.
The implications extend beyond individual bank security. Bernard Montel from cybersecurity firm Tenable noted that while other sectors face similar vulnerabilities, “the backbone of the banking sector is technology, that is the difference.” This means disruptions hit at the core of banking operations rather than just affecting peripheral systems.
The Mythos situation represents a preview of how AI will reshape cybersecurity across industries. As these tools become more accessible and powerful, organizations will need to fundamentally rethink their approach to vulnerability management and system maintenance. The banking sector’s current scramble may become the new normal as AI-powered security tools become standard practice.
