Over the past three months, two of the largest banks in the world—Bank of America and JPMorgan Chase—have been running a closed-source AI model developed by Anthropic. It is not a chatbot. It is not a content generator. It is a system vulnerability hunter designed to scan their internal networks, trading platforms, and smart contract hooks for exploitable flaws. The model, codenamed Mythos, is not public. It is not for sale on an API marketplace. It is a private weapon leased at seven-figure annual subscription fees.
Here is the twist: the CEOs of both banks publicly warned that Mythos identifies vulnerabilities faster than their teams can respond. Jamie Dimon compared it to giving a ballistic missile to an individual. The implication is clear—this AI does not merely augment security; it creates a new category of systemic fragility. Logic is binary; intent is often ambiguous.
Context: The Architecture of Mythos
Mythos is not a general-purpose large language model like GPT-4 or Claude 3.5. It is a task-specific agent that combines static code analysis, dynamic runtime monitoring, and pattern matching trained on decades of financial system logs and security incident data. Anthropic has not published a technical paper, but the behavioral signals are unmistakable:
- It requires deep system-level access to bank infrastructure (transaction databases, network topology maps, smart contract bytecode repositories).
- It is deployed on-premises or via dedicated encrypted fiber links—no public cloud involvement, due to regulatory compliance.
- Its output is not a list of suggestions; it is a ranked, prioritized set of critical vulnerabilities with simulated exploit paths and estimated financial impact.
The model likely uses a variant of Constitutional AI with heavy fine-tuning on security-specific datasets—Common Weakness Enumeration entries, real-world exploit code, and proprietary bank incident reports. The training phase alone would have required access to petabytes of sensitive data, which explains the exclusive, high-trust partnership model.
Why banks? Because financial institutions operate under a unique incentive structure. A single exploit—a flash loan attack on a DeFi bridge, a rogue insider at a custodian bank—can cause losses in the hundreds of millions. The cost of prevention is effectively unbounded as long as it is less than the expected loss. Mythos fits neatly into this cost-benefit calculation. But the banks’ own public statements reveal a deeper unease.
Core: The Speed Paradox and Human-in-the-Loop Failure
The central technical problem Mythos exposes is not about false positives or model accuracy. It is about response latency. A model that can discover a zero-day vulnerability in 500 milliseconds and deliver it to a security operations center (SOC) is of limited value if the SOC requires 48 hours to patch the affected system. In fact, it is worse than useless—it creates a known vulnerability that the bank is now aware of but cannot immediately fix, turning the AI into an unwitting reconnaissance tool for attackers.
During my 2020 analysis of Uniswap V2 impermanent loss, I wrote a Python script that simulated 10,000 price paths to quantify the probability of liquidity provider losses. The bottleneck was not the simulation—it was the time required to interpret the output and decide whether to rebalance. Now imagine that the simulation runs in real time on every transaction across every bank branch, exposing a new vulnerability in a rarely used API endpoint every 30 seconds. The human operators are flooded. They cannot patch faster. They begin to triage by severity, but even the low-severity ones accumulate into a debt that will eventually be exploited.
Mythos operators reportedly receive an alert every 12 minutes on average, with an upgrade cycle that cannot keep pace. The banks have experimented with automated patching—allowing the AI to directly modify production code after validation by a human supervisor—but the supervisor becomes a bottleneck again. Logic is binary; intent is often ambiguous. The model cannot distinguish between a genuine vulnerability that is safe to patch automatically and one that, if fixed, breaks a downstream system dependency.
This is not a hypothetical. In 2022, I studied the Lido stETH depeg event and found that the core risk was not the smart contract code itself but the inability of the protocol to respond quickly enough to market-driven centralization pressures. The same pattern recurs here: the technology outpaces the governance and operational capacity of the organization. Mythos is a technical success that reveals a structural failure.
Contrarian: The Invisible Cost of Exclusivity
Most commentary on Mythos focuses on the speed risk—the imbalance between detection and patching. But a more insidious danger lies in the deployment model itself. Anthropic has licensed Mythos to only two institutions. That creates an information asymmetry: Bank of America and JPMorgan know more about the vulnerabilities in their shared infrastructure (they use similar core banking systems, common protocols like SWIFT, even overlapping cloud providers) than the rest of the financial ecosystem. If Mythos discovers a vulnerability that affects all SWIFT-connected banks, the two licensed banks will patch it first. The other 11,000 financial institutions remain vulnerable until the vulnerability is publicly disclosed or exploited.
This is a classic free-rider and tragedy of the commons problem dressed in AI clothing. The licensed banks benefit from early warning, while the unlicensed ones bear externalized risk. Anthropic could mitigate this by sharing anonymized vulnerability data with a central clearinghouse, but the competitive advantage for the banks would evaporate. They pay for exclusivity. They want to know something their competitors do not.
The model also introduces a single point of failure. If Mythos itself is compromised—either by an insider at Anthropic or through a supply chain attack on its training pipeline—the attacker gains a blueprint of the banks’ most critical vulnerabilities. That is the ultimate zero-day: a tool that lists every weakness in the system, ready to be exploited. The irony is that the same AI that fortifies the banks could, in the wrong hands, become the most effective attack platform ever built.
Consider the analogy to reentrancy in smart contracts. In 2017, I audited a token contract for a Brazilian fintech startup. The withdrawal function did not follow checks-effects-interactions. Anyone could reenter the function and drain the contract. The fix was trivial—use a mutex or the OpenZeppelin library. But what if the vulnerability was discovered not by a human auditor but by an AI that found it in 2 seconds? And what if that AI was owned by a competitor? The moral hazard is clear: the same technology that prevents loss can also cause loss if its integrity is compromised. Logic is binary; intent is often ambiguous.
Takeaway: The Coming Vulnerability Debt Crisis
The financial industry is racing toward a future where AI can find any vulnerability within seconds but humans cannot fix them fast enough. This is not a solvable problem with better models or faster humans. It requires a fundamental rethinking of how we design incident response pipelines, regulatory frameworks, and information-sharing protocols.
Three developments will shape the next 18 months:
- Regulatory intervention: Expect the SEC or the Federal Reserve to mandate minimum response-time standards for AI-discovered vulnerabilities. Banks will be required to demonstrate that they can patch critical flaws within a certain window or face penalties. This will spark a surge in automated patching technologies—but also increase the risk of faulty patches causing outages.
- Collective defense models: Insurance companies and clearinghouses will push for a shared vulnerability database funded by subscription, similar to the Financial Services Information Sharing and Analysis Center (FS-ISAC). Anthropic may be forced to open a sanitized version of Mythos to all members or lose regulatory goodwill.
- Model-to-model warfare: Attackers will begin deploying their own AIs to find vulnerabilities in the licensed banks before Mythos does, or to specifically target vulnerabilities that Mythos cannot detect due to its training data biases. The arms race will shift from code to model architecture. The bank that deploys the better AI will survive. The others will suffer the next derivative of a flash loan attack, but at institutional scale.
When I look at the current landscape—sideways market, chop in crypto, institutional adoption of AI—I see a window for those who understand that security is not a state but a rate. Mythos is a harbinger. It proves that AI can solve one problem (finding flaws) while creating another (managing the pipeline). The solution is not to slow the AI but to accelerate the humans, or better yet, delegate the entire process to a second AI that handles patching, testing, and rollback autonomously. But that second AI introduces its own trust and control problems.
We are not ready. No one is. And that is exactly why this moment matters.