US regulators convene major banks over AI-driven cyber risks, highlighting growing concern over systemic vulnerabilities.
Info via Bloomberg (gated).
Summary:
- US Treasury Secretary Scott Bessent and Fed Chair Jerome Powell held urgent meeting with major banks
- Focus: cyber risks tied to advanced AI model “Mythos”
- Model reportedly capable of identifying and exploiting system vulnerabilities
- Regulators see AI-driven cyber threats as a top financial stability risk
- Systemically important banks urged to strengthen defences
- Controlled rollout via “Project Glasswing” to limit risk exposure
- Highlights emerging intersection of AI capability and systemic financial risk
US financial authorities have moved swiftly to address a growing threat at the intersection of artificial intelligence and financial stability, convening an urgent meeting with major Wall Street banks to assess emerging cyber risks.
Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell brought together senior executives from the largest US banks in Washington this week, underscoring the seriousness with which regulators are treating the issue. The focus of the discussions was a new generation of AI systems, particularly a model known as “Mythos,” which is believed to possess advanced capabilities in identifying and exploiting vulnerabilities across widely used software and infrastructure.
The meeting, organised at short notice, reflects rising concern that increasingly sophisticated AI tools could materially alter the cyber threat landscape. Regulators are worried that such systems, if misused, could enable more effective and scalable attacks on financial institutions, raising the risk of systemic disruption.
All banks involved in the discussions are considered systemically important, meaning any compromise of their systems could have far-reaching implications for the broader financial system. By bringing these institutions together, policymakers appear to be aiming for a coordinated and pre-emptive response rather than reacting after vulnerabilities are exploited.
The concerns are not purely theoretical. The developers of the model have themselves acknowledged both its offensive and defensive cyber capabilities, and have taken steps to limit its release. Access has initially been restricted to a small group of major technology and financial firms as part of a controlled rollout designed to strengthen system resilience ahead of wider deployment.
This initiative, referred to as “Project Glasswing,” is intended to ensure that critical infrastructure is hardened before similar technologies become more broadly available. It reflects a growing recognition that advances in AI are not just productivity-enhancing, but also introduce new classes of risk.
The issue also intersects with broader tensions between the technology sector and policymakers. The company behind the model is reportedly engaged in a legal dispute with US authorities over its classification as a supply-chain risk, highlighting the complex regulatory environment surrounding cutting-edge AI development.
Overall, the episode signals a shift in regulatory focus. Cybersecurity risks driven by AI are increasingly being treated not just as operational concerns, but as potential threats to financial stability itself.
