Goldman Sachs is signaling that the newest generation of artificial intelligence models is no longer just a technology story or a productivity story. It is now a live cybersecurity issue for the banking system. Chief executive David Solomon said the bank is “hyper-aware” of Anthropic’s Mythos model and is working closely with Anthropic and its security vendors to understand and use frontier AI capabilities defensively. That language matters because it shows one of the world’s most important banks now sees this class of model as something that must be managed at the highest level, not simply monitored from a distance.
The concern is not theoretical. Anthropic said last week that Mythos has reached a level of coding capability where it can outperform nearly all humans at finding and exploiting software vulnerabilities. The company framed that as a potential threat to economies, public safety and national security, which is unusually stark language even by frontier AI standards.
For a systemically important bank like Goldman, that creates a new kind of risk. If AI models are becoming capable enough to automate or accelerate offensive cyber work at scale, then financial institutions are not only customers of the AI boom. They are also among its most exposed targets.
Solomon’s warning shows banks are taking this seriously
Solomon’s comments came as regulators and large banks moved quickly to assess the implications of Mythos. Reuters reported that U.S. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell held an urgent meeting with major bank chiefs to warn them about the cybersecurity risks linked to the new model. That group included leaders of some of the largest American financial institutions, which underlines how seriously Washington is treating the issue.
The reason is obvious. Large banks are systemically important because any major disruption to their operations could ripple across the broader financial system. If frontier AI materially increases the speed, scale or sophistication of cyberattacks, then this stops being a technology-sector problem and becomes a financial stability concern as well.
Goldman’s response appears to be to lean in rather than step back. Solomon said the bank has the model, is studying its capabilities and is accelerating investment in cyber and infrastructure resilience. That suggests firms do not believe they can defend themselves simply by waiting for regulators to act. They see the need to adapt directly and quickly.
Anthropic is describing Mythos as a watershed moment
Anthropic itself has not tried to downplay the issue. In technical material released through its security research channels, the company said Mythos represents a major shift in cyber capability and explained that it chose to limit access while coordinating defensive work with selected organizations. It also launched Project Glasswing, a broader effort to use the model for defensive security with large technology and infrastructure partners and to share lessons more widely across the industry.
That posture is notable because it reflects both confidence and concern. Anthropic appears to believe Mythos can be useful for hardening systems, but it is also clearly warning that the same underlying capabilities can be misused if they spread faster than defenses improve.
In other words, the company is not saying only that Mythos is powerful. It is saying that the balance between attack and defense may now be shifting in a way that demands immediate preparation.
UK officials say the model is a clear step up
The UK AI Security Institute reinforced that message. In its latest evaluation, AISI said Mythos showed significant improvement on multi-step cyberattack simulations and was the first AI model to complete a 32-step attack scenario created by the institute, succeeding in three out of ten attempts. AISI said the model appears capable of autonomously attacking small, weakly defended systems, though it stopped short of claiming the same for highly defended environments because current tests do not fully capture those protections.
That matters because it moves the conversation beyond vague fear. Regulators and public institutions are beginning to describe concrete benchmark results that show meaningful progress in offensive cyber capability. Even if the models are not yet unbeatable attackers, they are advancing fast enough to change the defensive baseline for banks, governments and critical infrastructure operators.
AISI’s conclusion was direct: future advanced models are likely to improve on Mythos, which means investment in cyber defense now is essential. That message aligns closely with Solomon’s decision to emphasize resilience and accelerated spending.
The financial sector may be only the beginning
The banking industry is especially sensitive because of its systemic role, but the broader implication is much wider. If Mythos can materially lower the time, skill or cost needed to identify weaknesses in software, then the pressure extends to any organization that depends on complex digital systems. Banks are among the first to react because they have both the resources and the regulatory incentive to do so, but they are unlikely to be the last.
That is why this story is important. It marks a point where frontier AI is being discussed not just as a tool that could improve cybersecurity, but as a force that may significantly intensify the threat environment itself. The institutions that move fastest to build defenses may gain an advantage. Those that move too slowly may discover that the cost of hesitation is much higher than in previous waves of cyber risk.
For Goldman Sachs, the message is already clear enough. Mythos is not being treated as a distant research novelty. It is being treated as an emerging security reality, and the bank is acting accordingly.
