Anthropic Mythos 5 and the New AI Cyber Risk Facing Banks and Accounts Payable
Anthropic’s Mythos models have moved from a restricted research preview into a broader defensive cybersecurity program. The latest developments make the implications for banks, payment systems, and Accounts Payable more concrete.
Mythos and Project Glasswing Timeline
Reuters reports that Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell warned major bank CEOs about cybersecurity risks tied to Anthropic’s new model.
Anthropic reports that it and approximately 50 Project Glasswing partners identified more than 10,000 findings they classified as high or critical severity. The company says the bottleneck is shifting from finding vulnerabilities to verifying, disclosing, and patching them.
Anthropic expands Project Glasswing to approximately 150 additional organizations in more than 15 countries, bringing the reported partner network to roughly 200 organizations.
Anthropic publishes research on how advanced AI could accelerate the development of exploits for known but incompletely patched vulnerabilities, often called N-days.
Anthropic launches Claude Mythos 5 for a small group of vetted cybersecurity defenders and infrastructure providers participating in Project Glasswing.
Anthropic suspends access to Mythos 5 and Fable 5 after receiving a U.S. government directive restricting access by foreign nationals.
Anthropic restores Mythos 5 access to a limited group of approved U.S. organizations after the government lifts the export controls.
Anthropic publishes additional information about its cybersecurity classifiers and proposes a framework for evaluating the severity of AI jailbreaks.
Anthropic publishes a case study reporting that the Government of Alberta used Claude to scan 466 million lines of code in 20 hours and help identify and remediate security gaps.
There are moments when technology improves gradually, and then there are moments when it changes the rules of the game.
Anthropic’s Mythos work appears to be an important step in that second category.
Anthropic introduced Claude Mythos Preview as part of Project Glasswing . Anthropic described the unreleased model as unusually capable at computer security tasks, including identifying and exploiting serious software vulnerabilities under controlled conditions.
The company did not release Mythos Preview broadly. Instead, it gave selected technology companies, infrastructure providers, open-source organizations, and security teams restricted access so they could use the model defensively.
That should matter to Accounts Payable professionals because AP sits directly on top of the systems that approve, transmit, and record money.
AP teams may not manage cybersecurity directly, but they depend on bank portals, ERP systems, payment integrations, browsers, cloud applications, vendor portals, and approval workflows. If those systems become easier to attack, AP becomes part of the blast radius.
What Changed After the Original Article Was Published
The April announcement was initially about the potential of a restricted model. The developments since then have provided more evidence of the scale, the defensive opportunity, and the control challenges.
More Than 10,000 Reported Findings
Anthropic reported that it and its initial Glasswing partners identified more than 10,000 high or critical-severity findings across important software systems.
That number is Anthropic’s report, not an independent audit of every finding. Even so, it illustrates the operational challenge created when automated discovery moves faster than human validation and patching.
Glasswing Expands Internationally
Anthropic added approximately 150 organizations in more than 15 countries to the program. The expansion included organizations supporting power, water, healthcare, communications, hardware, and other critical infrastructure.
AI Accelerates Known-Vulnerability Exploitation
Anthropic reported that Mythos Preview could turn a collection of known software patches into working exploit attempts much faster than traditional manual research.
This raises the importance of applying critical security patches promptly once vendors make them available.
Mythos 5 Launches, Pauses, and Returns
Mythos 5 replaced Mythos Preview for a small group of vetted cyberdefenders. A June 12 U.S. directive led Anthropic to disable access temporarily.
By July 1, limited access had been restored for approved U.S. organizations after the restrictions were lifted.
Safeguards Become Part of the Story
Anthropic published additional information about the classifiers used to block dangerous cybersecurity requests and proposed a common framework for evaluating the severity of model jailbreaks.
A Government Cybersecurity Case Study
Anthropic reported that a Government of Alberta team used Claude to scan 466 million lines of code in approximately 20 hours, identify vulnerabilities, support remediation work, and build additional security tools.
This case study shows the defensive side of the same technology: organizations may use advanced AI to examine large systems much faster than a traditional manual review.
Finding a vulnerability is not the same as successfully exploiting it. Reporting should distinguish between discovery, validation, exploit development, and confirmed compromise.
What Makes This Different
Cyber threats are not new, and software vulnerabilities are not new. What appears to be changing is the speed, the scale, and the automation.
Traditionally, finding a serious vulnerability required time, specialized expertise, and patient manual investigation. Developing a working exploit required additional technical skill and testing.
Advanced AI can compress parts of that process. A model may be able to inspect code, reason through system behavior, identify a weakness, and help a trained user develop a test or proposed fix much faster than before.
The risk is not only that vulnerabilities exist. It is that the time between disclosure, exploit development, and active attack may continue to shrink.
Why Banks and Regulators Paid Attention
Reuters reported that Treasury Secretary Scott Bessent and then-Federal Reserve Chair Jerome Powell warned major bank CEOs about potential cybersecurity risks associated with Anthropic’s new model.
Banking infrastructure depends on shared technology, including operating systems, browsers, cloud services, APIs, authentication tools, internal applications, and third-party software libraries.
If AI systems can identify weaknesses across that stack faster than before, banks and the organizations that rely on them may have less time to assess and remediate exposed systems.
In June, The Associated Press reported that Mythos identified vulnerabilities in sensitive U.S. government systems during a controlled testing exercise within hours.
The official cited by AP specifically cautioned that this did not mean the model exploited those vulnerabilities within that same period.
Even when an organization is not using Mythos or another advanced cybersecurity model, its AP workflows still depend on banks, software vendors, cloud providers, browsers, and integrations affected by the faster threat cycle.
Where Accounts Payable Fits Into the Picture
Accounts Payable is no longer a stand-alone back-office paperwork function. In many organizations, AP operates through a connected ecosystem of systems, credentials, data, and approvals.
This puts AP close to the software layers through which vendor data is changed, invoices are approved, and payments are released.
In practical terms, AP may become a meaningful target area in a future wave of faster, AI-assisted cyberattacks.
What This Could Look Like in the Real World
1. Payment Workflow Compromise
A weakness in a browser session, identity layer, plugin, or integration could be used to interfere with payment approvals or access controls.
2. Vendor Portal Manipulation
A serious supplier portal vulnerability could expose vendor records or allow unauthorized changes that normal AP review may not detect immediately.
3. API-Level Risk
Integrations between ERP systems, banks, payment platforms, and approval tools create efficient data paths. They can also create technical routes that attackers may attempt to exploit.
4. Faster Data Theft
Vendor master data, banking instructions, invoices, payment histories, and approval logs are valuable. AI may help attackers identify weak paths into those datasets more quickly.
5. Disruption Timed Around Critical Payment Periods
Attackers do not always need to shut down an entire company. Interrupting payment systems near payroll, month-end, quarter-end, or a major payment run may create enough pressure to cause mistakes or control bypasses.
The Patch Gap Is Becoming an AP Issue
Anthropic’s June research focused on N-day vulnerabilities, meaning flaws that have already been disclosed but are not yet patched everywhere.
Once a security patch is published, attackers can compare the old and new software versions to identify what changed. Advanced AI may make that comparison and the development of a working exploit faster.
For AP, the practical lesson is simple: software updates affecting bank access, browsers, ERP integrations, invoice automation, identity tools, and payment applications may become more urgent than they once appeared.
Accounts Payable should not install enterprise software independently, but it should know who owns patching for every payment-critical platform and how AP will operate if a system must be taken offline quickly.
What AP Teams May Notice
- More frequent software patches and security notices
- New multifactor authentication requirements
- Shorter deadlines for applying critical updates
- Temporary downtime for bank or AP platforms
- Stricter controls around vendor changes and payment releases
- More scrutiny of service accounts and API credentials
- More questions from auditors, insurers, and security teams
Even when the threat feels technical or abstract, the operational consequences for AP may become very concrete.
The Defensive Opportunity
The same capabilities that may help attackers move faster can also help defenders identify weaknesses earlier. That is the central purpose of Project Glasswing.
Anthropic says participating organizations have used its models not only to find vulnerabilities, but also to suggest patches, test software before release, and help modernize older code.
The Government of Alberta case study provides a more recent example of this defensive opportunity. Anthropic reported that a small government team used Claude to examine hundreds of millions of lines of code in hours rather than attempting a manual review that could take years.
The remaining challenge is organizational capacity. A security team must still confirm that a reported vulnerability is real, determine its severity, coordinate disclosure, develop a safe fix, test that fix, and deploy it.
AI may accelerate discovery faster than organizations can complete those later steps.
What Accounts Payable Professionals Should Do Now
- Review dual approval controls for high-value and high-risk payments.
- Recheck vendor bank-change procedures and independent callback requirements.
- Separate vendor maintenance, invoice processing, payment approval, and payment release duties where practical.
- Limit banking and payment credentials to employees who need them.
- Confirm that shared credentials are prohibited and service accounts are documented.
- Ask who owns patching for the ERP, AP automation platform, bank portal, browser, and integration tools.
- Maintain an emergency-payment procedure that does not abandon normal verification controls.
- Include AP systems and payment runs in business-continuity and incident-response planning.
- Treat unusual workflow behavior, unexpected login changes, and unexplained vendor-data changes as potential security events.
- Preserve system logs and supporting documentation so suspicious activity can be investigated.
Questions AP Leaders Should Ask IT and Treasury
- Which AP and banking systems are considered payment-critical?
- How quickly can critical security patches be tested and deployed?
- What happens if a bank portal, ERP integration, or approval platform is unavailable during a payment run?
- Are privileged credentials, service accounts, and API keys reviewed regularly?
- Can the company identify who changed vendor banking data, when it changed, and who approved it?
- Does incident-response planning include Accounts Payable, Treasury, Procurement, and vendor communications?
Bottom Line
The story has developed beyond an April product announcement. Mythos Preview produced reported findings at scale, Project Glasswing expanded, Mythos 5 was introduced, government restrictions interrupted access, and Anthropic responded with additional safeguards and a proposed jailbreak framework.
The Alberta case study also shows how the same class of technology could help defenders examine large systems, prioritize security work, and remediate vulnerabilities much faster than before.
For Accounts Payable, the main lesson is not that every AP department needs its own cybersecurity model. The lesson is that the technology supporting invoices, vendor data, approvals, and payments is entering a faster security cycle.
AP professionals do not need to become penetration testers. They do need to protect payment authority, follow vendor-change controls, respond to security updates, and participate in continuity planning.
Security is no longer somebody else’s problem once it reaches the payment workflow.
Sources & Further Reading
- Anthropic, Project Glasswing
- Anthropic, Assessing Claude Mythos Preview’s Cybersecurity Capabilities
- Anthropic, Project Glasswing: An Initial Update
- Anthropic, Expanding Project Glasswing
- Anthropic, Measuring LLMs’ Impact on N-Day Exploits
- Anthropic, Claude Fable 5 and Claude Mythos 5
- Anthropic, Statement on the U.S. Government Access Directive
- Anthropic, Redeploying Claude Fable 5 and Restoring Mythos 5 Access
- Anthropic, Cyber Safeguards and Jailbreak Severity Framework
- Anthropic, Government of Alberta Cybersecurity Case Study
- Reuters, U.S. Officials Warn Bank CEOs About Anthropic Model Risks
- Reuters, Mythos Access Expands to Approximately 200 Glasswing Partners
- Reuters, U.S. Removes Restrictions on Anthropic Models
- Associated Press, Mythos Testing Identified Vulnerabilities in Sensitive U.S. Systems
Editorial Note: This article was updated on July 10, 2026, to improve the formatting and include developments reported after the original April 11, 2026 publication date.
Practical AP reporting, controls guidance, automation coverage, and career support for the accounts payable community.

No comments:
Post a Comment