On Friday, the Bank of Canada's chief operating officer sat down with executives from the country's six largest banks, the Department of Finance, the Office of the Superintendent of Financial Institutions, and Desjardins Group. The reason: a single AI model built by a San Francisco startup is keeping the global financial system up at night.

The meeting, convened by the Canadian Financial Sector Resiliency Group (CFRG), was specifically about Anthropic's Claude Mythos. A Bank of Canada spokesperson insisted it was not an emergency. But when a central bank convenes your entire financial sector to discuss a single piece of software, the distinction between "emergency" and "urgent situational awareness" feels like a technicality.

This is not an isolated event. It is now a pattern. Earlier in the week, U.S. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell summoned the CEOs of JPMorgan, Goldman Sachs, Bank of America, Citigroup, Morgan Stanley, and Wells Fargo to discuss the same model. Then JD Vance convened a call with the CEOs of OpenAI, Google, Microsoft, xAI, CrowdStrike, and Palo Alto Networks. Same topic. Same model.

Three countries. Three separate financial and security summits. One AI model. In a single week.

What Mythos Actually Does

Anthropic says Mythos has already found thousands of zero-day vulnerabilities across "every major operating system and web browser." That includes a 27-year-old bug in OpenBSD and a 16-year-old bug in FFmpeg that automated testing missed across five million test runs. On Anthropic's internal exploit benchmark, its previous best model had a near-zero success rate at autonomous exploit development. Mythos succeeded 181 times.

The model is not publicly available. Instead, Anthropic is running it through Project Glasswing, giving access to 12 partner organizations including Amazon, Apple, Microsoft, Google, and JPMorgan, plus about 40 additional organizations. Anthropic committed $100 million in usage credits to the program.

Charles Finlay, executive director of Rogers Cybersecure Catalyst at Toronto Metropolitan University, put it bluntly: "If what Anthropic has said about the model's capabilities is true, we may be in an entirely new world when it comes to cybersecurity and keeping our technology secure."

The Real Story: Financial Systems Are Not Ready

Here is what nobody is saying out loud: the meetings are not really about one model. They are about what one model reveals about the financial system's readiness for AI-powered cyberattacks. If Anthropic built something that can find and exploit vulnerabilities in every major browser and OS, the question is not whether attackers will build something similar. It is when.

Banks run on software. Legacy software. Software that was written decades ago and patched together with prayers and duct tape. When an AI model can autonomously find bugs that five million automated tests missed, the entire concept of "software security" gets rewritten overnight.

Canada's meeting comes on the heels of Anthropic's own designation as a supply chain risk by the U.S. government. The irony is sharp: the same company that the Pentagon blacklisted is now the reason central banks are convening emergency sessions to protect their financial infrastructure. Anthropic is simultaneously too dangerous to trust and too powerful to ignore.

What Happens Next

Expect more countries to follow. Bloomberg reported the Bank of Canada meeting involved members of the Canadian Financial Sector Resiliency Group, and if the pattern holds, the Bank of England and the ECB will be next. Every G7 central bank is now aware that a single AI model changed the calculus on financial cybersecurity.

The question for Anthropic is whether this is the best possible branding exercise or the worst. Having central banks convene over your product is either a flex or a liability. Right now, Anthropic seems to be hoping it is both.