Artificial Intelligence & Machine Learning
,
Governance & Risk Management
,
Next-Generation Technologies & Secure Development
Mythos Found ‘Tens of Thousands’ of Unpatched Flaws With Months to Fix Them
Jennifer Lawinski •
May 6, 2026
Anthropic CEO Dario Amodei and JPMorgan Chase CEO Jamie Dimon warned of major AI-related security issues on the horizon during a financial services event in New York. (Image: Shutterstock)
Claude Mythos has identified thousands of vulnerabilities across software platforms, and most of those have yet to be publicly disclosed because they haven’t been fixed, Anthropic CEO Dario Amodei said at a financial services event with JPMorgan Chase CEO Jamie Dimon in New York on Tuesday.
See Also: Why Every AI Decision Begins With DNS
“With Mythos, we found almost 300 vulnerabilities in Firefox and thousands – probably by now tens of thousands – beyond closed doors,” Amodei said during the event.
And the clock is ticking. While other leading artificial intelligence frontier model labs are one to three months behind Mythos, he said, Chinese models are about six to 12 months behind. “I think we have roughly that amount of time to fix all these vulnerabilities,” he said.
Dimon echoed Amodei’s concern. “Cyber is our biggest risk. It’s been our biggest risk for years,” Dimon said. “And I said, and it’ll be made worse by AI – and like a week later, Mythos comes out.”
The threat has escalated at unprecedented speed, Amodei said, outlining the speed with which recent advancements have progressed. In the past 12 months Anthropic moved from beginning to use Claude to find security vulnerabilities in code to the pre-release of Mythos, which found nearly 300 vulnerabilities in Firefox, and tens of thousands more across other systems. Along the way, the company discovered that Chinese state-linked actors were using Claude to target U.S. tech companies. A pre-Mythos version of Claude found just 20 vulnerabilities in Firefox.
“The reason we haven’t announced many of them is, of course, only a small fraction have been fixed,” Amodei said. “If we announce something without it being fixed, then the bad guys will exploit it.”
That logic is behind Anthropic’s strategy with Mythos. “If we handle this right in six to 12 months – which is the time on which we have to handle it, because the Chinese models will catch up by that time – we could be in a better position than we started in, because we fixed all these bugs,” Amodei said. “There are only so many bugs to find. And if we’re rewriting all of our code with models like Mythos, we can use Mythos to write code that’s inherently more secure by design.”
The cybersecurity conversation was part of a larger push into financial services for the company.
Anthropic’s Midmarket Strategy
Anthropic, Blackstone, Hellman & Friedman and Goldman Sachs partnered to create a new AI-native enterprise services firm that will help midmarket companies deploy Claude into their core operations. The firm will be a standalone company with Anthropic engineers embedded directly into teams. Backers include General Atlantic, Leonard Green, Apollo Global Management, GIC and Sequoia Capital.
The move will help Anthropic scale into the enterprise space, a move Amodei said the company lacks the internal resources to accomplish alone.
“Anthropic is roughly a 3,500-person company. Our go-to-market team is half a thousand going on a thousand. Some of the companies that have revenue of the same order of magnitude as us have 50,000-person sales teams. You can’t hire a 50,000-person sales team overnight,” he said.
“Enterprise demand for Claude is significantly outpacing any single delivery model. Our partnerships with the world’s leading systems integrators are central to how Claude reaches large enterprises. This new firm brings additional operating capability to the ecosystem and capital from leading alternative asset managers,” Anthropic CFO Krishna Rao said in a statement.
The firm hopes to help midmarket companies address the engineering challenges of deploying AI across the business, adapting to integrating a platform with capabilities that can change on a weekly or monthly basis, Anthropic said. Implementations will be designed to evolve with Claude as AI capabilities advance.
Claude for Financial Services
Anthropic also released 10 ready-to-run agent templates for the financial services industry, targeting labor-intensive workflows such as pitchbook creation, KYC screening, general ledger reconciliation and month-end close. Each ships as a plug-in in Claude Cowork and Claude Code, and as a cookbook for Claude Managed Agents, so teams can deploy Claude on real financial work “in days rather than months,” the company said.
Each template packages what Anthropic calls skills, connectors and subagents, which are domain knowledge, governed data access and specialized sub-models for specific subtasks such as comparables selection or methodology checks. Firms can adapt them to their own modeling conventions, risk policies and approval workflows. Anthropic recommends using the agents with Claude Opus 4.7.
At the event in New York, Lisa Crofoot, research product management leader at Anthropic, described giving Claude an “open-ended brief that you’d hand to a team of seasoned analysts” to forecast next week’s energy prices.
“It had to figure out that it should read the news, find some data sources for inputs and try multiple approaches, iterating on its own model against the actuals,” she said. “From week one, Claude beat the published state-of-the-art benchmarks and kept improving on its own. Iterating based on what it observed in its model.”
One researcher working on the project had done this exact type of work at a major bank. “What took him three weeks in the past now takes Claude just two hours,” Crofoot said.
Anthropic also announced integration with Microsoft’s Office tool suite, enabling financial services employees to integrate these capabilities directly into their workflows.
“Claude also now works across Microsoft Excel, PowerPoint, Word and Outlook through the Claude add-ins for Microsoft 365,” Anthropic said. The integration enables context to carry between applications, so work done in one application can be continued seamlessly in another. For example, an analyst who built a model in Excel would not need to re-explain the project when the work moved to PowerPoint.
In Outlook, Claude functions as a chief of staff, triaging the inbox, arranging meetings and drafting responses in the user’s voice. Add-ins for Excel, PowerPoint and Word are generally available now, and Claude for Outlook will soon release in beta.
Anthropic also expanded its financial data partner ecosystem, adding eight new connectors. New additions include Dun & Bradstreet, Guidepoint, SS&C IntraLinks, Third Bridge and Verisk, joining an existing roster that includes FactSet, S&P Capital IQ, MSCI, PitchBook and Morningstar. The connectors give Claude governed, real-time access to data.
Anthropic also featured a new MCP app from Moody’s, which brings proprietary credit ratings and data on more than 600 million public and private companies directly into Claude for use in compliance, credit analysis and business development. Unlike connectors, which provide data access, the Moody’s MCP app goes a step further by embedding the provider’s own tools directly inside Claude.