When the Fed and Treasury Call the Banks: AI Cyber Risk Is Now a Systemic Concern

Key Takeaways

• US Treasury Secretary Scott Bessent and Fed Chair Jerome Powell convened major banks in an unscheduled meeting to discuss AI-driven cyber threats — specifically capabilities demonstrated by the Anthropic Mythos model.
• Regulators are now classifying AI-enabled cyber attacks as a financial stability risk, not just an operational one. That is a meaningful escalation in regulatory framing.
• Systemically important banks were told to strengthen defences; small firms that depend on large-bank infrastructure inherit that exposure.
• The meeting reflects a pattern: when regulators flag a systemic risk at the top tier, compliance expectations cascade to smaller firms within 12–24 months.
• Immediate action for small teams: update your business continuity documentation to include AI-driven disruption scenarios, and treat your AI governance documentation as examination-ready now.

Summary

In April 2026, Bloomberg reported that Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell called an urgent, unscheduled meeting with senior executives from the largest US banks. The focus: AI-driven cyber risks, and specifically the capabilities demonstrated by Anthropic's Claude Mythos model — the same model behind Project Glasswing.

The significance of the meeting is not just what was discussed, but who convened it and how they framed it. This was not a technology briefing from the OCC or CISA. The Treasury Secretary and the Fed Chair — the two officials most responsible for financial stability — treated AI-enabled cyber threats as a systemic risk category. That framing matters for how regulation, supervision, and compliance expectations will develop from here.

This article explains the regulatory escalation, why it matters beyond the largest banks, and what small financial services teams should do about it now.

What Was Reported

The Bloomberg report, drawing on sources familiar with the meeting, described the following:

• The meeting was convened at short notice — not part of a scheduled supervisory cycle.
• Attendance was limited to senior executives from banks classified as globally or domestically systemically important (G-SIBs and D-SIBs).
• The specific focus was the cyber capabilities demonstrated by Claude Mythos Preview, including its ability to autonomously discover and exploit vulnerabilities in widely deployed infrastructure.
• Regulators raised concern that such capabilities — whether controlled by Anthropic or accessible to adversaries through similar frontier models — could enable attacks on financial infrastructure that carry systemic consequences.
• The controlled rollout through Project Glasswing was referenced as context, but the meeting's concern extended to the broader threat landscape: not just this specific model, but the category of capability it represents.
• Banks were urged to strengthen cyber defences, with specific emphasis on dependencies on shared infrastructure and third-party software stacks.

Why the Framing Matters

The regulatory framing of a risk determines which agencies act, what tools they use, and how quickly expectations reach smaller firms.

Operational risk is the domain of individual bank supervisors — the OCC, the FDIC, the Fed's supervision function. A bank that fails to patch a known vulnerability may receive a matter requiring attention in an examination. The response is firm-specific.

Systemic risk is the domain of the Treasury and the Financial Stability Oversight Council (FSOC). When a risk is classified as systemic, the response involves coordination across agencies, potential rulemaking, and guidance that applies across the financial system — not just at individual firms.

By convening this meeting themselves rather than delegating it to bank supervisors, Bessent and Powell signalled that AI-enabled cyber threats have crossed a threshold. They are no longer treating this as a question of whether individual banks have adequate cyber hygiene. They are treating it as a question of whether the financial system as a whole is resilient to a new threat category.

That classification has downstream consequences for every financial services firm, large and small.

Why Small Teams Are Affected

Small financial services firms — small RIAs, fintech teams, independent broker-dealers, regional lenders — are not systemically important. But they are not isolated.

Infrastructure dependency. Settlement infrastructure, payment rails, custody chains, and interbank liquidity all run through systemically important banks. A disruption to a major bank's core systems is a disruption to services small firms depend on. Your business continuity plan should already model a scenario where your primary custodian, clearing firm, or payment processor is degraded. If it does not, this is the moment to add it.

Regulatory cascade. When regulators escalate standards for large institutions, those standards typically reach smaller regulated entities within 12–24 months — sometimes through formal guidance, sometimes through examination expectations that examiners apply uniformly. The SEC's FY2026 examination priorities embedded AI oversight across all firm sizes with no de minimis threshold. The SEC AI governance examination article covers what that looks like in practice.

Shared stacks. Small teams often use the same cloud infrastructure, SaaS platforms, and open-source foundations that large banks use. If Mythos-class AI can find zero-days in Linux kernels and major browsers — and it can — your firm's exposure to those unpatched vulnerabilities is real, regardless of your size.

Supply chain position. Many small fintech and advisory firms provide services to larger institutions. If those larger institutions are now required to assess the security posture of their service providers (a standard result of systemic risk remediation), your AI governance documentation becomes a procurement and relationship risk, not just an internal compliance matter.

Governance Goals

For a small financial services team, this regulatory escalation clarifies three governance outcomes that should be documented before examination season:

1. Business continuity for AI-driven disruption scenarios. Your BCP probably models scenarios like: key-person unavailability, data centre failure, third-party outage. Add a scenario for AI-enabled cyber attack on a critical counterparty or infrastructure provider. The response steps — identify affected services, activate fallbacks, notify clients, communicate with regulators — are largely similar to other outage scenarios. The new element is the trigger type and the speed at which such attacks can propagate.

2. Vendor security documentation that covers AI capabilities. Vendors who were not part of the Project Glasswing coalition are patching on the same public timeline as everyone else. For your top three to five critical vendors — the ones whose failure would most affect your operations — document their security advisory process, their patch SLA, and whether they track coalition-level disclosures. See the AI vendor due diligence guide for a 30-minute framework.

3. AI governance documentation that can survive an examiner review. Whether the next examination question comes from the SEC, a state regulator, or a counterparty due diligence process, the underlying ask is the same: can you demonstrate that you know what AI tools you use, how you oversee them, and what risks they carry? Documentation that exists in writing and reflects actual practice will hold up. Documentation that is aspirational will not.

Risks to Watch

The category is wider than one model. The Bloomberg report focuses on Claude Mythos, but Bessent and Powell's framing is about the capability class, not the specific vendor. Frontier-class AI models with strong coding and reasoning capabilities may have comparable offensive security reach, whether or not their developers intend it. The threat model update is about autonomous AI-assisted exploitation generally, not Anthropic specifically.

Adversarial access to similar capabilities. The concern regulators raised is not limited to Anthropic's controlled rollout. If sufficiently capable AI models become accessible to adversaries — through open-source releases, model theft, or independent development — the attack surface expands to include actors who do not follow coordinated disclosure protocols.

Regulatory acceleration. Unscheduled meetings between the Treasury Secretary and Fed Chair and the largest banks are not routine. They signal that formal regulatory action — guidance, rulemaking, or supervisory priorities — is likely to follow. The lead time between a high-visibility regulatory signal and formal expectation is compressing.

Documentation gaps becoming examination findings. Regulators who have publicly flagged a risk category are less likely to accept "we were not aware" as a response when they subsequently examine firms. Being on record as having addressed the risk — even in a lightweight, written form — is materially better than having no record at all.

Controls: What to Actually Do

These are practical steps a small financial services team can implement without a dedicated compliance or security team.

This week:

• Add a scenario to your business continuity plan for AI-enabled disruption to a key counterparty or infrastructure provider. Two to three paragraphs describing the scenario, likely impacts, and initial response steps is sufficient. It does not need legal review — it needs to exist in writing.
• Identify your three to five most critical vendors and confirm whether each has a named contact, a security advisory subscription, and a documented patch SLA. If any cannot answer those questions, log it as a risk item.

This month:

• Update your threat model to include the AI-assisted autonomous exploitation category if you have not done so following the initial Glasswing announcement. Note the regulatory escalation as additional context for why this category is now material.
• Review your AI tool inventory. Confirm that every AI tool used in client-facing, compliance, or operational functions is documented with an owner and a description of how it is supervised. The AI tool register template is a starting point.
• If your firm is a registered investment adviser, review your ADV Part 2A for AI-related disclosures. The SEC's FY2026 examination priorities make AI capability misrepresentation a specific focus.

This quarter:

• Conduct a vendor security review for your critical vendors using the questions in the AI vendor due diligence guide. Document the responses.
• If you have a written information security policy, add a paragraph describing the firm's awareness of AI-assisted attack capabilities and the patch SLA commitment in response. This lightweight governance act creates a record that is useful in examinations and in counterparty due diligence.

Implementation Steps

1. Today: Identify which vendors are most critical to your operations (custodian, clearing firm, cloud provider, core software). Note whether each was part of the Glasswing coalition (AWS, Google, Microsoft, Apple, CrowdStrike, Cisco, NVIDIA, JPMorganChase, Palo Alto Networks, Broadcom are confirmed members).
2. This week: Draft a business continuity scenario paragraph for AI-enabled disruption. Add it to your BCP document. Assign a named reviewer and a review date.
3. This week: Confirm your OS, browser, and runtime patch SLA. If you do not have one in writing, set a default: critical security updates within 72 hours of release, all others within two weeks.
4. This month: Pull your AI tool inventory. For any tool in a compliance, advisory, or client-facing function that lacks a written supervisory procedure, draft one — even a short one. A WSP that exists is better than one that is "being written."
5. This quarter: Conduct a security posture review for your top five vendors. Document responses. Add the review to your governance calendar as a quarterly recurring item.
6. Ongoing: Watch for formal regulatory guidance from Treasury, the Fed, or FSOC that addresses AI systemic risk. This is a developing regulatory story; the Bessent-Powell meeting is likely a precursor to formal action.

Checklist

Copy this into your governance document or task manager:

• Add AI-enabled disruption scenario to business continuity plan
• Identify top 5 critical vendors; confirm each has a named security contact and patch SLA
• Note which critical vendors were and were not part of the Project Glasswing coalition
• Update threat model to include AI-assisted autonomous exploitation category
• Review AI tool inventory — confirm all client-facing and compliance tools are documented
• For RIAs: review ADV Part 2A for AI disclosure accuracy
• Draft or confirm written patch SLA for OS, browser, and runtime updates
• Log vendor security review findings in a written record
• Schedule quarterly vendor security review as recurring calendar item
• Monitor for formal regulatory guidance from Treasury/Fed/FSOC on AI systemic risk

The Bigger Picture

The Bessent-Powell meeting is a regulatory signal, not yet a regulatory requirement. But signals from the Treasury Secretary and the Fed Chair are not advisory opinions — they reflect how the people setting the regulatory agenda are thinking about a risk.

The pattern that follows a signal like this is predictable: supervisory expectations rise at large institutions first, then cascade to smaller regulated entities; informal expectations become formal guidance; informal guidance becomes examination criteria. The SEC's FY2026 examination priorities — which embed AI governance across all exam categories with no firm-size threshold — followed the same path.

For small financial services teams, the question is not whether to address AI governance documentation. The question is whether to do it before an examination creates urgency, or after.

The controls required are not exotic. An updated BCP, a vendor security register, an AI tool inventory with written supervisory procedures, and a patch SLA written down somewhere — these are an afternoon's work for a team that takes them seriously. The firms that will find themselves scrambling are the ones that treated AI governance as a future obligation. The regulatory clock has moved.

For the technical security context behind this regulatory escalation, see the Project Glasswing deep-dive, which covers the zero-day findings, the 90-day disclosure window, and the patch management steps small teams should take now.

Frequently Asked Questions

Q: Why are the Fed and Treasury involved in an AI cybersecurity issue? A: Because regulators now classify AI-driven cyber threats as a financial stability risk, not just an operational one. If systemically important banks suffer AI-enabled attacks that disrupt settlement, payments, or credit markets, the consequences ripple across the broader economy. That classification changes the regulatory response: the Fed and Treasury act on systemic risk; the SEC and OCC handle operational risk.

Q: What is the connection between Project Glasswing and the Bessent-Powell meeting? A: Project Glasswing is Anthropic's controlled-disclosure initiative following the discovery that its Claude Mythos Preview model could autonomously find and exploit zero-day vulnerabilities in major operating systems and browsers. The Bessent-Powell meeting represents regulators responding to the same underlying capability — the systemic risk angle the coalition model alone cannot fully address.

Q: Does this affect small financial services firms, not just systemically important banks? A: Yes — in two ways. First, small firms depend on the infrastructure of large banks for payments, custody, and settlement. If that infrastructure is disrupted, small firms are affected regardless of their own security posture. Second, regulators who escalate standards for large banks typically cascade those standards to smaller regulated entities within 12–24 months. Getting ahead of the documentation requirements now is cheaper than catching up later.

Q: What should a small financial services team do differently as a result of this regulatory development? A: Add 'AI-driven systemic disruption' as a scenario in your business continuity and incident response documentation. Review your dependencies on large-bank infrastructure. And treat any AI governance documentation you have — vendor oversight, patch SLA, threat model — as examination-ready, not aspirational.

Q: Is this the start of formal AI-specific regulation of financial firms? A: Almost certainly yes, in some form. The SEC already embedded AI oversight into its FY2026 examination priorities. The Bessent-Powell meeting suggests the systemic risk angle is now on the Treasury and Fed's agenda. Whether that produces formal rulemaking, supervisory guidance, or examination-focused expectations is unknown, but the direction is clear: AI governance documentation is becoming a compliance requirement, not a best practice.

References

• Bloomberg. (2026, April). Bessent, Powell Summon Bank CEOs to Urgent Meeting Over Anthropic's New AI Model. Bloomberg (subscription required).
• AI Policy Desk. (2026, April). AI Zero-Days: What Project Glasswing Means for Small Teams. AI Policy Desk. /blog/project-glasswing-ai-zero-days-small-teams
• AI Policy Desk. (2026, April). SEC AI Examination 2026: What Examiners Will Ask Your Team About AI. AI Policy Desk. /blog/sec-ai-governance-examination-priorities-2026
• Financial Stability Oversight Council (FSOC). Annual Report 2025 — Cyber and Technology Risk. US Department of the Treasury.
• NIST. Artificial Intelligence Risk Management Framework (AI RMF). Retrieved from https://www.nist.gov/artificial-intelligence
• Federal Reserve. Supervisory Guidance on Operational Resilience. Retrieved from https://www.federalreserve.gov