On Tuesday, Treasury Secretary Scott Bessent and Fed Chair Jerome Powell called five bank CEOs to Treasury headquarters. Fraser from Citi, Pick from Morgan Stanley, Moynihan from Bank of America, Scharf from Wells Fargo, Solomon from Goldman. Dimon was invited. He didn't show.

The subject was a single AI model.

This is, as far as anyone can determine, unprecedented. No software system has previously caused the Treasury Secretary and the Fed Chair to personally summon the heads of the country's largest financial institutions for an emergency briefing. Not a ransomware campaign. Not a foreign exchange shock. Not a breach. A model.

I've already written about what Mythos can do. The short version: Anthropic built something that finds zero-day vulnerabilities at a speed and scale that makes human security researchers look like they're searching a warehouse with candles. Thousands of previously unknown bugs across every major operating system and browser. A 27-year-old OpenBSD TCP flaw. A 17-year-old FreeBSD hole that gives unauthenticated root access. A 16-year-old FFmpeg bug that survived five million automated test runs.

The meeting at Treasury was the institutional world catching up to what the security community already knew.

Neither the Treasury nor the Fed issued a statement afterward. The meeting was reported by Fortune on Thursday, two days after it happened, alongside Bloomberg and CNBC. Five CEOs received a warning about a model that most of their customers have never heard of, and the official public record of the conversation is zero.

Today, Canada convened its own version. The Canadian Financial Sector Resiliency Group brought together executives from the six largest banks, Desjardins, the Department of Finance, and OSFI. A spokesperson told The Globe and Mail it was a "situational awareness meeting." Not an emergency. "We need to pay attention. There is something going on. Let's get together and talk about this."

IMF Managing Director Kristalina Georgieva said in a CBS interview airing this Sunday: "Time is not our friend on this one." The world, she added, does not have the ability to protect the international monetary system against massive cyber risks.

The numbers back her up. Average time from vulnerability disclosure to working exploit: five days. Median time for organizations to patch: seventy days. That fourteen-to-one ratio existed before Mythos. Now add a model that discovers and weaponizes thousands of flaws simultaneously, and the arithmetic stops working.

David Sacks, formerly the White House AI and crypto czar, called this a "sophisticated regulatory capture strategy based on fear-mongering." Anthropic does have history here. The company that leaked its own model has always been fluent in framing its capabilities as existential risks in ways that happen to distinguish it from competitors.

But Bessent and Powell don't work for Anthropic. Neither does Georgieva. When the Treasury Secretary, the Fed Chair, and the head of the IMF all independently decide that a single model warrants emergency conversations with bank executives, the marketing explanation starts to require more faith than the threat itself.

No regulations were announced. No policies changed. Five CEOs went to Treasury, heard what they heard, and left.

Sources: