The Same AI That Protects Your Bank Can Break It. That Is the Dual-Use Problem Nobody Is Solving.

On a Sunday morning in May 2026, US Treasury Secretary Scott Bessent went on Fox News and told Maria Bartiromo something that should have stopped every enterprise risk manager in America mid-weekend. Americans should be worried about AI hacking into their bank accounts. He was not speaking hypothetically. He was speaking in the immediate aftermath of a closed-door meeting he and Federal Reserve Chair Jerome Powell had held with executives at JPMorgan Chase and Bank of America about Anthropic's Mythos model and what it means for the financial system.

That combination of facts deserves to sit with us for a moment. The Treasury Secretary of the United States used Fox primetime to warn viewers that their bank accounts are exposed to AI-driven attacks. That warning followed a private briefing between the nation's top financial regulators and the largest banks in the country about a specific AI model and its capabilities. The public statement and the private briefing tell the same story from two different angles. The same AI capability that makes financial systems more defensible also makes them more attackable. And the institutions that understand this are treating it as a crisis-level governance challenge, not a technology evaluation.

What Mythos actually does and why it changes the threat calculus

Anthropic has said publicly that Mythos has surfaced thousands of high-severity vulnerabilities, including flaws in major operating systems and web browsers. That capability, running at machine speed across an entire attack surface, is what makes it categorically different from the AI security tools that preceded it. Previous AI security tools assisted human analysts. They accelerated the search for known vulnerability patterns. Mythos is operating at a different level of autonomy and at a different scale of coverage.

The dual-use problem is structurally embedded in how that capability works. When a defender runs Mythos against their own systems, the model finds the vulnerabilities before an attacker does. The defender patches them. The system becomes more secure. That is the defensive use case and it is genuinely powerful. The banks at the JPMorgan and Bank of America briefing were told to take Mythos seriously and use it to find holes in their own defences before attackers do. That is sound security advice.

The problem is that the capability is not exclusive to defenders. An attacker with access to equivalent capability can run the same vulnerability discovery process against a target's systems. The model does not know whether it is being used by a defender or an attacker. It finds vulnerabilities either way. At machine speed. Across the entire attack surface simultaneously. Without the resource constraints that previously limited how comprehensively an attacker could survey a target's defences.

McKinsey's 2024 Global Banking Review found that 71% of major financial institutions reported a significant increase in the sophistication of cyber attacks in the prior 12 months, with AI-assisted attacks becoming the fastest growing threat category. IBM's 2024 Cost of a Data Breach report found that the average cost of a financial sector data breach reached $5.9 million, the highest of any industry sector. Those figures were compiled before Mythos-class capabilities became part of the threat landscape. They will look conservative in 12 months.

The financial system is structurally interconnected in ways that amplify the risk

The dual-use problem in financial services is not just about individual institution risk. It is about systemic risk. The financial system is structurally interconnected through payment rails, correspondent banking relationships, clearing and settlement infrastructure, and shared technology vendors in ways that create propagation pathways for a successful AI-assisted attack that do not exist in most other sectors.

A vulnerability discovered and exploited in a major payment processing platform does not stay within that platform. It propagates through every institution that processes payments through that infrastructure. A successful attack on a clearing and settlement system does not affect one bank. It affects every institution whose transactions settle through that system. The interconnectedness that makes financial services efficient in normal operation becomes a liability when a threat can traverse it at machine speed.

Across advisory engagements in BFSI, the systemic risk dimension of AI-assisted cyber threats is the conversation that is hardest to have within individual institutions because each institution's governance framework is scoped to its own risk rather than to the aggregate risk of the system it participates in. A bank that has defended its own systems against Mythos-class capabilities has solved its individual problem. It has not solved the systemic problem that arises when another institution in its payment network has not.


The regulatory gap this creates

Treasury Secretary Bessent's public comment came alongside his description of the need for a very important calculus between safety and innovation. That framing is revealing. It acknowledges that there is no settled answer. The regulatory infrastructure that governs cybersecurity in financial services, including the FFIEC guidance, the NIST Cybersecurity Framework, and the emerging SEC cybersecurity disclosure rules, was designed for a threat environment where human-paced attack discovery was the baseline assumption.

Mythos-class AI capability breaks that assumption. The NIST AI RMF 1.0 addresses AI risk management but was not designed with the dual-use offensive capability scenario specifically in mind. The EU AI Act's high-risk system classifications cover AI in critical infrastructure but the specific governance requirements for dual-use AI capabilities in financial services remain underdeveloped relative to the speed at which those capabilities are becoming available.

The Intel Terafab chip partnership that xAI is pursuing alongside SpaceX and Tesla signals that the compute infrastructure for the next generation of these capabilities is being built now. The governance infrastructure for how those capabilities get deployed in financial services is not keeping pace.

What banks and financial institutions need to do now

The defensive use case is non-negotiable. Financial institutions that are not already running AI-assisted vulnerability discovery against their own infrastructure are operating with an asymmetric disadvantage. The attackers who have access to these capabilities will use them. Institutions that are not using equivalent defensive capabilities are operating on a timeline that is shortening.

But the governance requirements extend beyond the technology adoption decision. Three specific governance gaps need to close before Mythos-class capabilities are fully deployed in financial services environments.

The first is vendor accountability architecture. When a bank uses an AI model to discover and patch vulnerabilities, the liability question for any vulnerability that was not found but subsequently exploited needs to be defined contractually before the deployment rather than litigated after the breach. AI vendors are not currently accepting liability for missed vulnerabilities. Banks need to understand what accountability architecture they are accepting when they deploy these tools.

The second is systemic risk disclosure. Individual institution governance frameworks are not designed to surface aggregate systemic risk. Financial regulators need a disclosure mechanism through which institutions report their AI-assisted vulnerability discovery results in a way that builds a systemic view of the shared attack surface rather than leaving each institution to manage its slice independently.

The third is the calculus Bessent described. The same capability that makes financial systems more defensible is the capability that, in the wrong hands, can break them. Until there is a policy framework that governs who has access to Mythos-class offensive capability and under what conditions, the dual-use problem remains structurally unresolved. The Treasury Secretary acknowledged this publicly. The policy response has not yet matched the public acknowledgment.

What this means for the second series thesis

When AI Becomes an Actor is the thesis running through this series. In the ER, AI became an actor in clinical decisions. In the courtroom, AI conversations became actors in legal proceedings. In the financial system, AI has become an actor in the offensive and defensive dimensions of cyber threat simultaneously.

The accountability architecture in each of these domains was built for a world where the capability ran at human speed. Mythos runs at machine speed. The governance frameworks need to operate at a comparable velocity if they are going to close the gap before the first Mythos-class financial system event that the Treasury Secretary was warning about on a Sunday morning in May.

Data source: Treasury Secretary Scott Bessent, Fox News interview, May 2026. Anthropic Mythos capability disclosure 2026. McKinsey Global Banking Review 2024. IBM Cost of a Data Breach 2024. NIST AI RMF 1.0 January 2023. EU AI Act August 2024.

The strategic observations in this piece draw from advisory engagements across BFSI and enterprise AI governance, and from co-authored research on responsible AI governance presented at BIGS 2025, AIS eLibrary.

Comments

Post a Comment

Popular Posts

Citrix's XenConvert Software

Some known problems while using Citrix's XenConvert Software. This section describes known problems for the XenConvert software. Wherever possible, a workaround for the problem has been tried. Converting a Workload with Files in Use XenConvert cannot copy a file in use by another application or service. To ensure that the file is included in the conversion, stop the respective service before starting the conversion. It is not recommended to convert a workload executing a critical service that keeps critical files open that cannot be stopped (such as a Domain Controller with Active Directory service).Mapped Network Drive Can Interfere with Conversion If a network drive was mapped to the next available drive letter (e.g. F: when last local drive was E), then XenConvert is unable to get the drive letter for the new VHD that it just created, mounted, and formatted because Windows assigned it to the same drive letter as the network drive. See http://support.microsoft.com/kb/297694/ for ...
Read more

Information Security Enterprise Architecture

Image
We strive to focus on architectures, methodologies, best practices and the latest technologies designed for proactive strategies that can be used for reducing the IT security risks and meeting the new security challenges. Well, I decided to write this blog inspired by Gartner's information security model. Infrastructure Protection The technology infrastructure is a fundamental to security and it must be fundamentally secure. Enterprises must prevent and limit damage to their business operations by deploying policies, processes, and technologies to detect and block attacks – both internal and external. We endeavour to minimize the vulnerabilities that enable attacks. The enterprise threat environment is changing rapidly, as are the approaches, applications, and technologies enterprises use to engage customers and partners. Therefore, the strategies must change with them. I believe the right approach is to focus on the processes, technologies, and services needed to protect data, app...
Read more

Phishing Attacks Through Bot Nets to Steal Millions of Dollars Online

Rock Phish attacks account for 50 percent of phishing incidents and have stolen “tens of millions of dollars” from bank accounts. This is the first time crimeware has been used in a Rock Phish attack. The victims of these phishing attacks get their personal data stolen and are infected by the Zeus Trojan, which is even worst for victims. In 2004 it was the first (and, for a long time, they were the only) gang to employ bot-nets in its phishing infrastructure in order to make the attacks live longer and be more scalable. It also pioneered new techniques in its spam mails so the mail could more easily evade spam filters. Within the past few weeks there has been a new advance — the inclusion of identity theft malware (or Crimeware) into the Rock group’s phishing attacks. While the term "botnet" can be used to refer to any group of bots, such as IRC bots , the word is generally used to refer to a collection of compromised computers (called zombie computers) running programs, usua...
Read more

Weekly Enterprise AI Signals

AI governance, enterprise transformation, and agentic systems analysis.

Practical insights drawn from real transformation programs, governance challenges, and enterprise AI adoption patterns. Published weekly.

No spam. No daily noise. Only high signal analysis.

Follow via RSS

Get posts in your feed reader.

Follow DigitalWalk on Feedly, Inoreader, or any RSS reader. New posts appear automatically the moment they are published.

No email needed. Just add the feed to your reader.

Subscribe Free →

Free AI Governance Assessment

25+ years across BFSI, Healthcare, and Enterprise AI. Co-author, BIGS 2025. IIT Delhi and Wharton.

30 minutes with a practitioner.

Evaluating AI deployment in a regulated environment? I offer a complimentary strategy conversation for senior leaders navigating AI governance, agentic AI, or enterprise AI architecture decisions.

No pitch. No obligation. Just a practitioner conversation.

Book a Free Conversation →

Vikas Sharma

Senior AI & Digital Transformation Advisor  |  AI Governance  |  Enterprise Architecture

🏠 Home LinkedIn Medium DigitalWalk X YouTube Email

sharma1vikas ©2026  |  Content for educational purposes only. Not professional advice. Information from public sources — verify independently. Views are author's own.