Jamie Dimon (제이미 다이먼), CEO of JPMorgan Chase, identified Anthropic’s generative artificial intelligence model “Claude Mythos” as a high-risk technology from a cybersecurity perspective.

On May 5, fintech media outlet American Banker reported that Dimon said at an Anthropic event in New York that advanced AI models can find software vulnerabilities far faster than existing security auditing tools.

Dimon appeared to play down the cybersecurity threat from advanced AI models during an earnings announcement last month, but this time drew a line, saying the threat is realistic. He noted that cybersecurity has been banks’ biggest risk for years, and said the situation has become more serious since Anthropic unveiled Claude Mythos.

Dimon called Claude Mythos “quite threatening” and said Anthropic was right to restrict access so it could secure time for research and response.

JPMorgan expects it can address vulnerabilities in its own applications in about 1 year. But it stressed that open-source software commonly used by large banks must be improved jointly. The remarks reflected a view that individual company responses have limits.

Dario Amodei (다리오 아모데이), CEO of Anthropic, who attended the same event, also said related risks are already becoming visible. “The threat is very real,” he said, explaining why Anthropic limited access to Claude Mythos to 12 large companies participating in “Project Glasswing” and shared concerns with the federal government.

Anthropic said models before Mythos found about 30 vulnerabilities in Firefox, while Mythos discovered nearly 300. The figures add to concerns that advanced AI models can be used for cyber defence while also boosting attack capabilities.

Anthropic also warned that many vulnerabilities have not yet been fixed. Amodei said he identified tens of thousands of vulnerabilities but disclosed only some details because malicious actors could exploit them if specifics became known before fixes were in place. He said he was concerned that if such a situation spread to schools, hospitals, banks and financial accounts, it could lead to widespread ransomware damage and financial losses.

Regulation and upgrades to response systems have also emerged as tasks. Amodei said he held meaningful discussions with U.S. Treasury Secretary Scott Bessent about Claude Mythos’ cybersecurity risks. He also said the Treasury is listening to views across banking and financial services and is taking the risks seriously. But he said the current response is closer to a temporary procedure than a consistent system.

Anthropic also cited a technology gap. Amodei said other AI companies are about 3 months behind, and Chinese models are 6 to 12 months behind. He said that time amounts to a de facto limited response window to fix vulnerabilities. At the same time, he said Claude Mythos can also be used to help write safer code, and argued that successful risk management could produce better outcomes.

Amodei dismissed concerns about a shortage of computing resources. “It is a misunderstanding to say there are not enough computing resources for the government and the private sector to use Mythos at the same time,” he said. “The compute used by Claude Mythos is only a very small portion of Anthropic’s overall resources, and there is no problem scaling it up by 3 times or 10 times if needed.”

He took a cautious stance on a system under which government agencies pre-approve new AI models. Amodei said balance is important for any new technology, and that a lawless zone that allows everything should be avoided, but approaches that greatly slow innovation, like a U.S. Food and Drug Administration-style approval system, should also be guarded against. He said industry should move quickly while putting safeguards around the most serious risks.

Dimon also introduced that JPMorgan has used AI since 2012 to help resolve mortgage loan issues. At the time, he said it used machine learning to analyse large datasets and capture patterns that were difficult for people to find. JPMorgan later established a dedicated AI unit and has applied AI to risk management, fraud detection, marketing, design, memo writing, document review and other areas.

On the future software market landscape, Dimon said it is likely that existing software companies and generative AI models will coexist. With existing firms attaching AI agents to their programs, he said a hybrid structure is more likely to continue than a trend in which one side completely replaces the other.