The new AI model that could steal your life savings

Summary of The new AI model that could steal your life savings

by NPR

9mMay 11, 2026
Listen to Episode

Overview of The new AI model that could steal your life savings

NPR’s The Indicator examines a new Anthropic AI model, Claude Mythos, that the company said was powerful enough to create serious cybersecurity risks if released too widely. The episode asks whether advanced AI could threaten bank accounts and other critical systems—or whether this is another example of the long-running cat-and-mouse game between hackers and defenders. The short answer from the experts: the risks are real, but this is not a doomsday scenario.

What Anthropic Said About Claude Mythos

Anthropic described Claude Mythos as unusually capable at cybersecurity-related tasks, especially:

  • Finding software vulnerabilities
  • Connecting multiple small flaws into a larger exploit chain
  • Identifying weaknesses that could let attackers break into systems faster and at scale

The company’s concern was not that the model was exclusively a hacking tool, but that a general-purpose model could still be extremely dangerous in the wrong hands.

Why this mattered to banks

Because financial systems depend on huge amounts of software, even small bugs can create big vulnerabilities. That prompted high-level attention from:

  • Treasury Secretary Scott Bessent
  • Federal Reserve Chair Jerome Powell
  • Major bank CEOs

Anthropic also reportedly gave early access to a small number of financial institutions through a program called Project Glasswing so they could patch vulnerabilities before wider release.

Anthropic’s Response: Use AI to Fix AI’s Risks

Anthropic argues that if AI can discover bugs, it can also help defenders find and patch them faster. That’s the logic behind its security tool, Claude Security.

Key points in their defense:

  • Many critical bugs exist in old codebases
  • AI can help uncover vulnerabilities that have been hidden for years
  • Fixing these issues sooner could improve security across the industry
  • The goal is to create a “head start” for defenders before powerful models are broadly available

One example cited was a bug in key internet infrastructure that had reportedly existed for 27 years.

The Skeptical View: AI Could Also Make Security Worse

Not everyone is convinced the answer is so simple. Cybersecurity scholar Rachel Greenstadt of NYU warned that AI is enabling a new wave of development where people can create complex software they don’t fully understand.

Her concern:

  • More people are “vibe coding” with AI
  • That can produce software faster
  • But it may also introduce new classes of bugs
  • AI can help both defenders and attackers move faster at the same time

In other words, the threat is not just better hackers—it’s also more fragile software.

The Bigger Context: This Is an Escalation, Not a Break From the Past

The episode places Claude Mythos in the broader history of cybersecurity:

  • There has always been a cat-and-mouse game between attackers and defenders
  • U.S. intelligence still sees major threats from China, Russia, Iran, North Korea, and ransomware groups
  • AI may accelerate the pace, but it doesn’t create an entirely new kind of conflict

The episode also notes that other labs already have models that appear roughly as capable, which suggests Anthropic’s warning may be partly about responsible disclosure and public pressure as much as unique technical danger.

Main Takeaways

  • Claude Mythos was presented as a powerful AI model with serious cybersecurity implications.
  • Anthropic delayed broad release and gave select institutions early access so they could patch systems.
  • The company then released Claude Security as a defensive tool to find vulnerabilities.
  • Critics worry AI may increase the number of insecure systems, especially as inexperienced developers rely on chatbot-generated code.
  • Experts quoted in the episode suggest the situation is serious, but not apocalyptic: it’s more an acceleration of existing security challenges than a totally new threat.

Bottom Line

The episode’s conclusion is cautiously reassuring: AI is making cybersecurity faster, riskier, and more urgent—but it’s not clear that it is fundamentally changing the game. The message is essentially: patch the bugs now, because AI is going to find them either way.

“It’s neither the case that the angels have appeared nor the case that the sky is falling.”

Practical Implication

For banks, businesses, and software teams, the episode implies a clear priority:

  • Audit legacy systems
  • Patch known vulnerabilities quickly
  • Use AI tools defensively, not just offensively
  • Prepare for faster discovery of weaknesses as models improve