Key Takeaways:
- JPMorgan CEO Jamie Dimon called Mythos AI access a "real issue" for US security
- Anthropic's Mythos model found thousands of unpatched software vulnerabilities
- JPMorgan spends $600M annually on cybersecurity as AI threats escalate
Key Takeaways:

JPMorgan Chase CEO Jamie Dimon said broad access to Anthropic's Mythos AI model is a "real issue" that the US government is now addressing, as the technology's ability to find software vulnerabilities outpaces defenses.
"Rapid advancements in AI models in recent months has both industry and government assessing potential threats," Dimon said July 15 at Senator Dave McCormick's Pennsylvania Defense and Innovation Summit in Carlisle, Pennsylvania. The issue took on more urgency after Anthropic said its Mythos model is so effective at identifying software weaknesses that it cannot be released to the general public, according to a Bloomberg report.
Mythos has uncovered thousands of unpatched vulnerabilities across systems, Anthropic Chief Executive Officer Dario Amodei said at a joint event with Dimon on May 5-6. Amodei estimated a window of roughly 6 to 12 months to address those flaws before exploitation risk spikes. JPMorgan, which allocates nearly $600 million annually to cybersecurity, has been actively testing the model internally.
The warning comes as JPMorgan reported $21.2 billion in net income for the second quarter of 2026, up 41% from a year earlier, with each business posting record revenue. The bank's $20 billion technology budget already supports almost 1,000 AI use cases spanning fraud detection, marketing and automated note-taking, Dimon said on the bank's July 14 earnings call. In some areas, AI has reduced head count by 30% to 40%, though most affected employees were offered other roles.
The Vulnerability Window Is Narrowing
Dimon has been escalating his rhetoric on AI-powered cyber threats for months. During JPMorgan's first-quarter earnings call on April 14, he called cybersecurity the bank's "biggest risk" and said "AI's made it worse, it's made it harder." In May, he compared unchecked AI risks to weapons of mass destruction, calling it "a nuclear weapon in the hands of someone."
The concern extends beyond traditional banking infrastructure. The vulnerabilities Mythos identifies exist in shared systems — cloud services, networking protocols, authentication platforms and open-source libraries that underpin both Wall Street trading desks and decentralized finance protocols. Smaller organizations with limited security budgets face disproportionate exposure.
Regulatory Scrutiny Is Building
Dimon's public warnings do not exist in isolation. The US government has already lifted restrictions on certain Anthropic models for trusted partners while maintaining controls on broader Mythos distribution. The Commerce Department under Howard Lutnick sent a letter to Anthropic in June warning of potential curbs on top AI models, Bloomberg reported.
For the AI sector, Dimon's comments signal that regulatory guardrails are likely to tighten. Companies developing frontier models may face new compliance requirements around vulnerability disclosure, mandatory penetration testing and restricted access tiers. JPMorgan's chief financial officer, Jeremy Barnum, noted on the July 14 earnings call that token expenses — the cost of running AI queries — remain "trivial" but are forecast to accelerate meaningfully in the second half of 2026 as the bank scales usage.
Anthropic, which is planning to file for an initial public offering and has scheduled investor meetings, according to a Bloomberg report, now faces the dual challenge of demonstrating its technology's value while managing the security risks that same technology creates. The company's Mythos model was cleared by US authorities for use by trusted partners in late June, but broad public access remains restricted.
This article is for informational purposes only and does not constitute investment advice.