Washington, D.C.

Dimon Sounds ‘Ballistic’ Alarm On Mythos AI Threat To New York Banks

AI Assisted Icon
Published on July 16, 2026
Dimon Sounds ‘Ballistic’ Alarm On Mythos AI Threat To New York BanksSource: Wikipedia/Steve Jurvetson, CC BY 2.0, via Wikimedia Commons

Jamie Dimon is not usually the one reaching for doomsday metaphors in public, but on Wednesday the JPMorgan Chase CEO told a national security crowd that Anthropic’s Mythos AI is a “real issue” that needs tight controls. He warned that the model’s power could be like handing “ballistic missiles” to individuals, a vivid way of dropping Wall Street right into the middle of the fight over who should be allowed near the most capable AI systems.

As reported by Reuters, Dimon made the remarks at Sen. Dave McCormick’s Pennsylvania Defense and Innovation Summit and added that the U.S. government “is on top of” the risks. The comments landed while banks, federal agencies and AI labs are already huddling over how to handle dual use tools, and they signal that big finance is genuinely nervous about both operational and systemic cyber threats.

What Mythos Can Do

Anthropic rolled out Mythos Preview in April, limiting access to a small set of vetted partners as part of a defensive effort it calls Project Glasswing. According to Anthropic, those partners have already used Mythos to uncover thousands of high and critical severity vulnerabilities in widely used software. That is a dream scenario for defenders trying to harden systems, but it also raises the nightmare scenario of someone turning the same capability into a rapid fire exploit generator. That tug of war between defender’s shield and attacker’s toolkit is at the core of the current argument.

Government Stepped In

In mid June, Washington showed it was willing to move fast. Federal officials issued an export control directive that effectively forced Anthropic to suspend certain model access by foreign nationals, briefly taking Fable 5 and Mythos 5 offline and triggering urgent talks between the company and regulators, according to Axios. The scramble exposed a new headache for policymakers: whether cloud access can be treated like a tradable export and how, exactly, to police nationality based limits on an API.

After intensive back and forth, the Commerce Department cleared a path for tightly managed access. A June letter eased restrictions so Mythos could come back online for an approved group of U.S. organizations that operate critical infrastructure, and Anthropic says it has since restored Mythos 5 access for a set of vetted partners, per Anthropic. For everyone else, access remains constrained, and both the company and the government are now on the hook for monitoring how the model is released and what safeguards surround it.

Why Banks And Regulators Are Uneasy

Dimon’s ballistic missile comparison captures a real policy dilemma rather than just colorful rhetoric. Large banks say tools like Mythos could help them spot and fix software flaws far faster than today, yet the same leap in capability could make it dramatically easier to generate working exploits. Regulators worry that the time between discovery and exploitation will shrink in ways that leave institutions scrambling to keep up.

Legal And Regulatory Takeaways

Legal scholars point out that treating API access as an “export” comes with thorny precedents and enforcement problems, including how to define and verify nationality in a cloud environment, as outlined by the Harvard Law Review. Policymakers now face a choice between sticking with permissioned, government approved previews for the most powerful models or building a broader framework that lays down safety, auditing and access rules across the AI industry.

For New York’s banks and public officials, Dimon’s warning turns up the volume on earlier, quieter nudges from regulators. Treasury and the Fed have already hauled industry leaders into closed door sessions to press them on AI driven vulnerability discovery, a meeting detailed in April when Wall Street titans were summoned to a secret AI cyber huddle. In the near term, firms are being told to focus on the unglamorous basics patch quickly, verify fixes and assume attackers will move faster. The longer term fix will require new policy, clearer law and fresh operational guardrails that match the speed of the technology.