The AI Found 10,000 Holes. Banks Are Already Behind.

Anthropic's Mythos has uncovered more than 10,000 cybersecurity vulnerabilities through Project Glasswing. The same week, the European Central Bank called in eurozone banks to tell them the clock is ticking on fixing exactly the kind of issues Mythos is now industrializing the discovery of. The asymmetry between AI offense and bank defense has a calendar.

Two things happened last week that look like separate stories. They are not.

On 19 May, Anthropic published a progress report on Project Glasswing, its AI-led security research program. The headline number is that its Mythos Preview model has now uncovered more than 10,000 cybersecurity vulnerabilities across surveyed open-source and enterprise codebases. The number is not the interesting part. The cadence is. Mythos is finding flaws faster than the rest of the security industry can document them, never mind patch them.

On 25 May, the European Central Bank called in eurozone banks and used the phrase "the clock is ticking." The agenda was specifically the IT issues that next-generation AI models have surfaced in bank infrastructure. ECB Supervisory Board chair Claudia Buch did not soften the language. The institutions in the room were told to materially accelerate remediation timelines on flaws that Anthropic-class systems are now finding in volume.

The asymmetry has always been theoretical: AI gets better faster than security operations can absorb. As of this week, it has a calendar.

We covered Project Glasswing earlier this year when Anthropic first disclosed the program's structure. The thesis then was that AI-led vulnerability discovery would compress the time between flaw introduction and flaw disclosure by an order of magnitude. The 10,000-vulnerability milestone confirms it. What did not exist when we first wrote that piece was the regulatory side of the equation. That arrived on Sunday.

What Anthropic actually disclosed

Project Glasswing is the umbrella program. Mythos Preview is the model underneath it. The May report from Anthropic frames Mythos as an internal research asset, not a commercial product, although the company has been increasingly explicit that the techniques it is developing will be commercialized through its enterprise security partnerships.

The 10,000 figure is across all surveyed codebases, not all of them in financial services. But the breakdown matters. The report names categories that are disproportionately present in bank stacks: memory-safety flaws in C and C++ payment switches, deserialisation gaps in legacy Java middleware, SSRF and IDOR patterns in legacy web applications that still front retail banking portals. None of this is exotic. Mythos is not finding zero-days in modern cryptography. It is finding the patient, accumulated debt of two decades of bank IT.

That makes the result worse, not better. Exotic vulnerabilities are rare and require expert exploitation. Pattern-matched legacy flaws scale. Once you have a model that finds them, the cost per discovered vulnerability collapses. Anthropic's own framing is that Mythos can scan and triage at a rate that would require hundreds of human researchers to match. The economics for an attacker doing the same work with comparable tooling are now strictly favorable.

We covered the strategic split between Anthropic and OpenAI on cyber capability disclosure in our Two Labs piece in April. Anthropic's Glasswing posture is "find first, withhold, coordinate disclosure with vendors." The current report demonstrates the find-first half is working. The disclosure half is where the European Central Bank now lives.

What the ECB actually said

Claudia Buch's framing was unusually direct. Banks have known about most of the categories of flaw Mythos is uncovering for years. The remediation question is not technical. It is organizational. Patching a payment switch requires regression testing, change-management approval, regulator notification, and downstream certification with card networks and clearing houses. The fast cycle is six weeks. The slow cycle is eighteen months.

The ECB's message was that the slow cycle is no longer acceptable. The implied threat is supervisory action against banks whose remediation calendars run past whatever the ECB internally considers the median time-to-exploit for AI-discovered flaws. That window has shrunk dramatically. The ECB has not published its assumed window publicly, but the language suggests something measured in quarters, not years.

This is the part that does not get said out loud in the public summaries. The ECB is essentially saying that the patch calendars banks have been operating on for the last twenty years are dead. The new calendar is set by the model.

The MM Liability Gap, applied

We use the MM Liability Gap framework to evaluate situations where a new capability outpaces the legal and operational structures that allocate responsibility for the consequences. Three questions: who knows about the flaw, who can fix the flaw, and who pays when the flaw is exploited.

Mythos compresses the first question to near-zero. The vulnerabilities are now known. They are cataloged. Anthropic shares disclosures with vendors under standard coordinated-disclosure timelines. By the time the ECB called the meeting, the relevant banks had already received the briefings.

The second question is the operational one and the ECB is now intervening. The European supervisory authorities are saying banks have to compress the gap between "vendor briefs us" and "patch deployed to production" from months to weeks. The infrastructure for that compression does not exist at most banks. Building it requires a meaningful budget reallocation and, in many cases, replacing the underlying systems that cannot be patched on the new cadence.

The third question is the one nobody wants to answer. When a flaw discovered by an AI is exploited at a bank that received the disclosure but had not yet remediated, who pays? Under current European frameworks, the bank pays the regulator (fines, capital surcharges) and the cardholder pays the operational cost (reissued cards, monitoring, time). The bank's vendor pays nothing meaningful, because the disclosure model assumes a remediation calendar the bank cannot meet. That gap is the liability gap, and it is widening as Mythos and equivalent systems industrialise the offensive side.

As Patrick McKenzie has written extensively about the mechanics of how bank IT actually works, the gulf between "patch is available" and "patch is in production" is not a function of bank laziness. It is a function of how core banking systems were architected in the 1990s and 2000s, when the threat model assumed defenders had months of lead time. Mythos changes that threat model. The architecture has not changed yet.

What European banks are about to do

Three things will happen in the next sixty days. They are predictable enough that we will name them now and check the calendar later.

First, capital expenditure on security operations will be reclassified as urgent. Boards that approved 2026 IT budgets in November will be asked to reopen them. The reallocation will favor vendors who can credibly compress patch deployment cycles. CrowdStrike, Wiz, and Snyk are the obvious beneficiaries. The losers are the legacy GRC platforms that were sold on the assumption that audit-readiness was the same as security-readiness.

Second, banks will start naming AI-led security work in regulatory filings. The ECB does not require this yet. It is coming. By the time the autumn supervisory review cycle starts, banks that cannot describe their AI-led detection and remediation programs will be asked to. The ones that cannot answer will be marked for follow-up.

Third, and this is the part that connects to the broader agentic AI security reckoning we wrote about earlier, banks will be forced to choose between two postures. Either they procure AI-led security tooling at scale (matching offense with defense), or they argue that the disclosed flaws are too specific to their environments to be remediable on the ECB's calendar. The first posture is expensive. The second is politically untenable now that the supervisory board has chosen its language.

The honest read is that European bank IT is about to enter a multi-year period of forced modernization driven by a regulatory posture set by what AI models can do, not what banks can do. That is a structural change in how supervisors think about cybersecurity, and it is happening this week.

Banks have spent twenty years assuming the remediation calendar belonged to them. The ECB just made it explicit that it belongs to the model. What is your bank's plan for the eighteen-month patch cycle that just became a six-week one?

Charlie Major is a Product Development Manager at Mastercard. The views and opinions expressed in Major Matters are his own and do not represent those of Mastercard.