"With Mythos, we found almost 300 vulnerabilities in Firefox and thousands - probably by now tens of thousands - beyond closed doors," Anthropic CEO Dario Amodei said at a financial services event in New York, underscoring a tension between rapid AI capability and an urgent cybersecurity clock.
Mythos' findings: nearly 300 Firefox bugs and far more elsewhere
Anthropic presented a startling tally of software flaws found using its internal tools. A pre-release model called Mythos reportedly identified almost 300 vulnerabilities in Mozilla Firefox, while Amodei characterized the broader total as "thousands - probably by now tens of thousands" across other platforms. He contrasted that with a pre-Mythos version of Claude, which had found just 20 Firefox vulnerabilities.
Anthropic has not publicly disclosed most of those additional flaws because, as Amodei put it, "only a small fraction have been fixed" and "if we announce something without it being fixed, then the bad guys will exploit it." The company therefore keeps most findings under wraps until remediation is complete.
The six‑to‑12 month remediation clock and the parallel of Chinese models
Anthropic set a concrete timeline for action. Amodei argued there is “roughly that amount of time to fix all these vulnerabilities,” meaning six to 12 months, and tied the window directly to competitive capability among rival models. He said other leading frontier model labs lag Mythos by one to three months, while "Chinese models are about six to 12 months behind." The implication, as stated at the event, is that delays in patching will become more dangerous as other models catch up.
Amodei also outlined a forward-looking mitigation approach: if Anthropic can use models like Mythos to rewrite and harden code within that timeframe, the net result could be software that is "inherently more secure by design."
Anthropic's financial‑services push and midmarket partnerships
The cybersecurity discussion was embedded in a broader strategy to scale Claude within financial services. Anthropic announced a new AI-native enterprise services firm formed with Blackstone, Hellman & Friedman and Goldman Sachs to help midmarket companies deploy Claude into core operations. The new firm will be standalone, with Anthropic engineers embedded directly into customer teams, and it counts additional backers including General Atlantic, Leonard Green, Apollo Global Management, GIC and Sequoia Capital.
Anthropic framed the partnership as a response to its internal capacity limits: the company is "roughly a 3,500-person company" with a go-to-market team "half a thousand going on a thousand," and thus cannot scale a 50,000-person sales organization overnight, Anthropic said. The new firm is intended to bring operating capability and capital to accelerate enterprise deployments.
Claude for Financial Services: templates, Microsoft integration, and data partners
Alongside the corporate partnership, Anthropic released product features targeting financial workflows. The company shipped 10 ready-to-run agent templates for tasks such as pitchbook creation, KYC screening, general ledger reconciliation and month-end close. Each template is available as a plug-in in Claude Cowork and Claude Code and as a cookbook for Claude Managed Agents, and Anthropic recommends using them with Claude Opus 4.7.
Anthropic emphasized speed of deployment: the templates package "skills, connectors and subagents"—domain knowledge, governed data access and specialized sub-models—so teams can deploy Claude "on real financial work in days rather than months." Lisa Crofoot, Anthropic's research product management leader, described an experiment in which Claude received an "open-ended brief" to forecast energy prices; she said Claude "beat the published state-of-the-art benchmarks" from week one and continued to improve.
Anthropic also announced integration with Microsoft's Office suite. The "Claude add-ins for Microsoft 365" bring Claude into Excel, PowerPoint, Word and Outlook; add-ins for Excel, PowerPoint and Word are generally available now, with Claude for Outlook entering beta soon. The company expanded its financial data ecosystem with eight new connectors including Dun & Bradstreet, Guidepoint, SS&C IntraLinks, Third Bridge and Verisk, alongside existing partners such as FactSet, S&P Capital IQ, MSCI, PitchBook and Morningstar. Separately, a new MCP app from Moody's embeds proprietary credit ratings and tools for use inside Claude.
What this means for financial firms, open‑source maintainers, and nation‑state actors
- Financial firms: Banks and other financial organizations will likely be asked to weigh faster AI-driven productivity gains—templates for KYC, reconciliation and pitchbooks—against the risk that unpatched vulnerabilities discovered by agent-style models are used against their software or supply chain. Anthropic's partnerships and Microsoft integrations aim to reduce deployment friction, but firms must also consider the remediation timeline Anthropic has spelled out.
- Open‑source maintainers and software vendors: Mozilla and other platform maintainers are directly implicated by the reported Firefox findings. Because Anthropic has not disclosed most flaws until fixed, maintainers face a compressed window to triage, patch and coordinate disclosure before wider publication or exploitation.
- Nation‑state actors and adversaries: Anthropic reported that Chinese state‑linked actors were using Claude to target U.S. tech companies, a claim raised at the same event. That observation is central to Anthropic's urgency: the company says adversary capabilities and the public availability of similar models are part of the reason for the six‑to‑12 month remediation imperative.
Anthropic has placed a bet that it can both surface a large volume of vulnerabilities and then use the same modeling techniques to eliminate them—while scaling Claude into finance through partners and product integrations. The coming months will test whether Mythos-driven discovery can be matched by coordinated, rapid remediation across affected codebases and whether the new midmarket firm can translate that work into secure, operational deployments.
