Zendoric
← Back to the day · July 16, 2026

Dimon compares Mythos to 'ballistic missiles': when Wall Street calls for limits on AI that hunts vulnerabilities

🕒 Published on Zendoric: July 16, 2026 · 00:23

Jamie Dimon, JPMorgan's CEO, warned that giving broad access to Mythos, Anthropic's model capable of detecting software vulnerabilities at a level the company itself considers too dangerous to release, amounts to 'giving ballistic missiles to private individuals.' His bank, ironically, is one of the few already using it daily.

By Quartz · July 15, 2026.

Jamie Dimon is not an AI safety researcher or an activist worried about existential risk: he is the chief executive of the largest bank in the United States. That is why it carries different weight when he compares broad access to Mythos —Anthropic's most advanced model— to "giving ballistic missiles to individuals". He said it at Republican senator Dave McCormick's Pennsylvania Defense and Innovation Summit, and added that the U.S. government "is on top of the matter". The phrase, reported by Bloomberg, is not gratuitous rhetoric: it points directly at Mythos's ability to identify software vulnerabilities with an effectiveness that Anthropic itself has described as excessive for a general release.

The striking part is that JPMorgan is among the select group of organizations that does have access to that model since April, and uses it precisely for what Dimon says he fears: stress-testing its own systems and coordinating findings with vendors and sector peers. A month after gaining that access, the bank had hundreds of employees working full-time to fortify its infrastructure. That is the underlying paradox of this episode: the very capability deemed too dangerous for the general public is, in controlled hands, a first-rate defensive tool. The debate is not so much whether Mythos is dangerous, but who decides who can touch it.

That access dilemma is not abstract: it has already proven fragile in practice. This month the U.S. government lifted export controls on Claude Fable 5 and Mythos 5 following an 18-day blackout caused by Amazon researchers who documented a technique to elicit dangerous responses from Fable 5 related to vulnerability discovery. A limited group of U.S. organizations regained access to Mythos 5 on June 26, and extending it to more domestic and international partners through Anthropic's Glasswing program remains under discussion with federal authorities. In other words: the switch on this type of technology can be turned off and on within weeks depending on what a single external research team discovers, something we had already flagged as a structural feature, not an anecdotal one, of relying on frontier models hosted and governed in a centralized way.

The backdrop to Dimon's words is his own bet on national security as both business and message. JPMorgan announced last year a "Security and Resiliency Initiative" under which it will allocate $1.5 trillion over ten years to sectors that strengthen the U.S. economy —50% more than it would have invested without that framework—, and tied it to a $24 million commitment to the Philadelphia shipyard within its "American Dream Initiative"; Dimon visited the city's Navy Yard the same day as the announcement. Added to his April shareholder letter, in which he argued that the U.S. must "get stronger" to preserve its military and economic position, the pattern is clear: Dimon has long spoken of AI, defense and industry as a single geopolitical piece, not as separate topics.

Our reading is that this episode marks a shift in who bells the cat in the AI safety debate. Over the past few years, warnings about models capable of finding vulnerabilities at scale came almost always from AI labs, academics or regulators. That it is now Wall Street's most powerful banker who frames it in weapons terms —and that he does so while his own company enjoys that very access— confirms that the risk has ceased to be a niche technical debate and become a question of how power is distributed between those who hold the key and those who do not. In the short term, this is exactly the kind of friction we had been anticipating: reactive governance, 18-day blackouts, access granted to a handful of banks and agencies while the rest of the world waits its turn. It is an uncomfortable and unequal transition, and it would be dishonest to present it any other way.

But the very fact that fuels Dimon's alarm is, seen with a long lens, a sign of where this could evolve for the better: a model capable of finding security flaws before an attacker is, well governed, a tool to fortify hospitals, power grids and critical infrastructure at a scale no human team of auditors could match. If access is managed with the same rigor with which JPMorgan says it is using it —to defend, not to attack— and programs like Glasswing manage to widen that circle of trust without repeating erratic blackouts, the same technology compared today to a ballistic missile may end up being one of the pieces that makes the digital infrastructure on which the abundance we pursue over the long term will be built more secure, not more fragile. The challenge, as almost always with frontier AI, is not the capability itself, but the quality of the institutions that decide who uses it and for what.

🔗 Related on Zendoric

Sources & references