Goldman Sachs boosts cyber defenses after regulators warn on AI risk

Goldman Sachs is adding cyber and infrastructure defenses after regulators flagged Anthropic’s newest AI model, a sign that the bank’s AI push now has a second mandate: prove it is secure enough to trust.

David Solomon said Goldman was working with Anthropic as the firm responded to warnings from regulators about the latest model. For a bank built on control, reputation and execution, that makes frontier AI more than an efficiency play. It becomes a test of whether engineers, risk officers and compliance teams can keep pace with a technology that may help the business and threaten its systems at the same time.

The warning reached the top of the U.S. policy stack. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell met with Wall Street bank leaders in Washington, D.C., from April 8 to 10 to discuss the cyber risks posed by Anthropic’s Claude Mythos Preview. Anthropic has described the model as its most capable frontier model to date, but its own testing found it uncovered a now-patched 27-year-old vulnerability in OpenBSD. That kind of finding is exactly why banks are being pushed to harden controls before a model is used more broadly in production.

Anthropic’s broader security work shows how fast the risk landscape is moving. The company said Claude Opus 4.6 found 22 Firefox vulnerabilities over two weeks in collaboration with Mozilla, including 14 high-severity issues. Anthropic launched Project Glasswing on April 7 with JPMorganChase, Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, Microsoft, NVIDIA, Palo Alto Networks and The Linux Foundation among the launch partners, and said the initiative would extend access to more than 40 additional organizations that maintain critical software infrastructure. It also said it would commit up to $100 million in usage credits and $4 million in donations to open-source security organizations.

Anthropic released Claude Opus 4.7 on April 16 and said it was testing cyber safeguards on less capable models first, while also opening a Cyber Verification Program for security professionals using the model for legitimate cybersecurity work. That approach underlines the new operating reality for Goldman and its peers: AI rollout is now tied to red-teaming, resilience planning and tighter review of what reaches production. For Goldman employees, the shift means more scrutiny over vendor relationships, more urgency around security testing, and a clearer message from management that speed will keep running into control.