Minister of Financial Affairs Satsuki Katayama and the three mega banks establish Japanese version of Project Glasswing. Preparing for Claude Mythos — God or Devil?

On April 24, 2026, Minister of State for Financial Services Satsuki Katayama convened an emergency meeting with Bank of Japan Governor Kazuo Ueda, the three megabanks, the Japanese Bankers Association, and Japan Exchange Group (JPX) leadership to assess the cyber threats posed by "Claude Mythos," a next-generation AI model developed by U.S.-based Anthropic, to the financial system. The meeting launched a public-private joint working group and initiated efforts to build a Japanese framework modeled on the U.S. Project Glasswing. Although Mythos is a pre-release model, unauthorized access via third-party vendors has already been reported, and the situation has entered a phase requiring a comprehensive review of the entire financial infrastructure — encompassing not only megabanks but also the securities and crypto-asset industries.

April 24 "The Crisis at Hand" Meeting: The Full Picture

Finance Minister Satsuki Katayama convened an emergency meeting on the afternoon of April 24 to discuss the cyber risks posed to the financial system by Anthropic's frontier AI "Claude Mythos." Attendees included Minister Katayama, Bank of Japan Governor Kazuo Ueda, MUFG Bank President Masakazu Osawa, Sumitomo Mitsui Banking Corporation President Akihiro Fukutome, Mizuho Bank President and Japanese Bankers Association Chairman Katsuhiko Kato, and Japan Exchange Group (JPX) CEO Hiromi Yamaji — an exceptional configuration in which the top decision-makers of Japan's major banks and the Bank of Japan gathered simultaneously. At an emergency press conference covered by Bloomberg, the Nikkei, TBS NEWS DIG, and others, Minister Katayama used pointed language, stating that "a cyberattack could immediately ripple out to market disruption and a crisis of confidence — this is truly a clear and present danger," framing the emergence of Mythos as a threat of a qualitatively different nature than anything previously faced by the financial system.

At the meeting, a threat model for the core systems and payment networks of the three megabanks and JPX was shared, based on Mythos's reported capability to "autonomously discover unknown zero-day vulnerabilities in operating systems and browsers and construct functional attack code in a short period of time." The agenda went beyond mere information sharing and was structured around three layers: the use of defensive AI, governance redesign including stricter access controls, and an assessment of the structural weaknesses of legacy systems. After the meeting, Minister Katayama announced the immediate establishment of a public-private joint working group. According to the Nikkei's digital edition, the working group is expected to be administered by the Financial Services Agency, with participation from the Bank of Japan, the three megabanks, JPX, and industry associations including the Japanese Bankers Association, the Regional Banks Association of Japan, and the Second Association of Regional Banks, with an inaugural meeting scheduled in the near future.

The prototype called the US version of Project Glasswing

To properly understand Japan's response, one must first grasp the U.S. "Project Glasswing" that served as the reference point. Integrating information published by Anthropic on The Linux Foundation blog, ASIS International, and CyberScoop, Project Glasswing is a defense-focused industry coalition announced in early April 2026, aimed at discovering and patching vulnerabilities in critical software before attackers can exploit them. Founding partners include Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, The Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks, with access granted to more than 40 additional organizations that maintain critical software. Anthropic committed up to $100 million in Claude Mythos Preview usage credits to the project, along with $2.5 million to The Linux Foundation's Alpha-Omega and OpenSSF, and $1.5 million to the Apache Software Foundation. Following the Mythos Preview research period, pricing was set at $25 per million input tokens and $125 per million output tokens.

JPMorgan Chase CISO Pat Opet cautiously described Project Glasswing as "a rare early opportunity to evaluate next-generation AI defense tools for critical infrastructure," while the emergency meeting convened by Treasury Secretary Bessent and Federal Reserve Chair Powell with top Wall Street bank executives signals that the boundary between national security and financial stability has begun to dissolve. The American Enterprise Institute (AEI) characterized Project Glasswing as "a warning that technical debt has transformed into national security risk," while the Foreign Affairs Forum positioned it as "the reinvention of cyber-financial security in the frontier AI era." The World Economic Forum (WEF) concluded that a "Mythos moment" has arrived—one in which frontier AI nonlinearly amplifies the capabilities of both attackers and defenders alike.

What is Claude Mythos——Three Names: "Misos," "Mitos," and "Mythos"

Claude Mythos Preview, announced by Anthropic on April 7, 2026, is a frontier model that represents a step-change leap in three capabilities—code comprehension, reasoning, and autonomous execution—according to a detailed technical card published on red.anthropic.com. In Japanese domestic coverage, TBS and SB Creative's Business+IT render the name as "Mitosu" or "Myutosu," while CoinPost and Yahoo! News adopt "Mitosu," resulting in a split in nomenclature; this article deliberately adopts "Mythos," the conventional English pronunciation. The word derives from the Greek μῦθος, which originally means "myth" or "story," and serves as the counterpart to logos (reason), referring to the domain in which humans have ordered the world through narrative rather than logic. While Anthropic has not explicitly stated its intention in choosing this word, security researchers have interpreted it as implying that the model's essence lies in its ability to read the "story" of code beyond what can be logically proven—namely, semantic comprehension and intent inference.

The capabilities become immediately apparent through concrete examples. Mythos scored 83.1% on the cybersecurity benchmark "CyberGym" (compared to 66.6% for Opus 4.6), identified a logical flaw in OpenBSD's TCP SACK implementation that had gone undiscovered for 27 years, and demonstrated a path to crash any server with just two crafted packets. In FFmpeg's H.264 codec, it located a 16-year-old vulnerability that a fuzzer had failed to trigger after 5 million attempts by reasoning about the code's semantics. In FreeBSD, it autonomously discovered and demonstrated a 17-year-old RCE (CVE-2026-4747) through which an unauthenticated user could gain root privileges via NFS. In the Linux kernel, it chained together two to four vulnerabilities, each individually classified as low severity, to construct a complete local privilege escalation chain involving a KASLR bypass. Further reported results include: the authoring of a four-stage exploit involving complex JIT heap spraying to escape both a browser renderer and OS sandbox; reverse engineering of closed-source binaries by reconstructing "plausible original source" to probe for vulnerabilities; and the completion of a 32-step enterprise network intrusion scenario from start to finish without human intervention. According to Anthropic, these capabilities were not explicitly trained for but emerged as a byproduct of general-purpose reasoning enhancement—a fact that sent a strong shockwave through the industry.

The Threat Structure Produced by Mythos——The Nonlinear Decline in Attack Costs

Bain & Company described Claude Mythos as "the wake-up call for AI cybersecurity," framing the core threat not as "Mythos alone" but as the scenario in which "Mythos-class models become available to attackers." Indeed, while Anthropic opted for a limited release, a series of reports from Bloomberg, TechCrunch, CBS News, Cybernews, Hackread, and Engadget revealed that around April 21, participants in private Discord-based forums had pinpointed URLs where the Mythos model might be hosted through what they called "educated guesses based on Anthropic's past naming conventions," and had gained access via a third-party vendor environment. An Anthropic spokesperson acknowledged that the company is "investigating reports of unauthorized access to Claude Mythos Preview through a third-party vendor environment." The incident rippled into investor sentiment as well: according to a summary by CoinPost, security stocks including Palo Alto Networks (PANW) and CrowdStrike (CRWD) fell 4–7%, while Bitcoin briefly plunged from just below $70,000 (approximately ¥10.5 million) to the $65,000 range (approximately ¥9.75 million).

VentureBeat's security correspondent argued that Mythos autonomously exploiting a vulnerability that had survived for 27 years raises the "detection ceiling" by another level, and recommended that Security Operations Centers (SOCs) can no longer rely on known signatures or simple behavioral detection, but must shift to playbooks that assume AI-vs-AI combat. The economic impact on offensive operations is significant: compressing exploit development from "weeks" to "hours" makes known but unpatched N-day vulnerabilities immediately fatal. Furthermore, defense-in-depth strategies that depended on attack friction are weakened, and as Bain & Company noted, the situation is widening where organizations cannot keep pace with threats unless they more than double their cybersecurity spending—currently averaging just about 0.69% of annual revenue. In the Japanese market as well, CloudNative Inc. commented on April 20 that "with the emergence of Mythos-class AI, cybersecurity is no longer solely a CISO issue but a matter of executive management," and Kiyoaki Saito—former president of kabu.com Securities and current representative of TradeWorks—was quoted on xtech.nikkei.com as stating: "Mythos identified a Linux kernel vulnerability shared by many financial servers. The premise of defense has been overturned."

The Outline of the Japanese Version of Project Glasswing——The Triangular Alliance of AISI, NCO, and the Financial Services Agency

On April 20, ahead of the meeting, the Liberal Democratic Party held a joint session of relevant subcommittees centered on Taira Masaaki, a member of the House of Representatives serving as head of the National Cybersecurity Strategy Headquarters, and compiled an emergency proposal to the government. Representatives from Anthropic and OpenAI participated in the meeting, and according to an article reprinted on Yahoo! News, Taira stated that "the Financial Services Agency, the AI Safety Institute (AISI), and the National center of Incident readiness and Strategy for Cybersecurity (NISC) will take the lead in advancing discussions toward the formation of a Japanese version of Project Glasswing to protect the financial system." Former Digital Minister Taira Takuya summarized that "cybersecurity has shifted to a question of governance and infrastructure design premised on AI," and coinciding with the timing of a new law on active cyber defense taking effect in April, a policy was outlined to simultaneously advance the defensive side's institutional, technical, and coordination dimensions.

At the core of the Japanese version of Glasswing, in addition to the FSA, AISI, and NISC, the Center for Financial Industry Information Systems (FISC) is expected to be deeply involved. FISC was established in 1984 under the initiative of the Ministry of Finance, and is a nonprofit organization supported by approximately 700 member financial institutions, insurance companies, securities companies, telecommunications operators, and computer manufacturers. Its "FISC Security Standards," first published in 1985, had just been revised to its 13th edition in February 2025. It is nearly certain that the next revision — one premised on offensive AI systems like Mythos — will be significantly accelerated, and among industry insiders, debate has already emerged around rewriting penetration testing standards from those "premised on human experts" to those "premised on Mythos-class offensive AI."

Are Non-Megabanks Safe? — The Blind Spots of Securities Firms and Cryptocurrency Exchanges

The fact that the meeting was centered on megabanks, the Bank of Japan, JPX, and the Federation of Bankers Associations reflects a natural order of priorities, yet it simultaneously highlights the danger that "other financial sectors remain outside the field of view." Securities firms have embedded large quantities of open-source components into the infrastructure underpinning SOR (Smart Order Routing) and high-frequency trading (HFT), and the layers that could be directly hit by the Linux kernel and FFmpeg vulnerabilities exposed by Mythos are by no means small. Behind Kiyoaki Saito's recommendation to "switch to vulnerability assessments that assume attack AI at the level of Claude Mythos" lies the reality that cross-industry SPDX/SBOM management is lagging, along with the assessment that mid- and lower-tier securities firms and asset managers could be the first to become entry points for attacks.

Cryptocurrency exchanges carry an even more vulnerable structure. The approximately ¥48.2 billion bitcoin theft from DMM Bitcoin in May 2024 was jointly attributed by the National Police Agency, the Financial Services Agency, and the Cabinet Cybersecurity Center to the North Korea-linked "TraderTraitor" group; however, should a Mythos-class model become available to similar actors, precision attacks targeting hot wallet signing servers and cross-chain bridge implementations would accelerate at an even faster pace. Domestic majors such as bitFlyer, Coincheck, and GMO Coin maintain the highest domestic standards through fundamental measures including cold wallet storage, two-factor authentication, and coordination with specialized organizations, but such layered defenses rely on "friction against attackers" — and this overlaps precisely with the domain Anthropic itself warned about at the time of the Mythos announcement, stating that "mitigations that depend on friction will be substantially weakened." The Japan Virtual and Crypto Assets Exchange Association (JVCEA) and the Financial Services Agency need to incorporate cryptocurrency exchanges as a second wave in the risk assessment framework responding to the Mythos shock, and Nikkei xTECH on April 22 conveyed the voices of industry insiders who have steeled themselves, saying they "have no choice but to respond."

Regional financial institutions, trust banks, insurance companies, and non-bank entities are no exception. Even where compliance with FISC security standards is maintained, systems burdened with legacy COBOL and outdated Java runtimes are structurally defenseless against the type of attack Mythos excels at — "reasoning about the semantics of code to identify vulnerabilities." It is only a matter of time before supply chain risks from so-called "third-party and fourth-party" vendors, including back-office SaaS providers and payment processors, begin to be reflected in cyber insurance underwriting assessments.

VC and Analyst Perspectives——Capital Concentrating on Anthropic and Its Side Effects

From the perspective of Silicon Valley VCs, the Mythos shock is significantly redrawing the investment map. Anthropic itself is advancing a fundraising round totaling $25 billion (approximately ¥3.75 trillion) at a valuation of $350 billion (approximately ¥52.5 trillion), with Singapore's GIC and U.S.-based Coatue each contributing $1.5 billion (approximately ¥225 billion), alongside commitments totaling $15 billion (approximately ¥2.25 trillion) from Microsoft and NVIDIA. Sequoia Capital has moved forward with its investment in Anthropic as reported by the FT—even while backing OpenAI, in which it is already a major shareholder, and Elon Musk's xAI—making it a emblematic deal of the VC world's "bet on rivals simultaneously" diversification strategy. The firm is also separately forming a new fund of approximately $7 billion (approximately ¥1.05 trillion) to expand its late-stage investments in the U.S. and Europe.

Andreessen Horowitz (a16z) has raised over $15 billion (approximately ¥2.25 trillion) in new capital, allocating a combined $3.4 billion (approximately ¥510 billion) to AI applications and AI infrastructure, and over $1 billion (approximately ¥150 billion) to its "American Dynamism" fund focused on defense, manufacturing, and national resilience, positioning AI cyber defense as "a pillar of U.S. strategic advantage." Glasswing Ventures—a firm committed to early-stage investment in AI-native and frontier technologies in the U.S. (a completely separate organization, despite the potentially confusing project name)—raised $200 million (approximately ¥30 billion) for Fund III in November 2025 and plans to back approximately 25 companies. Its investment thesis rests on three pillars—vertically integrated AI, intelligent enterprise defense, and next-generation compute—positioning it to capitalize on what Bain & Company and Business Insider have identified as "the expansion of the security market premised on Mythos-class models."

Global information security spending, estimated by Gartner at $213 billion (approximately ¥31.95 trillion) in 2025, is projected to grow a further 12.5% in 2026, and Mythos's public disclosure (Glasswing's final report is scheduled for early July 2026) is likely to act as a catalyst that sharply accelerates that tide. Major VCs including a16z, Sequoia, Greylock, and Lightspeed are already restructuring their AI security portfolios, and analysts expect that startups pivoting from signature-based attack detection to "AI-driven dynamic semantic analysis" will be best positioned in the fundraising environment of the second half of 2026.

The Editorial Stance of Each Paper and Site——Beyond the Binary of "God or Devil"

When surveying the tone of coverage by region and outlet, the differences in temperature are clear. *Foreign Policy* ran a piece titled "Anthropic's Claude Mythos Preview Changes Cyber Calculus," arguing that Mythos is a geopolitical event that rewrites the cost-benefit calculus of conventional cyberwarfare, while Tom's Hardware and Help Net Security coolly detailed its technical specifications. Major English-language outlets — Fortune, Euronews, CBS News, TechCrunch, Engadget, and Cybernews — focused on the leak incident via a third-party vendor and criticized the weakness of governance. Decrypt's "Serious Threat or Overhyped?", the UK AI Safety Institute (AISI)'s published "Our evaluation of Claude Mythos Preview's cyber capabilities," and expert analysis on Medium all reflect a sober, verification-first stance that does not take Anthropic's claims at face value.

Among domestic Japanese media, Bloomberg Japan, the Nikkei, TBS NEWS DIG, Nikkei xTECH, ITmedia, SB Creative Business+IT, and CoinPost ran Minister Katayama's movements and the industry's sense of urgency as their top stories day after day, with Yahoo! News and Livedoor News amplifying reach through syndication. Notably, xtech.nikkei.com has continued to feature named comments from key industry figures, functioning as a hub that bridges the gap between assessments of Mythos's capabilities and the lag in Japan's domestic response. Meanwhile, Investing.com reported on a separate-layer development — Microsoft integrating Claude Mythos into its security framework — hinting at a future in which Mythos becomes embedded not only on the attacker's side but also within defensive platforms.

The binary framing of "god or devil" risks, however, misreading the actual scope of the situation. Mythos is a capability that is neutral with respect to purpose; the fact that Anthropic itself gave defenders early access through Project Glasswing was not a design choice to delay the expression of the capability itself, but rather one aimed at maximizing "the defender's preparation window." It is neither god nor devil — simply a matter of who holds a tool with a longer lever, and in what order.

What to Do Now——Mandating a Company-Wide Security Audit

First, financial institutions — whether listed or unlisted — are now at a stage where they should immediately commission company-wide penetration tests (red team assessments) premised on Mythos-class attack AI. The practical solution is not a continuation of conventional annual vulnerability assessments, but rather a combination of AI-native diagnostic services being advanced by CrowdStrike, Palo Alto Networks, and others participating in Project Glasswing, together with "AI-vs-AI assessments" that major domestic providers such as LAC and NRI SecureTechnologies are beginning to offer ahead of schedule. Second, it is urgent to complete the preparation of a software bill of materials (SBOM/SPDX) within 90 days, so as to get ahead of the mass patch cycle that Mythos is expected to release in July and gain full visibility into legacy dependent libraries within one's own environment. According to Anthropic, a high-volume patch cycle targeting operating systems, browsers, cryptographic libraries, and major infrastructure software will commence simultaneously with the publication of the Glasswing report.

Third is the redesign of governance. As Bain & Company has noted, cybersecurity now exceeds the sole responsibility of the CISO and becomes a matter directly overseen by the CEO and the board of directors as the "highest-order business risk." It should be placed as a standing agenda item in executive meetings, with an AI threat war room established as a permanent internal function, and a posture built around continuously probing one's own systems from an attacker's perspective using defensive AI. Fourth is a comprehensive review of third-party and fourth-party supply chains. The fact that Mythos gained unauthorized access via a third-party vendor has demonstrated that each and every corporate API key, CI/CD pipeline, and SaaS connector constitutes a new attack surface. Fifth is cross-industry threat intelligence sharing. The gap period before a Japanese version of Project Glasswing is established must be filled through two-way information sharing with Financial-ISAC, the National Police Agency, AISI, and NCO. Securities firms and cryptocurrency exchanges should seriously consider the option of voluntarily adopting equivalent operational standards before being incorporated into working groups centered on the major banks.

Upcoming Trends — Milestones at a Glance on the Calendar

The near-term milestones form a chain of consecutive events. From late April through early May, the first meeting of a public-private joint working group will be held, with the organization of key issues and division of responsibilities taking shape. Between May and June, there is a strong likelihood that the Financial Services Agency will publish an emergency revision to the "FISC Security Control Standards" or supplementary guidelines addressing Mythos. In early July, Anthropic will release the "Glasswing Report" (the final report of Project Glasswing), triggering a global large-scale patch cycle for operating systems, browsers, cryptographic libraries, and major infrastructure software. Anthropic is expected to publish additional technical findings and industry recommendations within 90 days of that report, and in parallel, discussions within Japan are set to accelerate — with the Liberal Democratic Party and the Ministry of Economy, Trade and Industry moving toward a full "Glasswing-J" expansion covering critical infrastructure including electricity, gas, telecommunications, and transportation.

From autumn onward, the Cabinet Secretariat's NCO will translate the operational rules for active cyber defense into concrete implementation, marking the beginning of AI-driven anomaly detection and preemptive neutralization operations. On the investor side, concentrated investment in AI-native security from new funds at a16z and Sequoia, along with an additional round for Glasswing Ventures, is expected to concentrate in the second half of 2026 through the first half of 2027, with security-focused startups based in Tokyo, Kyoto, and Fukuoka emerging as M&A candidates. Whether "Claude Logos" (tentative name) — expected to be announced as Mythos's successor between late 2026 and early 2027 — can secure a decisive advantage for defenders will serve as the ultimate benchmark for this entire sequence of events. God or devil — the answer will be determined by how many companies sign penetration testing orders in the next 90 days.

Upcoming Trends — Milestones on the Calendar

The most immediate milestones form a chain of dominoes. From late April through early May, the first meetings of a public-private joint working group will be held, with identification of key issues and division of responsibilities taking shape. Between May and June, there is a strong likelihood that the Financial Services Agency will publish an interim revision to the "FISC Security Control Standards" or supplementary guidelines addressing Mythos. In early July, Anthropic will release the "Glasswing Report" (the final report of Project Glasswing), triggering the start of a large-scale global patch cycle for operating systems, browsers, cryptographic libraries, and major infrastructure software. Anthropic is expected to publish additional technical findings and industry recommendations within 90 days of that report, and in parallel, discussions within Japan are set to intensify around "Glasswing-J" — an expanded version covering critical infrastructure across electricity, gas, telecommunications, and transportation — driven by the Liberal Democratic Party and the Ministry of Economy, Trade and Industry.

From autumn onward, the Cabinet Secretariat's NCO will translate the operational rules for active cyber defense into implementation, with AI-driven anomaly detection and preemptive neutralization operations beginning. On the investor side, concentrated investment in AI-native security from new funds at a16z and Sequoia, along with an additional round for Glasswing Ventures, is expected to be concentrated in the second half of 2026 through the first half of 2027, with security-focused startups based in Tokyo, Kyoto, and Fukuoka emerging as M&A candidates. Whether "Claude Logos" (working title) — expected to be announced as the successor to Mythos between late 2026 and early 2027 — can secure a decisive advantage for defenders will serve as the ultimate benchmark for this entire series of developments. God or demon — the answer will be determined by how many companies sign penetration testing purchase orders in the next 90 days.