Anthropic CEO Dario Amodei warned Tuesday that the company’s Mythos model has uncovered tens of thousands of unpatched software vulnerabilities, and enterprises have roughly 6 to 12 months to fix them before adversarial AI models from China close the capability gap.

“The danger is just some enormous increase in the amount of vulnerabilities, in the amount of breaches, in the financial damage that’s done from ransomware on schools, hospitals, not to mention banks,” Amodei said during an Anthropic financial services event where he appeared alongside JPMorgan Chase CEO Jamie Dimon, according to CNBC.

The scale of discovery has grown dramatically with each model generation. An earlier Anthropic model found roughly 20 vulnerabilities in the Firefox browser. Mythos found nearly 300 in the same software. Across all software examined, the total count runs into the tens of thousands, Amodei said.

Most of the vulnerabilities found by Mythos have not been publicly disclosed because they remain unpatched. “The bad guys will exploit them” if they are identified, Amodei told CNBC.

The Geopolitical Clock

Amodei framed the urgency in geopolitical terms. Chinese AI models are “maybe six to 12 months” behind Mythos in capability, he said, meaning there is “roughly that amount of time” for defenders to act before adversarial AI can find and exploit the same flaws independently.

Anthropic has limited Mythos access to a small number of partner companies. The Trump administration formally opposed expanding that access beyond approximately 50 organizations last week, citing security risks and compute resource constraints. That restriction now sits in tension with Amodei’s own warning that the patch window is finite.

Dimon’s “Transitory Period”

JPMorgan’s Dimon offered a more measured take, calling the cybersecurity risks created by AI a “transitory period.” Both executives struck notes of conditional optimism. “This is about a moment of danger where if we respond to it correctly, and I think we started to take the first steps, then we can have a better world on the other side,” Amodei said. “There are only so many bugs to find.”

On regulation, Amodei compared AI oversight to the automotive industry: “You can’t just start a car company without ‘Are there brakes on this thing?’ We need to grope our way to some process that lets the industry operate expeditiously, is fair, but puts guardrails on the most serious things.”

Financial Services Expansion

Anthropic also announced an expansion of its financial services platform at the event, including 10 new AI agents for investment banking and back-office work, plus integration across Microsoft’s Office programs. The company said its latest widely available model, Claude Opus 4.7, leads benchmarks for financial analysis tasks.

The Enterprise Positioning Play

The setting was deliberate. Appearing alongside Dimon, the financial industry’s most prominent executive, positions Anthropic as the enterprise AI vendor of choice in financial services. CNBC noted that the event “seemed to demonstrate Anthropic’s lead over OpenAI in the enterprise AI market as both companies head toward potential IPOs.” Whether the cyber warning is genuine alarm or strategic positioning to justify restricted access to Mythos, the underlying vulnerability data is real, and the patch window Amodei described is now ticking.