“The Nuclear Weapons of Cybersecurity”: Why Treasury Just Warned Banks About AI’s New Power

It is unusual for the Treasury Secretary to call the heads of the largest Wall Street banks into a room to discuss a software system. It is even more unusual when the Federal Reserve Chair joins him. Treasury Secretary Scott Bessent and Fed Chair Jerome Powell recently gathered the CEOs of major Wall Street banks to warn them about Anthropic’s newest AI platform, Mythos, an artificial intelligence system reportedly so capable at hunting down software vulnerabilities that the company has only handed a preview to a handful of big tech and finance firms so they can patch holes before the rest of the world catches up.

That is the backdrop for a striking line from Steven Weber, the retired UC Berkeley professor who led the Center for Long-Term Cybersecurity. “Zero-day exploits are the nuclear weapons of the cybersecurity world,” Weber said. He argues that the rapid coding ability of frontier large language models has made this moment inevitable.

What a Zero-Day Actually Is

A zero-day is a software flaw the vendor has not yet discovered, which means defenders have zero days to fix it before an attacker can use it. Historically, finding one took elite human researchers weeks or months. AI systems trained on vast code corpora can now sift through software at machine speed, and that is the capability that has regulators alarmed.

OpenAI’s latest model, GPT-5.4 cyber, is raising similar concerns, and both Mythos and GPT-5.4 cyber excel at detecting zero-day exploits. The same skill that lets a defender harden a trading system lets an attacker compromise it. That is the dual-use problem in one sentence.

Why the Treasury Convened Bank CEOs

Banks sit on top of layers of legacy code, vendor software, and custom trading infrastructure. If an AI system can find unknown bugs faster than human teams can patch them, the asymmetry favors whoever deploys the model first. Bessent and Powell appearing together signals that policymakers now treat frontier AI as systemically relevant, in the same category as liquidity stress tests and counterparty risk.

The cybersecurity industry is reading the same signals. On Check Point Software‘s (NASDAQ:CHKP | CHKP Price Prediction) most recent earnings call, CEO Nadav Zafrir said, “The cybersecurity landscape is undergoing a fundamental shift as AI accelerates both the scale and sophistication of threats. Our strategy is purpose-built for this environment. With our four-pillar architecture, we are well positioned to benefit from accelerating demand for secure, enterprise-grade AI transformation at scale.”

What Investors Should Watch

The arms race has two sides. AI defenders (endpoint security, identity, cloud security, and SOC automation vendors) gain a tailwind every time a regulator raises the alarm. AI attackers, in the wrong hands, raise tail risk for every financial institution running unaudited code. For more on the regulatory backdrop, the Treasury Department’s press release feed is the authoritative source for any formal follow-up to this private meeting.

Weber’s nuclear analogy is uncomfortable for a reason. Once a capability exists, the question shifts from whether it will be used to who controls its use, and on what timetable. Bank CEOs now have that timetable on their calendars.