8-minute read | 1,850 words
What to know this week
The Treasury Department holds a risk meeting related to the new AI model.
After Anthropic released its new AI model, Treasury Secretary Bessent held a meeting to cover the cybersecurity risks it potentially creates.
EU age verification app is ready for deployment.
The European Union’s (EU) social media age verification app is ready for deployment within the regional territory.
This week's full stories
Treasury Secretary holds a meeting to cover risks related to Anthropic’s new model.
THE NEWS
Last week, Anthropic released its newest AI model, known as Claude Mythos Preview, which has been advertised as being able to identify security vulnerabilities in existing infrastructure that humans are unlikely to find. Anthropic claims the model can analyze codebases, identify exploitable flaws, and recommend remediation steps at both speed and depth.
However, despite the immense security capabilities promised by this new model, the technology has also raised significant security risks prompting Treasury Secretary Scott Bessent to hold a meeting on the matter.
For greater context, the model was released under Anthropic’s “Project Glasswing.” The project provides only a select group of forty companies access to the new model. With this access, the companies were warned about the risks related to the models. One of the confirmed group members is JPMorgan Chase. The bank stated that it aimed to use the model “to evaluate next-generation AI tools for defensive cybersecurity across critical infrastructure.”
With Project Glasswing, Treasury Secretary Bessent held a meeting to cover the new model and its related risks. The Treasury Department’s involvement signals that policymakers are increasingly viewing AI-enabled cyber risks not just as a technical problem, but as a financial stability threat. A Treasury spokesperson commented on the nature of the meeting stating:
“This week’s meeting was convened by Secretary Bessent to initiate a process for planning and coordination of our approach to the rapid developments taking place in AI.”
THE KNOWLEDGE
While this latest model was designed to find critical security vulnerabilities, there have been significant concerns surrounding how this model could compromise security. One of the greatest concerns is that the model could significantly enhance complex cyberattacks, especially within the banking industry.
TJ Marlin, the chief executive of Guardrail Technologies, commented on the significance of these threats noting how many banks currently run on technology stacks that use legacy software with numerous vulnerabilities. Marlin noted how this new model could be misused and turned into a force multiplier for breaches to take place at a catastrophic scale.
Naresh Raheja, a former employee at the Office of the Comptroller of the Currency, expanded further on this threat noting how many banks utilize the same vendors and software solutions, creating “a lot of IT interconnections.” This inherent nature creates major points of failure within a critical sector.
Given these concerns, the Trump administration is looking to rapidly involve itself to help warn industries of these threats as was the case with Treasury Secretary Bessent meeting with the banking sector's leaders. Alongside this meeting, National Cyber Director Sean Cairncross is set to lead a group of federal officials to identify vulnerabilities in critical infrastructure to help prevent AI exploitation.
These concerns are not unique to just the Trump administration. In addition to the US meeting with top banking leaders, government leaders from the United Kingdom (UK) and Canada also met with financial sector leaders to discuss the threats posed by this model.
THE IMPACT
Anthropic’s latest model represents a rapidly changing cybersecurity reality where AI systems are increasingly able to find vulnerabilities faster than any human is capable of. Though these tools hold significant promise as being able to drastically improve defensive security capabilities and reduce time to response, they also create significant risk if any hostile actor were able to steal or replicate these capabilities.
For the banking sector alongside other critical infrastructure operators, the stakes are high. Many of these organizations continue to rely on legacy systems and shared third-party vendors, which create an environment where AI-powered exploits could be utilized at a catastrophic scale. Rather than isolated breaches, policymakers and security experts are concerned that these vulnerabilities could cascade from isolated breaches to events that offline financial institutions, access to banks, and broader economic stability.
This new model could be the catalyst for the next major AI policy debate. That debate will likely center on restricted licensing frameworks, mandatory security audits, and a more involved federal presence to ensure these models are deployed in a controlled and secure manner rather than becoming inadvertent tools for large-scale exploitation.
Europe set to deploy new age-verification tool.
THE NEWS
On Wednesday, the EU announced that its new age-verification application for online platform oversight is ready for deployment.
With this application, European Commission President Ursula von der Leyen released a statement, emphasizing:
“We are moving ahead with full speed and determination on the enforcement of our European rules. We are holding accountable those online platforms that do not protect our kids enough. This app gives parents, teachers, caretakers a powerful tool to protect children, because we will have zero tolerance for companies that do not respect our children’s rights.”
The app is designed to be compatible with both mobile devices and computers and will require users to upload their ID cards and their passports to verify their ages or have a trusted third-party verify their age. The EU has also emphasized that the application will still protect its citizens’ privacy rights and personal data. This application has been in development since last year.
The application has already been tested in France, Denmark, Greece, Italy, Spain, Cyprus, and Ireland.
THE KNOWLEDGE
The EU developed this application in response to a need to strike a balance between protecting people’s online presence and not overly burdening their citizens. With this new application, the EU also emphasized that its solution was the “easiest age verification system” for platforms as they do not need to log any information about their users while still helping improve online safety for minors.
This application comes as the EU is convening experts to help draft policy that would institute an EU-wide social media ban by the summer. This social media ban would follow a growing global trend where nations are continuing to crack down on how minors can engage with online platforms.
Previously, Australia imposed a social media ban for those under sixteen years old. The ban prevents minors from using these social media applications. Alongside banning minors’ access to these accounts, the Australian government is holding these platforms accountable for repeated breaches of the law. Additionally, the government has stated that these firms must take “responsible steps” to keep minors off their platforms and utilize multiple age assurance technologies.
The Australian government has already begun to aggressively enforce these laws. At the end of March 2026, Australia threatened to file lawsuits against platforms which they deemed were not effectively enforcing the ban.
Outside of Australia, individual European nations have also begun to consider imposing or have already imposed these online platform bans. Other European nations that have imposed or are considering these bans include Austria, the United Kingdom (UK), Denmark, France, Germany, Italy, Norway, Poland, Portugal, and Spain.
THE IMPACT
This new application represents a major shift in how governments may approach online age verification. Rather than forcing online platforms to develop, implement, and secure their own age verification tools, the EU is creating its own acting as a central provider. This approach gives EU regulators greater control over enforcement while simultaneously reducing compliance requirements for platforms.
If the EU’s application is effective, it could quickly become the global standard for nations looking to regulate minors’ access to social media platforms. Additionally, the government-developed tool also helps to reduce concerns regarding user data privacy and security by removing the amount of data being collected by private companies.
As the EU continues to test this application and imposes its social media platform, this dynamic could satisfy multiple policy goals that look to better protect children, ensure user privacy, and not become overly burdensome for users. If successful, it is likely that the European model could set the standard for the next generation of online identity management.
This Week's Caveat Podcast: Anthropic vs Washington.
Dave Bittner and Ben Yelin revisit Anthropic’s lawsuits against the Pentagon after the company was reclassified as a supply chain risk. For context, after a falling out between the Trump administration and Anthropic, the federal government abruptly cut ties resulting in Anthropic filing two separate lawsuits against the administration. Dave and Ben also take a look at the looming Section 702 deadline, which is set to expire on April 20th. Section 702 allows domestic intelligence agencies to collect communications of foreigners overseas without a warrant and is considered to be one of the strongest surveillance tools.
OTHER NOTEWORTHY STORIES
Court allows social media youth addiction lawsuit to move forward.
What: A Massachusetts high court allowed the state’s lawsuit against Meta to move forward.
Why: On Friday, the Massachusetts Supreme Court ruled that a lawsuit involving Meta can move forward. In the case, state attorney general Andrea Joy Campbell alleged that Meta’s platform harmed users specifically related to how the company designed its social media sites and misled consumers about the safety of its platforms.
Meta attempted to have the case dismissed using Section 230 as a defensive argument; however, Justice Dalila Argaez Wendlandt stated that the company did not demonstrate that it was “entitled to the protection” provided by the section.
A Meta spokesperson pushed back on this ruling, stating:
“This ruling is procedural and doesn’t address the merits of the case. We are confident the evidence will show our longstanding commitment to supporting young people.”
APR 10, 2026 | Source: The Hill
EU weighing tighter restrictions on OpenAI.
What: The EU is considering reclassifying ChatGPT to have it fall under the purview of the region’s Digital Services Act (DSA).
Why: On Friday, the European Commission announced that it was considering reclassifying OpenAI’s ChatGPT as a large online search engine. If the model was reclassified it would then be regulated by the region’s DSA.
In a statement, Commission spokesman Thomas Regnier, commented:
“OpenAI has published user numbers for ChatGPT above the 45 million DSA threshold for designation. The Commission services are currently assessing this information.”
If reclassified, OpenAI would face stricter regulations within the region.
APR 10, 2026 | Source: Reuters
Italian court allows class action lawsuit against Meta to move forward.
What: A Milan court allowed a class action suit against Meta Platforms to move forward.
Why: On Tuesday, a Milan court allowed the CTCU consumer associations’ lawsuit against Meta to move forward. In the suit the plaintiffs are seeking compensation on behalf of the platform’s users who lost control over their personal data from a 2018 data scraping incident. The plaintiffs allege that the incident violated the regional government’s General Data Protection Regulation (GDPR). Reportedly, the incident resulted in around 35 million Italian Facebook users being potentially impacted by the incident.
A Meta spokesperson commented on the development, stating:
“We respectfully disagree with the court’s decision, which is a procedural ruling only and makes no finding that Meta violated any law. We are confident this meritless action will ultimately be dismissed.”
APR 14, 2026 | Source: Reuters