Founded in 2008 · Built for AP professionals · Community-led · Practical guidance, not sales fluff
Accounts Payable Professionals Group

The practical hub for Accounts Payable work, careers, and community

Popular topics: AP automation, fraud controls, close process, vendor management, career moves  |  What APPG is about →
AP News Leadership
APPG appoints Mariann Ruhno as Chief Education Officer. The Accounts Payable Professionals Group has announced Mariann Ruhno as Chief Education Officer, where she will help guide future APPG courses, certifications, and educational resources for AP professionals. Read the APPG announcement →
AP News NACHA fraud monitoring Phase 2 is in effect as of June 22, 2026. Volume thresholds are gone — all non-consumer Originators, TPSPs, and TPSs must now monitor for fraud, and all RDFIs must screen incoming credits. Read the APPG update → | Official NACHA summary →
Start here
Join the LinkedIn Group Newsletter Signup Browse AP Jobs
No spam. Just practical AP content.

Thursday, July 9, 2026

NACHA Fraud Monitoring Deadline

AP News | Controls & Risk

The NACHA Deadline You Already Missed

A new rule changed how AP teams have to fight ACH payment fraud. It is already in effect. If your team sends or collects ACH payments, it may now apply to you, no matter how small your volume is.

By Robert Ruhno, Executive Director, Accounts Payable Professionals Group (APPG)
Last reviewed: July 9, 2026

Abstract impressionist image representing ACH fraud monitoring, payment protection, bank controls, and vendor payment risk

Here is the part most accounts payable teams have not caught yet: a major NACHA fraud monitoring rule is now in effect for smaller-volume ACH participants too.

The formal effective date for NACHA's Phase 2 fraud monitoring rule was June 19, 2026. Because June 19 was a federal holiday, NACHA's summary of upcoming rule changes lists the operational date as June 22, 2026.

If your team has not built anything for it yet, you are behind. The good news is that catching up is doable, and this article walks through the issue in plain AP terms.

First, what is NACHA, and why should AP care?

NACHA writes the rules for the ACH Network. ACH stands for Automated Clearing House. It is the system that moves many electronic payments between U.S. bank accounts, including direct deposit, vendor payments, and bill pay.

A few terms you will see below:

  • Originator: The party that starts a payment. If your company sends ACH payments, your company may be an originator.
  • ODFI: Originating Depository Financial Institution. This is usually your bank, the one that pushes the payment into the ACH Network.
  • RDFI: Receiving Depository Financial Institution. This is the receiving bank, such as the vendor's bank.
  • Third-Party Sender (TPS) or Third-Party Service Provider (TPSP): A company that handles ACH activity on your behalf, such as a payment processor or AP automation provider.

If your team pays vendors or collects money by ACH, you are part of this risk environment. The new rule makes fraud monitoring harder to ignore.

What actually changed

The change is part of NACHA's larger Risk Management package. It rolled out in two phases.

Phase 1, March 20, 2026: Applied to all ODFIs, plus non-consumer Originators, Third-Party Senders, and Third-Party Service Providers whose 2023 ACH volume exceeded 6 million entries.

Phase 2, June 22, 2026: The volume threshold is gone. Now all other non-consumer Originators, TPSPs, and TPSs must comply with the fraud monitoring rules, regardless of origination or transmission volume.

That second line is the one that catches teams off guard. Many AP departments assumed the rule was only for banks, giant processors, and high-volume ACH users. It is not that narrow anymore.

You can read NACHA's official Phase 2 rule summary here: NACHA Risk Management Topics, Fraud Monitoring Phase 2.

What the rule asks you to do

The rule does not hand AP teams one exact software tool or one exact checklist. Instead, it requires risk-based processes and procedures reasonably intended to identify ACH payments that may have been initiated because of fraud.

Two phrases matter:

  • Risk-based means you put more effort where the risk is higher and less where it is lower. You do not have to treat a $50 payment the same way you treat a $500,000 payment.
  • Technology-neutral means you choose the method. NACHA references approaches such as velocity checks, anomaly detection, pattern recognition, and behavioral tolerances.

In plain AP terms, you need a written, repeatable way to spot a payment that looks wrong before it goes out the door.

Meet false pretenses, the scam this rule is really about

NACHA added a named fraud type called false pretenses. This is a payment that appears authorized, but only because someone lied about who they were, what authority they had, or which account should receive the money.

For AP teams, the most familiar version is the vendor bank-change scam. A real supplier's payment details get swapped by an imposter. Everything looks normal, so the payment is approved, and the money lands in a criminal's account.

This is a form of credit-push fraud. The payer is tricked into pushing money out voluntarily. Your job now is to have a documented process that helps catch that lie before the payment is released.

The controls examiners will expect to see

You have some freedom in how you comply, but these are the controls your bank, auditors, and internal reviewers are likely to ask about:

  1. Dual control. Two people, not one, should release higher-risk payments. A fraudster may fool one person. Fooling two is harder.
  2. Account validation. Confirm that a vendor's bank account is real and open before you pay it, and re-check when the details change.
  3. Out-of-band verification. When a vendor asks to change bank details, confirm it using contact information you already have on file, through a different channel. Call a known number. Do not use the phone number or email address included in the change request.
  4. Multi-factor authentication. Require a second step beyond a password to access payment systems. An authentication app or physical token is usually stronger than a texted code.
  5. Written procedures and review. You need documented procedures, not just good habits. Plan to review them at least once a year, and whenever your payment process changes.

The hard truth about who pays

This is the first time fraud monitoring obligations have been expanded this broadly to non-consumer ACH Originators and related third parties. Before this package, fraud detection requirements were more limited, such as certain WEB debits and Micro-Entries.

Here is the part that stings for AP teams: these rules do not automatically shift the loss to your bank when your company is tricked into sending money to a criminal. In many credit-push fraud situations, the payer may still bear the loss.

That is why the controls above are not just compliance work. They are practical loss-prevention work.

One more change to keep on your radar

The Same Day ACH limit is scheduled to increase from $1 million to $10 million per payment on September 17, 2027.

That change is not here yet, but AP teams should pay attention now. Bigger payments moving faster can be useful for cash management, invoice payments, payroll funding, and tax payments. It also raises the stakes because faster money is harder to recover if a fraudulent payment slips through.

NACHA's official Same Day ACH rule update is available here: Increasing the Same Day ACH Dollar Limit to $10 Million.

Your 10-minute gut check

Run through these questions with your AP, Treasury, and Finance teams this week:

  • Do we send or collect any ACH payments?
  • Do we have a written fraud-monitoring procedure?
  • Does every vendor bank-change request get an out-of-band callback?
  • Do two people release high-value or higher-risk payments?
  • Do we validate new vendor bank accounts before the first payment?
  • Do we re-check vendor bank accounts when payment details change?
  • When did we last review these steps?

APPG takeaway: If your team cannot point to a real, written, risk-based ACH fraud monitoring process today, that is this week's project. Start with vendor bank-change callbacks. It is one of the cheapest controls to add, and it can stop one of the most expensive fraud losses AP teams face.

Bottom line

The deadline is not coming. It is here.

The rule does not expect perfection. It expects a real, documented, risk-based process. If your team cannot show one today, start with the highest-risk step first: vendor bank-account changes.

Call the vendor using known contact information already on file. Document the verification. Require a second person for higher-risk changes and higher-value releases. Then build the rest of your monitoring process around that foundation.

Official sources

Editorial Note: This article was developed with the assistance of artificial intelligence and edited, reviewed, and approved by Robert Ruhno, Executive Director of the Accounts Payable Professionals Group (APPG).

Headshot of Robert Ruhno, Executive Director of APPG
APPG Contributor
Robert Ruhno
Executive Director, Accounts Payable Professionals Group
Accounts Payable Professionals Group logo

Practical AP reporting, controls guidance, automation coverage, and career support for the accounts payable community.

Back to top ↑

Sunday, July 5, 2026

APPG Appoints Mariann Ruhno as Chief Education Officer

APPG Leadership Announcement

APPG Appoints Mariann Ruhno as Chief Education Officer

The Accounts Payable Professionals Group is proud to announce that Mariann Ruhno has been appointed Chief Education Officer, effective June 29, 2026.

APPG announces Mariann Ruhno as Chief Education Officer

Mariann is already a valued member of APPG. Over the past year, she has served on our Board of Advisers, bringing her experience as an award-winning educator and her passion for learning, mentorship, and professional development to our growing community.

In this expanded leadership role, Mariann will help guide the development of formalized courses, professional certifications, and educational resources created specifically for accounts payable professionals at every stage of their careers.

Building a Stronger Learning Path for AP Professionals

Accounts payable is changing quickly. AP professionals are being asked to understand automation, internal controls, vendor management, fraud prevention, compliance, reporting, communication, and leadership.

At the same time, many AP professionals are looking for clearer career paths, better training, and more practical resources created by people who understand the work.

Mariann’s background in education makes her especially well suited for this role. Her focus will be on helping APPG turn practical AP knowledge into learning experiences that are useful, understandable, and connected to the real challenges AP professionals face every day.

What Comes Next

As Chief Education Officer, Mariann will help APPG build toward a stronger educational foundation for the profession. This includes future courses, certification pathways, member learning resources, and professional development programs designed to support both new and experienced AP professionals.

Please join us in congratulating Mariann on this well-deserved next chapter.

We are excited for the impact she will have on APPG, our members, and the accounts payable profession.

Headshot of Robert Ruhno, Executive Director of APPG

Robert Ruhno

Executive Director

Accounts Payable Professionals Group

Back to top ↑

Wednesday, June 17, 2026

Stewardship Foundation of Accounts Payable

Stewardship in Accounts Payable illustration showing invoices, a compass, and principles such as accuracy, integrity, accountability, diligence, and transparency

Stewardship: The Real Foundation of Accounts Payable

Long before accounting standards, ERP systems, and internal controls, societies relied on trusted individuals to collect, record, and safeguard financial resources. Tax collection in the Roman world required accountability, recordkeeping, and the management of financial obligations.

One such figure was Saint Matthew, who worked within the Roman taxation system before becoming one of the twelve apostles. Today he is remembered as the patron saint of accountants, bookkeepers, and financial record keepers. His role required documentation, judgment, and accountability. The core responsibility was stewardship.

Stewardship predates accounting standards, regulatory bodies, and enterprise systems. It is the disciplined management of resources that do not belong to you. Accounts payable operates under the same principle.

I have spent over 20 years in AP across insurance, tax, finance, media, and energy. Stewardship is the foundation that holds everything together. Here is what it looks like in practice.

What Stewardship Really Means in AP

When you work in Accounts Payable, you manage money, vendor relationships, and financial records on behalf of the company, its employees, its owners, and sometimes its customers.

A steward takes ownership. You treat every invoice as if your own money were on the line. You ask the hard questions. You make sure the right person approves it. You watch for anything that does not look right.

This is a big responsibility. A single mistake or a fraud that slips through can delay payroll, leave vendors unpaid, or hurt cash flow. I have watched small problems snowball into big ones when someone treated AP like a routine task instead of a sacred trust.

Stewardship shows up in daily habits:

  • Keep your vendor master file clean and accurate.
  • Insist on proper supporting documents before payment.
  • Separate duties so one person cannot both approve and pay.
  • Question anything unusual, even if it comes from someone important.

When AP works this way, people start to see the department differently. Instead of being viewed only as the bill payers, AP becomes one of the guardians of the company’s financial health.

Why It Matters More Than Ever

Fast payments and automated systems create pressure to move quicker. That speed helps when done right, but it also opens doors for mistakes and fraud. A steward slows down just enough to do things correctly.

Every invoice approval is a decision that affects cash flow, profitability, and sometimes jobs. Strong AP teams understand this. They run tight processes, train people on why controls matter, and celebrate catches before they cost money.

Actionable Steps to Build a Stewardship Mindset

  1. Start each day with a quick review of what is coming due. Know where the money is going.
  2. Document everything so the next person can follow the trail.
  3. Ask questions when something feels off. Better to look foolish for a minute than pay a bad invoice.
  4. Train your team that accuracy beats speed every time.
  5. Celebrate the wins when someone catches a duplicate or stops a risky payment.

Core Principles That Guide Strong Stewardship

  • Accuracy first. Every entry feeds reports, taxes, and decisions.
  • Transparency. Make records easy to follow.
  • Accountability. Own your part and hold others to the same standard.
  • Diligence. Check details even on busy days.
  • Integrity. Do the right thing even when no one is watching.

Apply these principles consistently and AP builds trust with leadership, vendors, and other departments.

Avoid These Common Pitfalls

  • Rushing approvals just to clear the queue.
  • Weak vendor master file controls.
  • Over-reliance on automation without human judgment.
  • Poor separation of duties.
  • Ignoring small red flags.

Fix them with simple checklists and regular reviews. I have seen teams cut errors in half with one extra verification step on high-risk items.

Practical Tools and Practices

You do not need fancy software to begin. Focus on solid basics:

  • Use positive pay or bank validation services.
  • Run regular vendor statement reconciliations.
  • Set up approval workflows with clear dollar thresholds.
  • Maintain a living procedures manual everyone can access.
  • Schedule monthly close reviews focused on exceptions.

Using simple tools consistently frees you to focus on the issues that require judgment.

Leading with Stewardship

Stewardship begins with the example you set. Share successes in meetings. Build the concept into job descriptions and performance reviews. Cross-train team members, collaborate across departments, and revisit processes as the business evolves.

Teams that embrace this mindset become more confident and effective. They catch problems early and bring forward better ideas.

This is the opening section from Book One of The AP Bible. Stewardship is the foundation everything else builds on.

Technology will continue to evolve. Processes will change. Automation will accelerate. Yet the most important control in any Accounts Payable department remains the same: people who understand they are entrusted with resources that belong to others.

Stewardship is where great AP begins.

If you are leading an AP team or working in the trenches, start here. What are your biggest stewardship challenges right now? Drop a comment below. I read them and we can tackle them together.

Stay tuned for more excerpts as the book comes together.

Headshot of Robert Ruhno, Executive Director of APPG

Robert Ruhno

Executive Director

Accounts Payable Professionals Group

Back to top ↑

Sunday, May 24, 2026

Two AP Fraud Cases That Expose Dangerous Internal Control Gaps

Two AP Fraud Cases That Expose Dangerous Internal Control Gaps

Years ago, we shared the story of an accounts payable clerk who was sentenced to 7 years in prison for embezzling $545,000 from a New Jersey auto dealership. It served as a stark reminder of how vulnerable an organization becomes when internal controls lapse.

Illustration of an accounts payable fraud investigation with internal control warning elements

To this day, the core risk factors remain exactly the same. Accounts payable professionals continue to find themselves on the front lines of defense against occupational fraud. Here are two recent high-profile federal cases that demonstrate why robust internal audit tracks and rigid segregation of duties are non-negotiable in any finance department:

Case #1: The $24 Million Casino AP Manager

An Accounts Payable Manager for Muscogee Nation Gaming Enterprises LLC in Oklahoma exploited top-tier AP authority to systematically siphon off more than $24 million. By altering company records and falsifying documents, the individual bypassed standard operational tracking. In October 2025, the former AP manager was sentenced to nearly 8 years in federal prison and ordered to pay millions in restitution to the former employer and the IRS.

Key Vulnerability: Lack of regular external transaction reconciliation and concentrated systemic oversight permissions.

Case #2: The Vendor Payment Manipulation

A former Accounts Payable Clerk for Décor Craft, Inc. in Rhode Island abused access to company bank codes intended for legitimate vendor wire transfers. Instead of paying suppliers, the employee rerouted partial or full balances into personal bank accounts to pay off personal creditors, manually altering the ledger to falsely show complete fulfillment. The former clerk was sentenced to 18 months in federal prison and ordered to pay over $302,000 in restitution.

Key Vulnerability: Allowing the same individual who initiates online bank wire transfers to also edit internal ledger records.

The Accounts Payable Takeaway

Whether it is a $300,000 small-business loss or a multi-million-dollar corporate exploit, the failure points are consistent: unmonitored ledger control and dual authorization gaps. To safeguard your organization, ensure that the employee inputting the invoice is never the individual releasing the wire or reconciling the end-of-month bank statement.

Editorial Note: This article was developed with the assistance of artificial intelligence and edited, reviewed, and approved by Robert Ruhno, Executive Director of the Accounts Payable Professionals Group (APPG).


Headshot of Robert Ruhno, Executive Director of APPG
Robert Ruhno
Executive Director
APPG
AP Professionals logo
🟥 LinkedIn
🟧 X
🟨 Instagram

Back to top ↑

Thursday, May 21, 2026

Accounts Payable Office Health Risks

Skip to main content
Workplace Health and Accounts Payable

Accounts Payable and the Modern Office: The Health Risks Nobody Talks About

By Robert Ruhno, Executive Director, Accounts Payable Professionals Group

Modern Accounts Payable office scene showing a standing desk, expense reports, nitrile gloves, coffee cup, and article title about workplace health risks.

Most Accounts Payable professionals spend their careers focused on financial controls, fraud prevention, reconciliations, audit trails, and operational discipline. We are trained to identify risks before they become expensive problems.

Far fewer people stop to consider the long-term health risks built into the modern office itself.

Many AP professionals spend decades sitting under artificial lighting, processing paper, handling receipts, eating at their desks, and working through close cycles with very little movement. Over time, those patterns begin to add up.

The modern office has changed dramatically over the last 30 years. We now live in a world filled with plastics, thermal papers, sedentary workflows, remote work isolation, convenience packaging, and repetitive computer-based tasks. Researchers and health professionals have started asking whether these patterns may contribute to long-term health concerns, especially when repeated daily over the course of a 20- or 30-year career.

Many of these risks may be reduced through awareness and better workplace habits.

The Sedentary Nature of AP Work

Invoice processing, ERP navigation, reconciliations, approval routing, reporting, three-way matching, and month-end close activities often require AP professionals to remain seated for long periods of time.

Hybrid and remote work may intensify this. Many people no longer walk to meetings, commute through office buildings, or naturally move throughout the day the way they once did.

Research continues to associate prolonged sedentary behavior with increased risks involving circulation, cardiovascular health, metabolic issues, fatigue, posture problems, and other health concerns. Some researchers now describe prolonged sitting as an independent health risk, even among individuals who otherwise exercise regularly.

A standing desk is not the same thing as walking, stretching, or moving naturally throughout the day. Still, alternating between sitting and standing may be considerably better than remaining seated continuously during long close cycles or reconciliation sessions.

The goal is not to stand all day. The real objective may be reducing long uninterrupted periods in the same posture.

Practical Ideas for AP Professionals

  • Alternate between sitting and standing throughout the day.
  • Take short walking breaks during approval delays or long processing sessions.
  • Pace during phone calls or Teams meetings.
  • Use smartwatch or calendar reminders for movement.
  • Consider under-desk pedals or treadmill workstations.
  • Build short reset walks into month-end close routines.

Thermal Paper Receipts and BPA Exposure

This is one area where AP professionals may face exposures that many office workers rarely think about.

Receipts, expense reports, mailed invoices, retail transaction records, and thermal paper documents are common throughout finance and accounting environments. Studies have examined BPA and BPS chemicals used in some thermal papers, with researchers noting that these compounds may transfer through skin contact during handling.

My personal recommendation: If I were regularly handling large volumes of thermal receipts or mailed documents every day, I would absolutely use proper nitrile gloves during batch processing tasks. The research surrounding thermal paper exposure is serious enough that I believe the precaution is justified, particularly over a long career in accounting or finance.

Research involving receipt handling has shown that nitrile gloves may significantly reduce BPA exposure during prolonged contact with thermal paper.

This becomes even more relevant in AP environments where professionals may process:

  • Mailed receipts.
  • Expense reports.
  • Shipping documents.
  • Point-of-sale records.
  • Stacks of invoices during close periods.

Researchers have also noted that lotions, oils, or hand sanitizers may increase skin absorption during receipt handling.

Practical Ideas for AP Professionals

  • Keep disposable nitrile gloves available for heavy receipt-handling tasks.
  • Prioritize digital receipts and paperless workflows when practical.
  • Wash hands thoroughly after handling thermal paper.
  • Avoid applying sanitizer or lotion immediately before processing receipts.
  • Reduce unnecessary physical document handling where possible.

Office Kitchens, Plastics, and Convenience Culture

Close week culture often creates unhealthy office habits.

Many AP professionals know the routine:

  • Rushed lunches.
  • Reheated coffee.
  • Eating at the desk.
  • Microwaving food in plastic containers.
  • Relying heavily on convenience foods during deadlines.

Researchers continue studying endocrine-disrupting chemicals such as BPA, BPS, phthalates, and PFAS compounds found in plastics, food packaging materials, thermal papers, and non-stick coatings.

The issue is less about one plastic container or one receipt. The larger concern may involve cumulative exposure from many small daily sources repeated over decades:

  • Food packaging.
  • Water bottles.
  • Canned linings.
  • Thermal paper.
  • Office kitchen containers.
  • Sedentary work environments.

When practical, I prefer glass or stainless steel for food and beverage storage.

I have also worked in offices that intentionally used glass water cooler bottles instead of plastic ones. They were heavier, more expensive, and less convenient to handle, but the reasoning was straightforward: glass does not rely on bisphenol-based plastics or plasticizers used in many synthetic materials.

To be fair, even many glass cooler systems still use plastic caps or components similar to standard office water systems. Modern life makes avoiding plastics entirely difficult. The more realistic goal may be reducing unnecessary exposure where practical.

Practical Ideas for AP Professionals

  • Use glass or stainless steel containers for reheating food.
  • Avoid microwaving heavily worn plastic containers.
  • Consider stainless steel or ceramic mugs for hot beverages.
  • Stay hydrated during long close cycles.
  • Reduce reliance on highly processed convenience foods during busy periods.
  • Use fresh air and short outdoor breaks whenever possible.

The Remote Work Paradox

Remote work has brought major benefits to many AP professionals, including flexibility, reduced commuting stress, and better work-life balance.

At the same time, remote work may unintentionally increase sedentary behavior even further.

Many remote workers now spend entire days:

  • Sitting at the same workstation.
  • Eating lunch at the desk.
  • Attending back-to-back virtual meetings.
  • Moving only short distances throughout the day.

Those small movements that once existed naturally in office environments often disappear completely at home.

Practical Ideas for Remote AP Teams

  • Create a dedicated workspace separate from eating or sleeping areas.
  • Schedule intentional movement breaks throughout the day.
  • Take short walks before or after work to simulate a commute.
  • Maximize natural lighting when possible.
  • Use ergonomic seating and monitor positioning.
  • Stand during lower-intensity meetings or document review sessions.

A Professional Sustainability Mindset

Accounts Payable professionals are trained to think in terms of long-term controls, risk mitigation, operational consistency, and sustainability.

That mindset may also apply to workplace health.

The goal is not perfection, fear, or eliminating every possible exposure from modern life. That would be nearly impossible.

The more realistic objective may be reducing avoidable risks where practical:

  • Moving more frequently.
  • Reducing prolonged sitting.
  • Minimizing unnecessary receipt handling.
  • Improving food storage habits.
  • Creating healthier daily work routines.

Small improvements repeated consistently over decades may matter far more than most people realize.

Quick-Start Checklist for AP Professionals

  • Alternate between sitting and standing throughout the workday.
  • Take movement breaks during long processing sessions.
  • Use nitrile gloves for heavy receipt-handling tasks.
  • Wash hands after handling thermal paper.
  • Use glass or stainless steel containers when practical.
  • Reduce unnecessary plastic food heating.
  • Build movement into month-end close routines.
  • Optimize remote work ergonomics and lighting.
  • Prioritize digital workflows whenever possible.

Accounts Payable professionals spend their careers protecting organizations from operational and financial risk.

It may be time for the profession to think more seriously about protecting its people as well.

Note: This article discusses general workplace wellness concepts and emerging research surrounding sedentary behavior and environmental exposures. Readers should consult qualified healthcare professionals regarding individual medical concerns or occupational health decisions.

Selected Sources and Further Reading


Headshot of Robert Ruhno, Executive Director of APPG
Robert Ruhno
Executive Director
APPG
AP Professionals logo
🟥 LinkedIn
🟧 X
🟨 Instagram

Back to top ↑

Saturday, April 11, 2026

Anthropic Mythos Ai Cyber Risk Banks AP

Skip to article body
Controls & Risk

Anthropic Mythos and the New AI Cyber Risk Facing Banks and Accounts Payable

Anthropic’s new Mythos model is raising serious concern in banking and cybersecurity circles. Here is what Accounts Payable professionals should understand, without the hype.

By Robert Ruhno
Executive Director, Accounts Payable Professionals Group
Updated: April 11, 2026 (Includes official sourcing, banking sector implications, and AP control considerations)
AI cyber risks impacting accounts payable workflows, banking systems, and payment infrastructure
Illustration: AI-driven cybersecurity risks across banking and Accounts Payable systems.
Timeline
April 7, 2026
Anthropic announces Project Glasswing and introduces Claude Mythos Preview.
April 10, 2026
Reuters reports that Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell warned major bank CEOs about risks tied to Anthropic’s new model.
April 11, 2026
Accounts Payable professionals begin assessing what this could mean for payment systems, vendor workflows, and control design.

There are moments when technology improves gradually, and then there are moments when it changes the rules of the game.

This appears to be one of those moments.

Anthropic has introduced a new model called Claude Mythos Preview as part of its Project Glasswing initiative. According to Anthropic and its related security materials, Mythos is unusually capable at computer security tasks, including identifying serious software vulnerabilities. In internal testing, Anthropic indicated the model identified thousands of previously unknown vulnerabilities across widely used software systems, which is one reason the company is limiting access rather than releasing it broadly.

Anthropic says Glasswing launch partners include Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks.

That should matter to Accounts Payable professionals, because AP sits directly on top of the systems that move money.

Why this matters:
AP teams may not manage cybersecurity directly, but they depend on banking portals, ERP systems, payment integrations, browsers, cloud apps, vendor portals, and approval workflows. If those systems become easier to attack, AP becomes part of the blast radius.

What makes this different

Cyber threats are not new. Software vulnerabilities are not new. What appears to be changing is the speed, the scale, and the automation.

Traditionally, finding a major vulnerability required time, specialized expertise, and often a lot of patience. Exploiting one also required real technical skill.

AI changes that equation.

If a model can rapidly inspect code, reason through system behavior, identify weaknesses, and help generate exploit paths, the window between discovery and attack can shrink dramatically.

That is the real issue here. It is not just that vulnerabilities exist. It is that the time available to fix them may be getting shorter.

“This is not necessarily a panic-now event. But it is a real warning sign.”

Why banks are on alert

Reuters reported that Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell warned major bank CEOs about cybersecurity risks linked to Anthropic’s new model. That is a strong signal that this is being taken seriously at the highest levels of the financial system.

That makes sense.

Banking infrastructure depends on a shared technology stack that includes operating systems, browsers, cloud platforms, APIs, authentication layers, internal applications, and third-party software libraries. If powerful AI tools can uncover weaknesses across that stack faster than before, then both banks and the companies that rely on them need to pay close attention.

Operational warning for AP:
Even if your own company is not directly using advanced cybersecurity AI, your AP workflows still depend on vendors, banks, software providers, and browser-based systems that may be affected by this faster threat cycle.

Where Accounts Payable fits into the picture

Accounts Payable is no longer just a back-office paperwork function.

In many organizations, AP now works through a connected ecosystem of systems and data flows.

AP ecosystem at a glance
ERP / Accounting System
Invoice Automation
Vendor Portals
Banking / Treasury Portals
API Integrations
Browser-Based Approval Workflows

That means AP is not just close to money. It is connected to the software layers through which money is approved, released, and recorded.

In practical terms, that makes AP a meaningful target area in any future wave of faster, AI-assisted cyberattacks.

What this could look like in the real world

Let’s bring this down to earth.

If vulnerabilities can be found and exploited faster, AP teams may feel the effect in very concrete ways:

1. Payment workflow compromise

A weakness in a browser session, plugin, or integration layer could potentially be used to interfere with payment approvals or session integrity.

2. Vendor portal manipulation

If a supplier portal has a serious flaw, vendor information could be altered, hidden, or rerouted in ways that standard controls may not immediately catch.

3. API-level risk

Many AP environments rely on integrations between ERP systems, banks, payment platforms, and approval tools. API connections can be efficient, but they also create technical paths that attackers may try to exploit.

4. Faster data theft

Vendor master data, invoice records, banking details, payment histories, and approval logs are all valuable. AI could make it easier for attackers to identify the weakest routes into those datasets.

5. More disruptive ransomware timing

Cybercriminals do not always need to shut down an entire company. They only need to interrupt the right systems at the right time, especially around payroll, month-end, quarter-end, or large payment runs.

What AP teams may notice soon

Most AP professionals are not going to log in one morning and see a message that says, “This happened because of Mythos.”

What you may see instead is:

  • More frequent software patches and security notices
  • New authentication requirements
  • Updated browser or endpoint security policies
  • Temporary downtime for banking or AP platforms
  • Stricter controls around vendor changes and payment releases
  • More questions from auditors, compliance teams, and insurers

In other words, even if the threat feels abstract, the operational consequences may become very concrete.

The good news

There is an important second side to this story.

The same AI capability that could make attacks faster can also help defenders find weaknesses sooner.

That is part of the logic behind Project Glasswing. Anthropic says the initiative is meant to help defenders secure critical software and gain a head start before comparable capabilities become more widespread.

If that effort works as intended, many organizations may benefit indirectly through faster remediation by software vendors, cloud providers, banks, and enterprise platforms.

So this is not a simple doom story. It is a race between defense and offense, and the pace is increasing.

What AP professionals should do right now
  • Do not ignore vendor security bulletins or platform update notices.
  • Review dual approval controls for higher-risk or higher-value payments.
  • Recheck vendor bank change procedures and callback discipline.
  • Limit and separate banking credentials wherever possible.
  • Watch for unusual workflow behavior, not just obvious fraud attempts.
  • Coordinate with IT or security teams if banking portals or AP tools suddenly change login or security behavior.
  • Document your controls, because audit and insurance scrutiny may increase.

Bottom line

This is not necessarily a panic-now event.

But it is a real warning sign.

AI appears to be crossing into a phase where it can materially accelerate both cybersecurity defense and cyber offense. For Accounts Payable, that means the systems behind invoices, approvals, vendor data, and payments are becoming more strategically important, and potentially more exposed.

AP professionals do not need to become cyber experts overnight. But they do need to understand that the old assumption, that security is somebody else’s problem until something breaks, is becoming more dangerous.

If your ERP, AP automation platform, bank portal, or payment workflow starts pushing security updates, stronger controls, or new access requirements in the coming weeks and months, pay attention.

That may be the earliest visible sign that this new phase has already begun.

Robert Ruhno
Executive Director
Accounts Payable Professionals Group
ap-professionals.com
More on this topic:

NACHA Fraud Monitoring Deadline

Back to Home AP News | Controls & Risk The NACHA Deadline You Already Mis...