India Tests Banks and Government Systems as Anthropic Mythos AI Raises Cybersecurity Alarms

Banks, telcos take test to check cybersecurity score

Mumbai: Essential services providers such as banks, telecom operators and power utilities have started stress-testing their codebases to prepare for a potentially broader launch of Anthropic's Mythos model in the next six-seven months. Their concern is over the unprecedented ability attributed to the currently access-restricted artificial intelligence model to discover serious software vulnerabilities, which could enable cyberattacks at scale and potentially cripple critical services. Companies are testing their public-facing assets using existing AI models such as Opus 4.7 and GPT 5.5 and have also asked their suppliers to identify possible gaps, executives and consultants told ET. The Data Security Council of India (DSCI), an industry think-tank under software industry body Nasscom, is helping organisations prepare for the challenge. DSCI launched a sandbox environment that they could use for evaluating generative artificial intelligence models against potential security vulnerabilities and data privacy risks. "Organisations are actively strengthening their cyber hygiene to prepare for AI-driven threats by reducing attack surfaces, adopting micro-segmentation, improving identity and authentication systems," DSCI chief executive Vinayak Godse told ET. Anthropic has stated that it will release the model soon. Experts, who expect it to be available in around six months, say cybercriminals might exploit the vulnerabilities faster than organisations can fix them. They also point to a severe shortage of cybersecurity talent needed to address the fast-evolving threat. Anthropic's latest update on Mythos unveiled last week has alarmed chief information security officers (CISOs) because of the unprecedented speed at which the system is able to identify software vulnerabilities. Mythos has identified 23,019 vulnerabilities in just one month. Only 97 of these have been patched as it takes 14 days on an average for human cybersecurity professionals to fix each bug. "The global cybersecurity landscape is evolving at an unprecedented pace, introducing new and elevated risks," said Srikanth Velamakanni, chief executive at AI services firm Fractal Analytics and chairperson of Nasscom. "Systems like Mythos demonstrate that releasing highly capable models without stringent safety frameworks can pose serious national security threats. However, attempting to simply contain AI development is not a viable long-term solution; we need proactive, collaborative governance," he said. According to researchers, Mythos-capability models from DeepSeek or OpenAI are also expected to hit the market in three to six months. This could overwhelm conventional cybersecurity infrastructure and expose critical national systems across sectors such as banking, telecom, healthcare, cloud infrastructure and energy networks, experts warn. While the risk is growing at a quick pace, a talent gap, especially in markets like India, is causing a major concern for organisations to ensure cyber preparedness. "The scale and velocity at which systems like Mythos can detect vulnerabilities fundamentally change the threat landscape for banks," said the CISO at a large private sector bank. "Earlier, cyberattackers needed weeks or months to identify exploitable weaknesses, now AI models can compress that window into hours." He added that the concern is not discovering vulnerabilities, but the widening gap between detection and remediation. "Banks still rely heavily on manual patch management cycles, legacy infrastructure dependencies and fragmented vendor ecosystems," he said. "If offensive-grade AI capabilities become commoditised over the next few months, the sector could face a situation where attackers are able to weaponise vulnerabilities faster than institutions can fix them." Another CISO with a state-run lender said Indian banks are already operating in an environment with a significant cybersecurity talent shortage. "Security teams were never designed to handle tens of thousands of vulnerability alerts at machine speed. The real risk is alert fatigue and prioritisation failure, where critical vulnerabilities in internet banking, telecom integrations, or third-party fintech systems remain unpatched because security teams are overwhelmed," he said. However, discovering software vulnerabilities does not necessarily mean offenders could cripple the world's digital infrastructure.

Indian government, tech firms running tests for Anthropic's Mythos threat

India is rigorously testing its critical financial and government software for vulnerabilities to Anthropic's powerful Mythos AI. Tech giants Infosys and TCS are involved, while CERT-In examines national infrastructure like Aadhaar. This proactive measure stems from global concerns about Mythos' dual potential for cybersecurity defense and attack. India is undertaking tests of some of its most sensitive public-facing financial and government application software to better understand their vulnerabilities to Anthropic PBC's next-generation Mythos AI model, according to Indian officials familiar with the matter. Indian technology giants Infosys Ltd. and Tata Consultancy Services Ltd. are among companies carrying out the tests of their software for vulnerabilities in a secure environment to Mythos, the officials said, asking not to be identified because the discussions are private. Infosys in particular is looking to devise patches to its widely used Finacle banking software, they said. Separately, India's state-run cybersecurity agency CERT-In is undergoing tests of key digital infrastructure including the Aadhaar national ID program and government login systems, said the officials. The companies, which don't currently have access to Mythos, are using Anthropic's Claude Opus 4.7 AI software to patch vulnerabilities, they said. Infosys and TCS didn't respond to requests for comment. India's Ministry of Electronics and Information Technology didn't respond to a request for comment. Global worries India's risk assessments are the latest sign of unease among governments and corporate boardrooms around the world over Mythos, the powerful AI software developed by Anthropic to root out cybersecurity vulnerabilities, but which has raised global alarm over its own extraordinary ability to power potential cyberattacks. So far, Anthropic has limited access to Mythos to a select few companies including Apple Inc. and JPMorgan Chase & Co., allowing them to use the technology to test their own cyberdefenses under an initiative called Project Glasswing. Governments and other companies around the world have petitioned the US for access to Mythos to help sniff out their own vulnerabilities. India is home to some of the world's biggest software companies that provide numerous back-office functions to banks and tech firms globally, adding urgency to the need to identify cyber-vulnerabilities. At the same time, India under Prime Minister Narendra Modi has undertaken a vast expansion of its digital infrastructure, including working to onboard its 1.4 billion citizens onto its Aadhaar national ID program. Many provide services for both the Indian government and private firms, with Infosys running the country's service-tax system and TCS running its passport system. Infosys's Finacle provides software to financial firms globally. India's central bank has already held multiple rounds of meetings with Indian banks to apprise them of the potential threats from Mythos, said the officials. Last month, India's Finance Minister Nirmala Sitharaman said India was closely monitoring the potential threats posed by Mythos and asked banks to step up vigilance to secure IT systems, safeguard customer data, and protect financial resources. US ocoperation Also last month, Infosys CEO Salil Parekh told analysts that Mythos was "exposing more vulnerabilities than one thought possible previously." He also said it could lead to new opportunities for the company to help clients address vulnerabilities. "We are looking at it both ways," he said. Anthropic has told Indian authorities that it's for the US government to decide if they would like to share the advance Mythos with any company or country, and if so when, according to the Indian officials familiar with the matter. India is seeking access to Mythos in a secure setup preferably based within the country, according to one of the people, with those talks being led by the Ministry of External Affairs engaging with US government officials. New Delhi has identified a facility to test the model with sensitive data and shortlisted sectors and experts to assess its capabilities, the official said. India sees closer cooperation with the US as key to protecting sensitive infrastructure and government networks, while also reducing reliance on rivals such as China, another official said. In an interview last week with Bloomberg News, US Ambassador to India Sergio Gor said Washington was reviewing some of India's requests but declined to provide specifics. "They have requested access to various things, and as a trusted partner, those are some things that we are definitely looking at," he said in a phone interview.

Mythos Myth Spooks India's Banking Sector Into Stress-testing Critical Software Systems

India's IT companies and banks are rushing to stress-test their software for vulnerabilities ever since they heard of Claude Mythos Barely days after Anthropic spooked the world claiming that their latest AI model Claude Mythos was smarter than humans and could become a potential cybersecurity threat, India had sought access through RBI and other agencies. In the absence of any clear response from the folks at Project Glasswing, an initiative previewing Mythos ahead of a broader launch, it looks like both of India's banking sector and IT businesses have started stress-testing critical software systems on their own. This is the crux of a news report from Bloomberg, which was also the agency that reported earlier about India's outreachto Anthropic when the Mythos mystery came on the scene and deepened further with the White House getting into action. The Trump regime that was at loggerheads with Anthropic suddenly invited them home for the sake of national security. It was also around this time that our Raksha Mantri Rajnath Singh likened AI to the mythical demon "Bhasmasur' and highlighted its destructive capabilities in terms of creating deepfakes, generating cybercrime and warfare and powering next generation autonomous weapon systems. It would be tough to talk about only the rosy picture and ignore AI's ability to creating mischief, he had said. Per the Bloomberg report, some of India's biggest banks and IT giants such as TCS and Infosys were stress-testing critical software systems. In fact, officials claimed that banking software and Aadhaar-linked systems to passport and tax platforms, several key digital services were being reviewed for hidden cybersecurity weaknesses. Can't say we didn't expect such a move. Last evening, IBM CEO Arvind Krishna told CNBC that it was Mythos which made them invest a whopping $5 billion into a new cybersecurity offering that targets vulnerabilities in open-source software. "Mythos was the critical triggering factor on this," he said while noting that open-source models are often used by companies because of the price and easy access. Red Hat is also part of the effort that is being dubbed Project Lightwell. Krishna also noted that LLMs were generally known to be "remarkably adept at finding vulnerabilities" and exploiting issues in proprietary and open-source code. Despite Project Glasswing being in the works for some weeks now, there is no clarity around when these companies and Anthropic will decide to announce a strategy on how to respond to Claude Mythos. Meanwhile, closer home, India's cybersecurity agency CERT-in is also testing several key digital infrastructure systems in the country including those of Aadhar, income tax and GST portals etc. In the absence of access to Mythos, these companies are said to be using Claude Opus 4.7 model to identify and patch any vulnerabilities. Maybe, they'd move on to Opus 4.8 that launched yesterday. One can understand India's concern with digital vulnerabilities. More so, given that several of the country's people-facing technology platforms are managed by large IT companies such as Infosys, which handles the GST bit while TCS has access to all activities around making and renewing passports. Even a small vulnerability in these systems could have largescale ramifications. The Bloomberg reports said RBI had already held meetings with banks about the possible risks around cybersecurity and the need for early access to Claude Mythos. Efforts to secure formal access to the new AI model is underway with officials expecting some amount of help from the Trump regime in securing it. The issue, it appears, relates to New Delhi wanting access in a secure setup located in India while Washington hoping that the secure setup remains on US soil.

Anthropic Mythos AI prompts India to review security of banks and government systems

Banks, government, and tech firms are checking for vulnerabilities. India has quietly begun reviewing some of its most important digital systems as concerns grow around the possible impact of more advanced AI tools. The exercise includes testing public-facing software and digital platforms for hidden security gaps before next-generation AI systems become more widely available. Banking networks, government portals, and identity-linked infrastructure are among the areas receiving closer attention. The concern is not only about what future AI models like Anthropic's Mythos may be capable of doing, but whether they could identify and exploit software weaknesses faster than organizations can respond. The move reflects a broader global shift toward preparing digital infrastructure for a new phase of cybersecurity challenges. According to Bloomberg, India's largest banks, government departments, and technology companies have started carrying out internal security reviews to identify possible weaknesses in their key software systems. Government agencies have initiated the investigation ahead of the launch of Mythos, Anthropic's upcoming AI model. Officials familiar with the matter reportedly told Bloomberg that the effort includes testing applications connected to financial services, identity systems, and public platforms. Major Indian IT companies are also said to be involved in these exercises through controlled environments. Infosys is reportedly paying special attention to securing its Finacle banking software platform, which supports financial institutions across several markets. The report claims that government agencies are simultaneously examining whether existing digital systems can withstand more advanced forms of AI-assisted cyber activity. Also read: 1.5 ton vs 2 ton split AC: Which one makes more sense for your home The scrutiny is not limited to the financial sector; India's cybersecurity agency, CERT-In, is also reportedly reviewing its critical digital infrastructure. This includes parts of the core identity ecosystem and government login systems. However, one thing to note is that Anthropic's Mythos itself is not yet available to these organisations. Officials have said that companies are currently using Anthropic's Claude Opus 4.7 model to test, detect, and fix potential security gaps. The Reserve Bank of India has reportedly held meetings with various banks to discuss the possible risks linked to advanced AI systems. In tandem, Finance Minister Nirmala Sitharaman recently asked banks to strengthen cybersecurity readiness and improve the protection of customer data. The report also highlighted that the Indian government is in talks with the US government to seek controlled access to Mythos, with a strong preference for hosting the secure testing infrastructure locally within India. Also read: Govt can ban real money online gaming apps even if it involves skills, orders SC Anthropic designed Mythos to help identify cybersecurity weaknesses in critical software systems, including major operating systems, web browsers, and foundational open-source codebases. However, governments and experts fear the same technology could be misused to expose vulnerabilities or drastically speed up cyberattacks. At the time of writing, access to Mythos remains tightly controlled; only a limited group of organizations, including Apple and JPMorgan Chase, are believed to be testing the technology under Anthropic's Project Glasswing initiative. However, many governments and companies are now seeking controlled access so they can evaluate their own preparedness.