Claude Mythos was introduced by Anthropic on April 8, and since then, leaders, regulators, and financial institutions have been on edge. Consider Mythos an advanced version of ChatGPT, specifically focusing on cybersecurity challenges. According to Anthropic, it can autonomously discover and exploit “zero-day” software vulnerabilities rapidly, having already identified weaknesses in systems like the Linux kernel and popular browsers such as Mozilla Firefox, which are ubiquitous—from smartphones to stock markets, power grids, and payment systems.
For India, with its extensive digital ecosystem encompassing UPI, banking networks, stock exchanges, and essential infrastructures like power and telecom grids, this challenge is not just technical; it’s strategic and systemic.
The nation must now brace itself for an “AI vs AI” cyber landscape, while also ensuring that legacy systems can protect themselves at machine speed, as stated by four financial sector specialists consulted by CNBC-TV18.
Comprehending the Nature of the Threat
Conventional cyber defenses were structured around sequential actions—detect, verify, patch, explains Ramesh Laxminarayanan, Group Head – Infotech and Digital at HDFC Bank. AI models like Mythos disrupt this timeline, identifying and exploiting vulnerabilities almost instantly. A single weakness in a bank’s payment gateway or a power grid can now be exploited before alerts can be triggered.
The threat is non-linear and autonomous, scaling across multiple systems, mapping interconnections, and executing multi-vector attacks in real-time. Anthropic may not have overstated when they stated the model is too powerful for public dissemination. It has provided limited previews to tech giants such as Google, Microsoft, Nvidia, Cisco, and banks like JPMorgan Chase to evaluate systems and address vulnerabilities.
For India’s interconnected digital framework, this poses systemic risks across various sectors, according to Kapil Vaswani from SPARC, an AI and cybersecurity research institution at the Indian Institute of Science.
The New Paradigm: Combatting AI with AI
The essential takeaway is clear: we require AI to counter AI. India’s strategy must evolve from reactive security (addressing issues post-attack) to autonomous defensive AI—systems capable of predicting, identifying, and resolving vulnerabilities on their own.
The Indian government is reportedly making strides in this direction. Discussions are underway with Anthropic and the US government to facilitate Indian companies’ access to Mythos, akin to American firms.
However, Vaswani expresses doubt, suggesting that Anthropic may not extend the same level of access to India as it does to US companies, particularly if exclusivity conditions are enforced.
Nitin Mishra, Executive Director at the National Payments Corporation of India, appeared less alarmed. NPCI is already utilizing AI for fraud detection and code scanning. While he acknowledged the persistent nature of cyber threats, he concurred that tools must evolve into real-time, self-adjusting systems.
Immediate Imperatives: Fortifying the Digital Defense
Echoing Mishra, Laxminarayanan outlined actionable steps companies can implement:
- Adopt continuous patching pipelines to minimize the delay between discovery and action
- Utilize virtual patching, wherein AI-fueled firewalls instantly block attacks while permanent solutions are developed
- Employ Mythos-like tools for benign assessments of legacy systems and open-source code
- Implement “shadow auditing” with autonomous AI auditors
- Adopt zero-trust architectures—assume breaches and isolate each node
- Use micro-segmentation to keep attacks contained within limited domains
- Integrate hardware roots of trust (TPMs) in key infrastructure
- Invest in white-box cryptography to safeguard encryption keys from AI-level threats
Invest in People
In addition to tools, experts stress the urgent need for India to address its cybersecurity talent deficit. Mythos is merely the beginning. Traditional security skills are insufficient; educational programs across IITs, NITs, and management institutes must encompass security engineering, AI ethics, and system robustness.
Vaswani contends that India must also lessen its reliance on foreign cybersecurity technology by bolstering domestic AI tools, open-source platforms, and sovereign cryptographic standards.
Collaborative Approaches, PPP Models
AI models like Mythos have implications beyond finance, affecting sectors like energy, aviation, and railway signaling. Nandkumar Saravade, a former IPS officer and founding CEO of RBI’s IT division ReBIT, advocates for industry-specific cyber defense initiatives and enhanced knowledge sharing across sectors.
The finance ministry has already directed banks to exchange attack and defense information with CERT-In, the national nodal agency under MeitY.
Saravade proposes a blend of strategies—individual, sectoral, and government-led—tailored to specific industries. Critical sectors such as energy and telecom may benefit from public-private partnership frameworks similar to NPCI.
China is actively exploring “AI governance sandboxes” where autonomous systems undergo evaluation before deployment. India could consider a similar strategy, especially for its defense and financial systems.
Ultimately, Saravade emphasizes the importance of raising cyber risk discussions to the boardroom level across all enterprises.
Upholding Sovereignty; Nurturing Talent
The emergence of Mythos serves as India’s wake-up call. Just as the nation developed UPI into a robust, low-cost national payments infrastructure, it must urgently tackle the AI challenge with innovation.
Intensive courses across IITs, NITs, and IIMs focused on AI-integrated cybersecurity could cultivate a skilled, continually evolving workforce.
The era of human-speed cybersecurity has ended. The cyber battles of the future will be fought—and won—by AI.
