Mythos’ cutting-edge coding abilities provide an extraordinary potential to identify cybersecurity flaws and create methods to exploit them, raising worries that it may be used to compromise banking systems.
Given this new challenge, banks must considerably boost their IT investments to fortify their systems and minimize vulnerabilities related to cyber threats, Punjab & Sind Bank MD and CEO Swarup Kumar Saha stated in an interview with PTI.
He mentioned that the bank plans to increase its IT expenditure this financial year to tackle the challenges posed by emerging technologies.
Moreover, UCO Bank MD and CEO Ashwani Kumar indicated that the bank’s IT spending will exceed last financial year’s figures, with a significant portion allocated to cybersecurity.
These comments are particularly important after Finance Minister Nirmala Sitharaman urged banks to implement all necessary preemptive actions to secure their IT infrastructures following Mythos’s demonstration of its ability to uncover vulnerabilities in their operating systems and initiate potential cyber attacks.
”Banks in India are now entering a phase where IT expenditure must be viewed as a ’cost of surviving’ rather than merely a ’cost of running’,” said Srinivas L, Joint MD & Joint CEO of 63SATS Cybertech Limited, a subsidiary of 63 Moons Technologies Limited. “Frontier AI systems, especially unreleased models like Anthropic’s Claude Mythos, do not create a new category of risk; instead, they collapse the timelines of all existing categories.”
The gap between the public disclosure of software vulnerabilities and their weaponization has shrunk from 19 days in 2023 to less than 72 hours today. Meanwhile, banks continue to use patching and response strategies tailored for a 2019 threat landscape, which means they are essentially defending against 2026 attacks with outdated protocols, Srinivas remarked, noting that the common response has been to implement more tools.
To address these challenges, the government has established a panel led by SBI Chairman C S Setty to evaluate risks posed by the AI platform Mythos and formulate mitigating strategies.
There will be extensive discussions among banks over the coming weeks to comprehend the threats better and identify areas requiring further investment, Sitharaman mentioned last week.
Mythos has raised significant concerns among regulators, who view it as a noteworthy challenge to the banking sector and its legacy technology frameworks.
Banks and financial institutions are particularly susceptible due to high interconnectedness (payments, markets, clearing systems) and reliance on outdated IT systems operating in real-time.
A single successful cyberattack can rapidly trigger a cascading effect across institutions and markets, as one bank is interconnected with numerous domestic and global entities for inward and outward payments, foreign exchange trading, money market exposure, stock market connections, depositories, and payment gateways, among others.
The pilot launch of Claude Mythos on April 7 generated global concern regarding its hacking capabilities. During tests, Anthropic, the US-based AI firm, discovered that the latest model excelled at cybersecurity and hacking tasks, surpassing human performance.
”Mythos preview has already identified thousands of high-severity vulnerabilities, including some within each major operating system and web browser,” claimed Anthropic.
Anthropic granted access to 12 tech firms via Project Glasswing, which it described as ”an initiative to secure the world’s most crucial software.”
