When AI Becomes the Weapon: Why India Is Right to Fear Claude Mythos

The Indian government just issued a banking sector alert over an AI that hasn’t even been publicly released. That should tell you everything.

The Alarm Has Been Sounded

Finance Minister Nirmala Sitharaman chaired a high-level meeting with banks and regulators and delivered an unusually stark warning: Anthropic’s unreleased AI model, Claude Mythos, poses a serious enough threat that Indian banks must take pre-emptive steps to secure IT systems, protect customer data, and guard financial resources against emerging AI-linked threats.

This isn’t a cybersecurity bureaucrat crying wolf. This is the Finance Minister of the world’s fifth-largest economy putting the entire banking sector on alert over a tool that isn’t even available to the public yet. Let that sink in.

What Exactly Is Claude Mythos?

Claude Mythos is an advanced AI model developed by Anthropic, designed to handle complex cybersecurity tasks — identifying software bugs, analysing systems, and even generating exploits.

That last part is where ordinary people stop reading and start panicking — and rightly so.

Anthropic is currently testing the model under a controlled initiative called ‘Project Glasswing’, where only a limited set of vetted organisations are allowed to use it for defensive cybersecurity purposes. Despite this controlled environment, Anthropic has confirmed that unauthorised access was made to the model during testing — reinforcing the nightmare scenario that this level of capability, even when walled off, is already leaking.

Anthropic itself chose not to release Mythos publicly. That’s the company that built it saying: this is too dangerous for open deployment. That is an extraordinary statement from Silicon Valley, where the default posture is “ship it and iterate.”

The Speed Problem No One Is Taking Seriously Enough

Vulnerabilities that once took weeks or months to discover and exploit can now be identified and weaponised in hours. That’s not a future scenario. That’s the present reality with Mythos-class models.

Models like Mythos compress expertise, time, and scale — allowing tasks that once required specialised security researchers to be executed faster, cheaper, and with far more precision.

Think about what this means for Indian banking infrastructure. India processes hundreds of millions of digital transactions daily across UPI, NEFT, IMPS, and core banking systems. These are legacy systems — patched, upgraded, and jury-rigged over decades. They were never built to withstand AI-speed exploitation. A human attacker probing SWIFT vulnerabilities takes months. A Mythos-powered attack takes hours.

A Global Reckoning, Not Just India’s Problem

Regulators in Australia, New Zealand, and the UK have already engaged cybersecurity agencies to assess risks to critical IT infrastructure. The concern everywhere is identical: can existing defences keep pace with AI-generated attacks?

The honest answer is no — not without equally powerful defensive AI. Experts now describe the future of cybersecurity as “AI versus AI” — a race between systems designed to exploit vulnerabilities and those built to defend against them.

India has no serious AI-native cybersecurity infrastructure at the national level. CERT-In operates largely on human-speed response cycles. That gap is now existential.

The Bottom Line

The Indian government is not being alarmist. It is, for once, being appropriately early. Claude Mythos represents the first documented case of an AI model so dangerous that its own creators refused to release it — and governments are still scrambling to respond before it escapes controlled testing entirely.

The question isn’t whether AI-powered cyberattacks on Indian banks will happen. The question is whether India will build its defences before the first strike lands.

The window is closing. Fast.

Comments

comments