Home  »  News 2026  »  India buckles up for Mythos AI’s double-edged weapon
The Hindu Businessline

India buckles up for Mythos AI’s double-edged weapon

Cybersecurity experts caution Mythos AI isn’t a magic wand against all vulnerabilities

anthropics-mythos-ai-indusface

In a situation reminiscent of a Spider-Man movie, where Dr Octavius’ fusion reactor makes the audience skip a beat, Anthropic’s Claude Mythos is giving sleepless nights to sectors including government, banking, financial services and retail. Is it a breakthrough to celebrate, given its ability to identify and address vulnerabilities automatically, or a Frankenstein’s monster that could land in the wrong hands?

While IT major Cognizant sees a huge opportunity in Mythos, others have called for a cautious approach. Claude Mythos AI is a model that can discover vulnerabilities at scale and speed that the world has not seen so far.

A senior executive at a private sector bank envisaged a “digital robbery” scenario with Claude Mythos AI, in which a bank may not even understand how a cyber-attack is unfolding, while cyber attackers already know how to bypass defences.

Risk Analysis

S Krishnan, Secretary, Ministry of Electronics and Information Technology (MeitY), said that the government was talking to Anthropic about the concerns over Mythos, terming it a real threat. While banks and financial services companies have stepped up their vigilance, cyber-security companies have cautioned that Mythos is no magic wand, noting that AI can’t solve the multi-layered, nuanced networks within an organisation.

“The concerns have led to a lot of discussions within the government. The government is speaking to Anthropic. Meanwhile, the CERT-In (Computer Emergency Response Team India) has put out a set of guidelines and an advisory on how this particular issue needs to be handled,” he said.

The government recently set up a committee under State Bank of India (SBI) Chairman C S Setty to assess the risks posed by Mythos and suggest steps to counter the threat.

Ravi Kumar, CEO of Cognizant, recently said that the goal with leveraging Mythos must not be just discovering vulnerabilities at machine speed, but reinforcing it with remediation and refactoring at the same machine speed. “We see this as a huge opportunity and are very active in the market,” he said.

Testing Vulnerabilities

Organisations across sectors, government agencies, regulators and cybersecurity companies themselves have woken up to the reality and begun to brainstorm the pros and cons of the new tool, as well as ways to address the challenge.

Banks have asked the vendors who set up the core banking solution (CBS) platform for them to conduct vulnerability stress-testing and address potential breaches, said a senior executive with a public sector bank. (CBS automates banking processes by networking branches to provide real-time services.)

Further, the Indian Financial Network (INFINET), the communication backbone of the Indian banking and financial sector, will also be stress-tested for susceptibility to cyber-security breaches.

Meaningful Step

Critical payment system applications such as Real Time Gross Settlement (RTGS), National Electronic Funds Transfer (NEFT) and RBI’s e-Kuber run on this network.

“Mythos can identify vulnerability in an organisation’s IT systems, which humans could not detect even after so many years. It can also read all source code and executable files, and zero in on vulnerabilities. So, it can identify multiple vulnerabilities at various levels and how they can be exploited,” a banking executive said.

Terming Mythos a meaningful step forward, Ashish Tandon, Founder and CEO of Indusface, said that it is no panacea. Asked why we can’t use Mythos to create networks without vulnerabilities, he said that a scanner finds bugs in code, but most vulnerabilities do not live there.

“They live in how systems are stitched together, in dependencies you do not own, in legacy stacks no one wants to touch, and in the gap between when something is found and when it gets fixed. No tool closes all of that,” he pointed out.

“Modern applications are built on hundreds of open-source libraries and third-party components. A vulnerability up the chain becomes your vulnerability, and you do not control the patch cycle,” he explained.

Machine-paced Attacks

JP Mishra, CEO and Co-Founder of Deep Algorithm, felt that Mythos AI would undoubtedly cause considerable disruption, as it would enable cyber-attacks to become machine-paced rather than human-paced.

“Even if the system built using Mythos eliminates existing risks, subsequent updates might reintroduce them. Secondly, security is relative. What is safe for one system may be unsafe for another due to different factors, such as integrations or user habits,” he said.

In banking/BFSI, legacy infrastructure represents the most challenging aspect for implementing cybersecurity.

Pankit Desai, CEO and Co-Founder, Sequretek, says that Mythos surfaces vulnerabilities. It does not eliminate them. “That distinction matters enormously. These are OEM-level problems that end-user organisations cannot unilaterally fix,” he said.

Sanjay Katkar, Joint Managing Director at Quick Heal, said that the Reserve Bank of India’s assessment of risks around advanced AI models such as Anthropic’s Claude Mythos reflects a critical inflection point in cybersecurity.

“These systems are not just analytical tools; they have demonstrated the capability to identify and potentially exploit software vulnerabilities at a speed and scale that far exceeds traditional threat actors,” he said.

More Scalable

Parag Khurana, Country Manager for India, Barracuda Networks, felt that the AI capabilities introduced by Mythos aren’t new; they’re just faster and more scalable.

“Advances in AI models accelerate AI‑enabled threats and compress the time between vulnerability discovery and exploitation. This is a reality many cybersecurity organisations have been preparing for,” he said.

Pravin Kaushal, Director at Mrikal (a data capability solutions company), said that the implications of Mythos extended beyond private companies.

“Governments rely on complex digital systems for critical functions such as finance, healthcare, infrastructure and national security. If these systems contain undiscovered vulnerabilities, the risks are significant,” he said.

Jaspreet Bindra, Co-founder and CEO, AI & Beyond, said, “The fears around ‘Mythos’ are often misplaced—the real risk is not hypothetical superintelligence, but the rapid deployment of AI into systems that are not yet ready for it.”

“As we move from assistive tools to more agentic AI, the disruption will be structural, particularly impacting entry-level roles and traditional learning pathways. The response cannot be regulation alone; it must include AI literacy at scale, reimagined education, and strong public digital infrastructure.”

With inputs from S Ronendra Singh in New Delhi, Rohan Das in Chennai and Sanjana B in Bengaluru.

Read More…

Indusface
Indusface

Indusface is a leading application security SaaS company that secures critical Web, Mobile, and API applications of 5000+ global customers using its award-winning fully managed platform that integrates web application scanner, web application firewall, DDoS & BOT Mitigation, CDN, and threat intelligence engine.

Join 47000+ Security Leaders

Get weekly tips on blocking ransomware, DDoS and bot attacks and Zero-day threats.

We're committed to your privacy. indusface uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.