Why India’s Government Just Warned All Banks About Claude Mythos

India’s government has warned banks about Anthropic’s Claude Mythos, a powerful AI that can find security weaknesses in software. The concern is clear and urgent; this AI can spot vulnerabilities so quickly that attackers could use them before defenders even know they exist. Finance Minister Nirmala Sitharaman called it an “unprecedented threat,” and the government has told banks to strengthen their defenses right away leveraging AI engines and technology.

What Is Claude Mythos and Why Is It Different?

Claude Mythos is not your typical chatbot. It is an experimental AI system designed to perform complex cybersecurity tasks, including identifying software vulnerabilities, analysing systems, and generating exploit pathways.

Think of it this way: security researchers spend weeks or months finding flaws in code. Mythos can do the same work in hours. Researchers at SenseAI found that models like Mythos compress expertise, time and scale, allowing tasks that once required specialised researchers to be executed faster, cheaper and with far more precision.

Most concerning? Reports suggest the model can outperform most human experts in detecting software weaknesses.

Why Isn’t It Available to Everyone?

Anthropic chose not to release Mythos to the public. They decided not to launch Claude Mythos Preview because they were worried about serious cybersecurity and national security risks. They believe that if the model were used by the wrong people, it could help carry out advanced cyberattacks by automatically finding and using security weaknesses on a large scale.

Instead, Anthropic created a restricted programme called Project Glasswing. Only selected technology companies in the US got access for defensive purposes. No Indian banks, government agencies, or tech companies made the list.

Department of Financial Services secretary M. Nagaraju called Mythos “a threat and opportunity for the financial technology ecosystem”. But for now, India is locked out.

The Problem: Cyberattacks Happening Much Faster Now

What worries policymakers most is that the time between finding a security flaw and using it for an attack has almost disappeared.

Vishak Raman from Fortinet explained that flaws which once took weeks or months to find and use can now be exploited in just hours. He said the same tools that fix problems can also be used to attack them.

This is not about new kinds of attacks – it’s about speed. Earlier, cybersecurity worked step by step: find a problem, report it, fix it, and update systems. Banks had time to respond.

Now, tools like Claude Mythos make everything much faster. Anthropic has also said there was some unauthorised access during testing, which adds to the concern about misuse.

What Does This Mean for Indian Banks?

On April 26, the Indian Computer Emergency Response Team, the government’s main agency for handling cybersecurity incidents, issued a high-risk warning. It directly mentioned advanced AI models and told organisations to assume that any newly discovered security flaw could be used by attackers within hours, not weeks.

Finance Minister Sitharaman called an emergency meeting with bank heads. She gave them clear orders: treat every new security flaw as a crisis. Secure your IT infrastructure now. The Indian Banks’ Association was told to create response mechanisms for cyber threats.

The reality is brutal. India’s public sector banks and government departments do not operate on these timelines. They were built for slower threats.

Who Bears the Risk?

Every Indian citizen who uses online banking faces potential risk. India’s banking system handles massive volumes of digital transactions daily, and the rise of AI models like Mythos introduces a new category of risk: AI-powered cyberattacks that are faster, smarter, and harder to detect.

A criminal with access to Mythos could theoretically scan the banking sector for unpatched vulnerabilities. Hours later, attackers could breach accounts, steal money, or harvest personal data.

This is not hypothetical. Globally, regulators in Australia, New Zealand, and the United Kingdom are closely monitoring developments, particularly their implications for banking and critical infrastructure.

Is This About One AI Model or Something Bigger?

Yes and no. Mythos is the immediate trigger. But experts see a deeper shift.

Rahul Agarwalla, managing partner at SenseAI, said the future of cybersecurity is likely to be “AI versus AI” – a race between systems designed to exploit vulnerabilities and those built to defend against them.

The longer-term outlook? Both experts noted that these models could significantly strengthen cybersecurity in the long run. An AI that finds flaws can also fix them. But first comes the danger.

What Is India Doing About It?

The government is moving on multiple fronts. A senior Ministry of Electronics and Information Technology official confirmed the government is in active conversation with Anthropic for possible access.

India is also pushing back on the exclusion. Amar Rizvi, a former Indian government official, called Indian industry’s exclusion from Project Glasswing “a security and sovereignty concern” and recommended that the Ministry of External Affairs, the Ministry of Home Affairs, and the Prime Minister’s Office engage with both the US government and Anthropic to seek access.

Beyond diplomacy, Rizvi recommended a coordinated security audit of critical infrastructure across financial services and telecom.

What Should You Do?

If you use online banking:

1. Change your banking passwords if you haven’t in three months.
2. Enable two-factor authentication on every account that offers it.
3. Monitor your account statements weekly for unauthorized transactions.
4. Do not click links in unexpected emails, even if they look official.
5. Report any suspicious activity to your bank immediately.

Banks are being told to respond more quickly than ever. But they can’t handle this on their own. Everyone’s alertness and caution matter.

The Bottom Line

Claude Mythos is not out yet. It is still being tested carefully. But its existence is already making people think differently about AI risks in banking and finance. The government is not waiting for something bad to happen, they are taking steps now to stay prepared.

As Agarwalla put it: the window has collapsed. What once took months now takes hours. India’s financial system has been warned. The race to defend is on.

Sources: Business Standard, ThePrint, The Hans India, Trak.in. Reporting based on statements from Indian government officials, Anthropic, Fortinet, SenseAI, and PrivaSapien.