Indian government and IT firms are running tests for Mythos threat: report

India is testing some of its most sensitive public-facing financial and government application software to better understand their vulnerabilities to the Mythos AI model by Anthropic PBC, according to Bloomberg.

The report stated that companies like Infosys Ltd. and Tata Consultancy Services Ltd. are carrying out the tests of their software for vulnerabilities in a secure environment to Mythos, according to officials, requesting anonymity because the discussions are private. Infosys in particular is looking to devise patches to its widely used Finacle banking software, they said.

Separately, India’s state-run cybersecurity agency CERT-In is undergoing tests of key digital infrastructure including the Aadhaar national ID program and government login systems, said the officials. The companies, which don’t currently have access to Mythos, are using Anthropic’s Claude Opus 4.7 AI software to patch vulnerabilities, they said.

Bloomberg said that Infosys and TCS, along with India’s Ministry of Electronics and Information Technology didn’t respond to a request for comment. 

Mythos still raises global alarm

The emergence of Claude Mythos has sent early warning signals through governments and financial institutions, with policymakers and bankers scrambling to assess what a system capable of autonomously identifying and exploiting software vulnerabilities could mean for critical infrastructure. 

So far, Anthropic has limited access to Mythos to a select few companies including Apple Inc. and JPMorgan Chase & Co., allowing them to use the technology to test their own cyber defenses under an initiative called Project Glasswing. Governments and other companies around the world have petitioned to the US for access to Mythos to help sniff out their own vulnerabilities.

After the launch of Mythos, a high-level review meeting was held by Finance Minister Nirmala Sitharaman and IT Minister Ashwini Vaishnaw with banks, regulators and cybersecurity agencies.

According to multiple media reports, the meeting focused on assessing the risks posed by advanced AI systems such as Mythos to India’s financial infrastructure. Officials flagged concerns that such models could significantly lower the technical barrier required to carry out sophisticated cyberattacks.

Sitharaman warned that the threat posed by such technologies could be “as big as war”, adding that existing cybersecurity frameworks would need to become “far more versatile” to deal with AI-led risks. Vaishnaw, in the same discussions, stressed the need for tighter coordination between government, regulators and financial institutions, particularly around real-time information sharing and incident response.

Meanwhile, as per reports, the National Payments Corporation of India (NPCI) is trying to secure early access to examine "day-zero" cyber risks in Unified Payments Interface (UPI) systems. Even Nasscom has apparently formally requested for Mythos access to bolster cybersecurity resilience.