From the Editor-in-Chief
What has become clear is that AI is no longer a story of technological promise alone. Mythos has given the world the whiff of a new, all-consuming danger: a systemic risk.
Artificial Intelligence was meant to be the Great Enabler. Even allowing for the caution that accompanies new technology, its ability to synthesise vast amounts of data is a paradigm shift in human productivity. It hasn’t taken long for the realisation that this is not an undiluted blessing. The duality has become sharper and more unsettling with the arrival of Anthropic’s model Claude Mythos. The first task is to grasp the nature of the threat. By Anthropic’s own telling, AI can now “surpass all but the most skilled humans at finding and exploiting software vulnerabilities”. Mythos reportedly found thousands of severe flaws, including in major operating systems and web browsers, some lying dormant for decades. What makes this alarming is not merely the scale, but its capacity to do this in autonomous mode. This is not traditional hacking accelerated. It is a glimpse of agentic AI systems that can plan, probe, adapt and execute, sharpening its tools along the way. What was once the preserve of a tiny priesthood of elite specialists is almost on the cusp of democratisation.
Anthropic has withheld public release, deeming it to be too dangerous for open deployment. Instead, through its ‘Project Glasswing’, it offered access to Mythos Preview to a clutch of tech majors like Amazon Web Services, Google, Microsoft, Apple, NVIDIA and Linux besides the finance behemoth JPMorgan Chase, and 40 other undisclosed partners. This select club can use Mythos to scan and fortify their systems against malicious AI-enabled actors. In short, the disease is being offered as the cure. The whole thing could be an elaborate piece of ‘shockvertising’, with Anthropic exaggerating the capabilities of Mythos in order to scare big customers into acquiring it. Yet, even allowing for that, the threat is real enough that central bankers, governments and security establishments across the world are taking notice. India’s Union finance and IT ministries were quick to respond by convening a meeting of bankers and policymakers to meet the new threat. Finance minister Nirmala Sitharaman, who chaired the meeting, later said, “The cyber challenge we have because of Mythos is a big one. We are engaging with the US administration, Anthropic and vendors who were given a chance to test Mythos to see what steps we should take.”
What has become clear is that AI is no longer a story of technological promise alone. Mythos has given the world the whiff of a new, all-consuming danger: a systemic risk. Practically every transaction in global finance and banking is digital now. So are military systems, power grids, aviation networks, government databases. The question suddenly before us is profound: could all of that be rendered vulnerable by malicious actors armed with AI? India has particular reason to worry as its digital infrastructure is vast and central to its growth story. Besides online banking and proprietary corporate information, it has vast public digital inventories in the form of Aadhaar, DigiLocker, UPI, corporate data and health records. The sense of ease and safety they created is suddenly turned on its head. What is at stake is not just theft or sabotage, but cascading instability. What AI can do is automated, 24/7 chain-hacking at the “speed of thought”, trawling systems for zero-day vulnerabilities, a name for bugs the builders don’t even suspect exist, and then exploit them to penetrate systems and exfiltrate data long before humans can react. The kind of hacking we are familiar with will now go space age. Hyper-personalised phishing emails indistinguishable from the real thing, SIM swapping to intercept OTPs, password guessing, these will be taken to an art form inscrutable to ordinary eyes. Nor is this only about one model. The next frontier system may surpass Mythos. The risks, says an AI specialist, are non-linear: “If it goes rogue, it can on its own decide to launch a much larger attack that impacts the entire ecosystem.”
It may well be just the warning signal we needed. This week’s cover story examines what an effective response from India may look like. The uncomfortable truth is that our existing digital security frameworks were built for another era. Munjal Kamdar, partner, cyber strategy, Deloitte India, says the threat could come from malicious actors as varied as nation-states, corporate spies and plain scamsters. The problem with Aadhaar or UPI is that the ‘attack surface’ is extremely large, with innumerable points of weakness: the first has a database of 1.4 billion, the second has 500 million active users, many merchant QRs among them. DigiLocker saw 9.4 billion documents retrieved by March 2025. Indian finance is a cosmos unto itself; banks alone have deposits upwards of Rs 251.9 lakh crore. Then there’s health data, and critical defence information. India must build sovereign cyber defence capability to discover vulnerabilities and enable real-time threat intelligence-sharing across sectors. The answer cannot be digital fatalism. There is no time for complacency in the belief that scale will provide safety. Nor can it be dependent exclusively on technologies controlled elsewhere. India has the talent to do this. All we need is a will to build our resilience. Mythos may in time prove less an existential threat than a timely reminder of what lies ahead. But one thing is certain: only AI can fight AI.
Artificial Intelligence was meant to be the Great Enabler. Even allowing for the caution that accompanies new technology, its ability to synthesise vast amounts of data is a paradigm shift in human productivity. It hasn’t taken long for the realisation that this is not an undiluted blessing. The duality has become sharper and more unsettling with the arrival of Anthropic’s model Claude Mythos. The first task is to grasp the nature of the threat. By Anthropic’s own telling, AI can now “surpass all but the most skilled humans at finding and exploiting software vulnerabilities”. Mythos reportedly found thousands of severe flaws, including in major operating systems and web browsers, some lying dormant for decades. What makes this alarming is not merely the scale, but its capacity to do this in autonomous mode. This is not traditional hacking accelerated. It is a glimpse of agentic AI systems that can plan, probe, adapt and execute, sharpening its tools along the way. What was once the preserve of a tiny priesthood of elite specialists is almost on the cusp of democratisation.
Anthropic has withheld public release, deeming it to be too dangerous for open deployment. Instead, through its ‘Project Glasswing’, it offered access to Mythos Preview to a clutch of tech majors like Amazon Web Services, Google, Microsoft, Apple, NVIDIA and Linux besides the finance behemoth JPMorgan Chase, and 40 other undisclosed partners. This select club can use Mythos to scan and fortify their systems against malicious AI-enabled actors. In short, the disease is being offered as the cure. The whole thing could be an elaborate piece of ‘shockvertising’, with Anthropic exaggerating the capabilities of Mythos in order to scare big customers into acquiring it. Yet, even allowing for that, the threat is real enough that central bankers, governments and security establishments across the world are taking notice. India’s Union finance and IT ministries were quick to respond by convening a meeting of bankers and policymakers to meet the new threat. Finance minister Nirmala Sitharaman, who chaired the meeting, later said, “The cyber challenge we have because of Mythos is a big one. We are engaging with the US administration, Anthropic and vendors who were given a chance to test Mythos to see what steps we should take.”
What has become clear is that AI is no longer a story of technological promise alone. Mythos has given the world the whiff of a new, all-consuming danger: a systemic risk. Practically every transaction in global finance and banking is digital now. So are military systems, power grids, aviation networks, government databases. The question suddenly before us is profound: could all of that be rendered vulnerable by malicious actors armed with AI? India has particular reason to worry as its digital infrastructure is vast and central to its growth story. Besides online banking and proprietary corporate information, it has vast public digital inventories in the form of Aadhaar, DigiLocker, UPI, corporate data and health records. The sense of ease and safety they created is suddenly turned on its head. What is at stake is not just theft or sabotage, but cascading instability. What AI can do is automated, 24/7 chain-hacking at the “speed of thought”, trawling systems for zero-day vulnerabilities, a name for bugs the builders don’t even suspect exist, and then exploit them to penetrate systems and exfiltrate data long before humans can react. The kind of hacking we are familiar with will now go space age. Hyper-personalised phishing emails indistinguishable from the real thing, SIM swapping to intercept OTPs, password guessing, these will be taken to an art form inscrutable to ordinary eyes. Nor is this only about one model. The next frontier system may surpass Mythos. The risks, says an AI specialist, are non-linear: “If it goes rogue, it can on its own decide to launch a much larger attack that impacts the entire ecosystem.”
It may well be just the warning signal we needed. This week’s cover story examines what an effective response from India may look like. The uncomfortable truth is that our existing digital security frameworks were built for another era. Munjal Kamdar, partner, cyber strategy, Deloitte India, says the threat could come from malicious actors as varied as nation-states, corporate spies and plain scamsters. The problem with Aadhaar or UPI is that the ‘attack surface’ is extremely large, with innumerable points of weakness: the first has a database of 1.4 billion, the second has 500 million active users, many merchant QRs among them. DigiLocker saw 9.4 billion documents retrieved by March 2025. Indian finance is a cosmos unto itself; banks alone have deposits upwards of Rs 251.9 lakh crore. Then there’s health data, and critical defence information. India must build sovereign cyber defence capability to discover vulnerabilities and enable real-time threat intelligence-sharing across sectors. The answer cannot be digital fatalism. There is no time for complacency in the belief that scale will provide safety. Nor can it be dependent exclusively on technologies controlled elsewhere. India has the talent to do this. All we need is a will to build our resilience. Mythos may in time prove less an existential threat than a timely reminder of what lies ahead. But one thing is certain: only AI can fight AI.
