Synopsis
Indian enterprises could be facing a structural cybersecurity risk after the release of the advanced AI model Mythos by Anthropic. As Mythos begins finding software vulnerabilities in hours, far faster than companies can fix them, experts said this could leave systems exposed, especially in sectors like banking and telecom that rely on older systems.A spokesperson at HDFC Bank, India's largest private sector bank by assets and market capitalisation, told ET, "We are engaged with the Data Security Council of India to evaluate risks and impact. We can confirm being in touch with the Anthropic team."
As only a few enterprises have been given early access and none of the Indian vendors are in the list, experts warned this could overwhelm security teams and expose risks. Meanwhile, after the US, governments in Canada and the UK too have taken cognisance of Mythos and are calling for meetings to assess its impact. Alarm bells are also going off for the $260 billion Indian IT industry which could face disruption.
Mythos, whose public release has been held back over safety concerns, has demonstrated the ability to uncover deep and previously undetected flaws in large codebases.
“In Indian enterprises, where patch cycles can run 60 to 90 days, the gap between discovery and response is becoming a strategic vulnerability,” said Arjun Nagulapally, CTO of AionOS. “Adversaries can now move from finding a flaw to exploiting it in hours, while enterprise response still takes weeks.”
Nagulapally said the scale of detection could overwhelm enterprises, especially in sectors such as banking and telecom that rely heavily on legacy systems.
The shift is already visible in enterprise environments, according to Cdr Raj Shastrakar (retd), director and head of Unit 42, India and SAAR at Palo Alto Networks. “Attackers can now exploit vulnerabilities within minutes of discovery, with some incidents progressing from initial access to data exfiltration in under an hour, and in extreme cases as little as 25 minutes,” Shastrakar said, adding that traditional step-by-step security processes are no longer sufficient.
The concerns are not limited to India. Financial regulators in the UK and Canada have begun urgent discussions with banks, insurers, and exchanges to assess risks from the model’s ability to expose critical vulnerabilities in core systems. Similar conversations are underway in the US, pointing to growing global concern over the systemic impact of such AI capabilities.
