While speaking at the 26th ET Awards for Corporate Excellence on Saturday, finance minister Nirmala Sitharaman had said the ministry of electronics was fully seized of the challenge. “They are engaging with the US administration, Anthropic and with the vendors who have been given a chance to test (Mythos),” she had said. “The cyber challenge we have because of the Mythos, is going to be a big one.” Sitharaman held a meeting with banks and key cyber agencies along with IT minister Ashwini Vaishnaw last week on the matter.
Officials underlined that the government doesn’t want to favour any particular company by enabling access to some while leaving out others.
Conversations with the US authorities are in addition to talks with Anthropic’s officials at the company’s US headquarters.
Anthropic didn’t respond to ET’s queries till the time of going to press. The Centre has also asked the Indian Computer Emergency Response Team (CERT-In), the National Critical Information Infrastructure Protection Centre (NCIIPC) and the financial sector to ensure they move fast to protect critical infrastructure such as power grids, telecom networks and banking channels among others that could be vulnerable. The government is also considering a policy response to more AI companies launching such models in the future.
“Currently, Anthropic has held off the wider release, but tomorrow more companies can launch such models,” said the official cited above. “They may release them without advance notice. The government needs to build its capacity as of yesterday.”
Also Read: ET Awards: Sitharaman flags AI threat and global risks, says reforms on the way to support India Inc growth
China has reportedly already developed its own version of Mythos.
Claude Mythos is the newest AI model from Anthropic that’s said to be so advanced that it can identify and exploit zero-day vulnerabilities rapidly. Anthropic’s Project Glasswing gave early access to 40 companies, mostly from the US, to help them use Mythos to catch and patch flaws before it’s released to the public. No Indian company was included in the list.
“The government of India should formally and urgently seek participation in Project Glasswing that achieves an equivalent outcome for India’s critical infrastructure,” said Kazim Rizvi, founding director of the policy think tank The Dialogue. “India’s digital public infrastructure serves a population potentially larger than the user base of most Glasswing partners’ consumer platforms, and its exclusion from the programme is a gap in global critical infrastructure security, not merely an Indian national concern.”
Companies that tested Mythos said it could find tens of thousands of vulnerabilities, compared with roughly 500 found by Anthropic’s previous model, Opus 4.6, a 20-fold jump in one generation.
Also Read: CERT-In flags ‘high-severity risks’ from AI-driven cyber threats amid Mythos concerns
“The government of India should formally and urgently seek participation in Project Glasswing that achieves an equivalent outcome for India’s critical infrastructure,” said Kazim Rizvi, founding director of the policy think tank The Dialogue.
“India’s digital public infrastructure serves a population potentially larger than the user base of most Glasswing partners’ consumer platforms, and its exclusion from the programme is a gap in global critical infrastructure security, not merely an Indian national concern.”
Also Read: Anthropic Mythos: Firms with access to model say speed of response, not uncovering flaws, is key
Participation in Project Glasswing
ET reported last week that Nasscom, representing India’s technology companies, wrote to Anthropic, asking that they be included in Project Glasswing and be given access to Mythos to build cyber resilience since their code is used by entities across the globe. It added that Anthropic is engaged in discussions between the US and allied democracies, including India, on securing critical infrastructure before the public release of Mythos.
Rizvi said the government should immediately commission a coordinated, cross-sectoral security audit of India’s critical digital infrastructure and make an adversarial assessment conducted specifically against the kind of threat that Mythos presents.
“Alongside this audit, the government must work with industry and infra stakeholders to commission a dedicated, classified deep-dive into the full implications of AI-driven vulnerability discovery for India’s digital ecosystem,” he said.
Also Read: Before Mythos goes public, Indian IT also wants access
