What is the story about?
All corporates across sectors, public institutions, and government bodies need to make cybersecurity their top priority and invest heavily in both people and tools to make their software resilient. That’s the key message emerging from a cross-section of experts, as the world wakes up to the threats posed by Claude Mythos.
Claude Mythos was unveiled by Anthropic on April 8, and since then, world leaders, regulators, and bankers have been uneasy. Think of Mythos as an advanced ChatGPT with a sharp focus on cybersecurity. Anthropic says it can autonomously identify and exploit “zero-day” software vulnerabilities within minutes, and has already flagged vulnerabilities in systems like the Linux kernel and browsers such as Mozilla Firefox, which are widely used—from phones to stock exchanges, power grids, and payment systems.
For India, with its vast digital ecosystem spanning UPI, banking networks, stock exchanges, and critical infrastructure like power and telecom grids, the challenge is not merely technical—it is strategic and systemic.
The country must now prepare for an “AI vs AI” cyber era, while ensuring legacy systems can defend themselves at machine speed, say four financial sector experts CNBC-TV18 spoke to.
Understanding the nature of the threat
Traditional cyber defences were built around sequential responses—detect, verify, patch, explains Ramesh Laxminarayanan, Group Head – Infotech and Digital at HDFC Bank. Mythos-class AI collapses this timeline, discovering and weaponising vulnerabilities almost instantly. A single flaw in a bank’s payment gateway or a power grid can now be exploited before alarms are even raised.
The threat is non-linear and autonomous—it scales across systems, maps interconnections, and launches multi-vector attacks in real time. Anthropic may not have been exaggerating when it said the model is too powerful for public release. It has allowed limited previews to tech giants like Google, Microsoft, Nvidia, Cisco and banks like JPMorgan Chase to test systems and patch bugs.
For India’s interconnected digital infrastructure, this introduces systemic risk across sectors, says Kapil Vaswani of SPARC, an AI and cybersecurity research lab at Indian Institute of Science.
The New Paradigm: Fighting AI with AI
The most critical takeaway is simple: we need AI to defend against AI. India’s strategy must move from reactive security (patching after an attack) to autonomous defensive AI—systems that can predict, detect, and fix vulnerabilities automatically.
The Indian government is attempting exactly that. Reports suggest it is in talks with Anthropic and the US government to enable Indian companies to access Mythos, similar to US firms.
Vaswani, however, is sceptical. He says Anthropic may not share the same level of access with India as it does with US entities, especially if exclusivity conditions are imposed.
Nitin Mishra, ED at National Payments Corporation of India, sounded less alarmed. NPCI already uses AI for fraud detection and code scanning. Cyber threats have always existed, he said, but agreed that tools must evolve into real-time, self-adaptive systems.
Short-Term Imperatives: Strengthening the Digital Shield
Like Mishra, Laxminarayanan outlined steps companies can take:
Beyond tools, experts agree India must urgently bridge its cybersecurity talent gap. Mythos is just the beginning. Traditional security skills are no longer enough; curricula across IITs, NITs, and management institutes must include security engineering, AI ethics, and system resilience.
Vaswani argues India must also reduce dependence on foreign cybersecurity technology by strengthening indigenous AI tools, open-source platforms, and sovereign cryptographic standards.
Sectoral Alliances, PPP Models
AI models like Mythos impact not just finance, but power grids, aviation, and railway signalling. Nandkumar Saravade, former IPS officer and founding CEO of RBI’s IT arm ReBIT, calls for sector-wise cyber defence missions and greater knowledge sharing within industries.
The finance ministry has already instructed banks to share attack and defence data with CERT-In, the national nodal agency under MeitY.
Saravade suggests a mix of approaches—individual, sectoral, and government-led—depending on the industry. Critical sectors like energy and telecom could adopt public-private partnership models similar to NPCI.
China is already testing “AI governance sandboxes,” where autonomous systems are vetted before deployment. India could explore a similar model, especially for defence and financial systems.
Above all, Saravade stresses that cyber risk must be elevated to boardroom discussions across enterprises.
Preserving Sovereignty; Promoting Talent
The Mythos moment is India’s wake-up call. Just as the country built UPI into a robust, low-cost national payments system, it must respond to the AI challenge with urgency and innovation.
Crash courses across IITs, NITs, and IIMs in AI-driven cybersecurity could help build a skilled workforce—one that continuously upgrades itself.
The age of human-speed cybersecurity is over. The cyber wars of tomorrow will be fought—and won—by AI.
Claude Mythos was unveiled by Anthropic on April 8, and since then, world leaders, regulators, and bankers have been uneasy. Think of Mythos as an advanced ChatGPT with a sharp focus on cybersecurity. Anthropic says it can autonomously identify and exploit “zero-day” software vulnerabilities within minutes, and has already flagged vulnerabilities in systems like the Linux kernel and browsers such as Mozilla Firefox, which are widely used—from phones to stock exchanges, power grids, and payment systems.
For India, with its vast digital ecosystem spanning UPI, banking networks, stock exchanges, and critical infrastructure like power and telecom grids, the challenge is not merely technical—it is strategic and systemic.
The country must now prepare for an “AI vs AI” cyber era, while ensuring legacy systems can defend themselves at machine speed, say four financial sector experts CNBC-TV18 spoke to.
Understanding the nature of the threat
Traditional cyber defences were built around sequential responses—detect, verify, patch, explains Ramesh Laxminarayanan, Group Head – Infotech and Digital at HDFC Bank. Mythos-class AI collapses this timeline, discovering and weaponising vulnerabilities almost instantly. A single flaw in a bank’s payment gateway or a power grid can now be exploited before alarms are even raised.
The threat is non-linear and autonomous—it scales across systems, maps interconnections, and launches multi-vector attacks in real time. Anthropic may not have been exaggerating when it said the model is too powerful for public release. It has allowed limited previews to tech giants like Google, Microsoft, Nvidia, Cisco and banks like JPMorgan Chase to test systems and patch bugs.
For India’s interconnected digital infrastructure, this introduces systemic risk across sectors, says Kapil Vaswani of SPARC, an AI and cybersecurity research lab at Indian Institute of Science.
The New Paradigm: Fighting AI with AI
The most critical takeaway is simple: we need AI to defend against AI. India’s strategy must move from reactive security (patching after an attack) to autonomous defensive AI—systems that can predict, detect, and fix vulnerabilities automatically.
The Indian government is attempting exactly that. Reports suggest it is in talks with Anthropic and the US government to enable Indian companies to access Mythos, similar to US firms.
Vaswani, however, is sceptical. He says Anthropic may not share the same level of access with India as it does with US entities, especially if exclusivity conditions are imposed.
Nitin Mishra, ED at National Payments Corporation of India, sounded less alarmed. NPCI already uses AI for fraud detection and code scanning. Cyber threats have always existed, he said, but agreed that tools must evolve into real-time, self-adaptive systems.
Short-Term Imperatives: Strengthening the Digital Shield
Like Mishra, Laxminarayanan outlined steps companies can take:
- Move to continuous patching pipelines, reducing the lag between discovery and response
- Deploy virtual patching, where AI-powered firewalls block attacks instantly while permanent fixes are developed
- Use Mythos-like tools for benign scanning of legacy systems and open-source code
- Implement “shadow auditing” with autonomous AI auditors
- Adopt zero-trust architectures—assume breach and isolate every node
- Use micro-segmentation to contain attacks within small domains
- Deploy hardware roots of trust (TPMs) in critical infrastructure
- Invest in white-box cryptography to protect encryption keys even from AI-level attacks
Beyond tools, experts agree India must urgently bridge its cybersecurity talent gap. Mythos is just the beginning. Traditional security skills are no longer enough; curricula across IITs, NITs, and management institutes must include security engineering, AI ethics, and system resilience.
Vaswani argues India must also reduce dependence on foreign cybersecurity technology by strengthening indigenous AI tools, open-source platforms, and sovereign cryptographic standards.
Sectoral Alliances, PPP Models
AI models like Mythos impact not just finance, but power grids, aviation, and railway signalling. Nandkumar Saravade, former IPS officer and founding CEO of RBI’s IT arm ReBIT, calls for sector-wise cyber defence missions and greater knowledge sharing within industries.
The finance ministry has already instructed banks to share attack and defence data with CERT-In, the national nodal agency under MeitY.
Saravade suggests a mix of approaches—individual, sectoral, and government-led—depending on the industry. Critical sectors like energy and telecom could adopt public-private partnership models similar to NPCI.
China is already testing “AI governance sandboxes,” where autonomous systems are vetted before deployment. India could explore a similar model, especially for defence and financial systems.
Above all, Saravade stresses that cyber risk must be elevated to boardroom discussions across enterprises.
Preserving Sovereignty; Promoting Talent
The Mythos moment is India’s wake-up call. Just as the country built UPI into a robust, low-cost national payments system, it must respond to the AI challenge with urgency and innovation.
Crash courses across IITs, NITs, and IIMs in AI-driven cybersecurity could help build a skilled workforce—one that continuously upgrades itself.
The age of human-speed cybersecurity is over. The cyber wars of tomorrow will be fought—and won—by AI.
