[ad_1]
India has started preparing in anticipation of Mythos being misused. Earlier this month, Finance Minister Nirmala Sitharaman met officials from the Ministry of Electronics and Information Technology, bank executives and other senior civil servants to discuss Mythos’ risks and its ability to find vulnerabilities in legacy software systems.
Government officials who attended the meeting said the general belief is that while Mythos is powerful, more companies will release their own versions of such models that are equally, if not more, capable.
Nasscom, which represents the Indian information technology industry, said in a statement: “It is imperative that Indian technology firms are included in the global industry consortium by Anthropic under the Glasswing project. Ensuring their participation is a critical step towards strengthening global cyber resilience, enabling responsible testing, and safeguarding interconnected digital ecosystems at scale.”
Experts argue agentic AI like Mythos — capable of more complex decision-making than traditional tools — exposes countries and companies to systemic vulnerabilities. These capabilities “rapidly discover and operationalise weaknesses across digital infrastructure” faster than existing defensive and regulatory mechanisms can respond.
“Mythos shifts the centre of gravity of the debate towards capability risk. It demonstrates that certain AI systems can possess operational capacities that materially alter the security environment in which governments, industries and critical infrastructure operate,” said Jameela Sahiba, associate director at policy think tank The Dialogue.
Anthropic said Mythos can identify and exploit vulnerabilities across all major operating systems and web browsers. These “subtle” flaws were dormant and undetected for nearly three decades, evading both detection and patching until Mythos discovered them.
“We did not explicitly train Mythos Preview to have these capabilities. Rather, they emerged as a downstream consequence of general improvements in code, reasoning, and autonomy. The same improvements that make the model substantially more effective at patching vulnerabilities also make it substantially more effective at exploiting them,” Anthropic said in a blog post after the model’s limited release.
“These systems are effectively weaponising reasoning. We are moving from a world of N-days to a critical window of minutes. This shifts the risk from static infrastructure to the speed of the attack cycle, where machines reason across identity, code and supply chains at a pace humans cannot manually match,” said Philippa Cogswell, managing partner for Japan and Asia Pacific at cybersecurity firm Palo Alto Networks’ Unit 42.
Anthropic has announced Project Glasswing, an initiative in which it will work with multiple business giants to develop “defensive” applications for Mythos.
“Mythos Preview has already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser. Given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely. The fallout — for economies, public safety and national security — could be severe,” Anthropic said in the post.
Glasswing partners will use Mythos for defensive security and share the lessons with others worldwide. They will get access to Mythos’ preview to find and fix cybersecurity vulnerabilities in their own foundational systems.
“We anticipate this work will focus on tasks like local vulnerability detection, black-box testing of binaries, securing endpoints, and penetration testing of systems,” Anthropic said.
Some experts, however, argue that Mythos has not created a new problem but exposed an old one. Ajai Chowdhry, chairman of the EPIC Foundation and a member of the mission governing board of the government’s National Quantum Mission, said the problem is that “modern computing is more brittle, under-tested and under-governed than we like to admit.”
“The lesson is not simply that [AI] models are getting bigger. It is that once a powerful model is connected to tools, network access, or operational authority, longstanding software weaknesses can surface — and potentially be exploited — far faster than before. The wrong instinct is to shoot the messenger. The right one is to harden the systems that the messenger is revealing,” said Chowdhry.
Most experts agree that the banking, financial and insurance sectors are most at risk if Mythos is misused. At Sitharaman’s meeting, banking executives were asked to take measures to secure their systems, data and customers.
“The message for Indian banks is very clear: AI can no longer be treated only as an efficiency layer — it must be governed as a real-time cyber risk. We need continuous cyber threat intelligence sharing, faster patch management, stronger identity security, tighter vendor controls, and AI-powered defence operating alongside human oversight,” said Tarun Wig, cofounder and chief executive officer of Innefu Labs.
Mythos and similar systems have “dual-use” capabilities, Chowdhry said. “At the national level, that means independent evaluation, baseline standards, incident reporting, and special support for under-resourced sectors and critical infrastructure. At the company level, it means cyber risk must sit with the board and executive team, not be delegated away,” he said.
Sahiba said that for countries like India — with its vast, complex digital identity, financial and government networks — the emergence of AI systems capable of autonomously discovering software vulnerabilities requires preparing for a future where cyber threats evolve faster than traditional defensive mechanisms.
“If AI tools capable of identifying previously unknown vulnerabilities become concentrated among a small set of corporate or geopolitical actors, this creates a structural asymmetry in cyber defence. Ensuring equitable access to defensive capabilities will therefore become a central element of technological sovereignty,” she said.
Chowdhry said systems like Mythos could also compromise critical software, disrupt infrastructure, or steal sensitive data.
“No powerful model should be given direct authority over code execution, network administration, financial controls, or critical operations without independent evaluation, bounded permissions, human approval for consequential actions, comprehensive logging, and a duty to report serious incidents and near misses,” he said.
[ad_2]
Click Here For The Original Source.
