OPINION                                                                   MAY 29, 2026     |  The Indian Eye 11



        Mythos an unprecedented challenge
        to  the  Indian  financial  system,  the
        Finance Minister instructed banks
        to secure their IT infrastructure
        and protect customer data, and em-
        phasised the need for a system that
        allows real-time sharing of threat in-
        telligence among banks and cyberse-
        curity agencies. Additionally, a panel
        has been set up under State Bank of
        India Chairman C.S. Setty to assess
        risks arising from the AI platform
        Mythos and develop mitigating mea-
        sures.
            India is not alone in recognising
        Mythos as a national security con-
        cern; there has been a broader trend
        of countries viewing the emergent
        capability with some trepidation. In-
        dia does  face unique  constraints in
        any decision regarding access to ad-
        vanced AI cybersecurity capabilities
        or protection against them. The issue
        of access has been at the forefront
        for Indian entities such as the Na-
        tional Payments Corporation of In-
        dia (NPCI) and Paytm, as evidenced
        by their engagement with Anthropic   The issue of access has been at the forefront for Indian entities such as the National Payments Corporation of India (NPCI) and Paytm (File photo)
        and the US Government to secure
        early access.                       systems offers sovereign control   also poses a major vulnerability. In-  compresses the timeline for existing
            The Indian banking system also   over systems and the pacing of   stead of focusing dialogue solely on   threats, even as the resources, infra-
        faces structural issues that predate   their updates, which can be syner-  Mythos,  it is  necessary to  invest  in   structure, and capability to cope with
        Mythos. India has been pursuing last-  gised against the threat landscape   and strengthen cybersecurity capac-  them remain lagging. India is at an
        mile connectivity, financial inclusion,   for India.                ity  for critical  sectors,  particularly   unenviable crossroads with no easy or
        and the digitisation of governance   • Sovereign Deployment of AI mod-  by building a clearer view of which   perfect choice; each path has a cost,
        structures, bringing millions of Indi-  els may strike a balance in the   software those institutions run versus   and none guarantees immediate and/
        ans into the fold of formal banking   current scenario. As seen in the   what they need, and gradually retir-  or durable security. Modernising cur-
        through the JAM trinity and the Uni-  examples from Vidoc and AISLE,   ing older systems.             rent systems and accelerating patch-
        fied Payments Interface (UPI). How-  lower-end models can be orient-    The dialogue around Mythos    ing timelines in India are as critical as
        ever, such large-scale programmes   ed to achieve results that closely   has largely shaped it as a threat, and   pursuing frontier capabilities that do
        have come at a cost: India’s Core   parallel those of Mythos. India   while it has real potential for harm,   not force a choice between security
        Banking System (CBS) has been       can leverage indigenous AI efforts   its capability can also be viewed as a   and sovereignty. The emergence of
        supported by centralised technolog-  such  as  BharatGen,  Sarvam,  and   forcing function. After all, Mythos   Mythos, therefore, should not gen-
        ical structures that are notoriously   the  IndiaAI  Mission  to  build  se-  was not designed as a cybersecuri-  erate panic but rather evoke caution
        slow-moving and difficult to change.  curity  assets  specific  to  its  needs.   ty tool. Anthropic built it as a gen-  about the nascent stage of AI devel-
            India also has a record of a rel-  While they may lag in raw com-  eral-purpose  model  with  extended   opment, characterised by the dilu-
        atively sluggish pace in patching   pute and cybersecurity capabilities   autonomous reasoning capabilities   tion of human oversight, inequitable
        vulnerabilities,  even  in  critical  sys-  in the near term, it may help India   across scientific research, legal anal-  access to capabilities, and collapsing
        tems. Wannacry Attacks had proven   develop the necessary scaffolding   ysis, strategic synthesis, and complex   timelines.
        to  be  an  illuminating  example:  the   to  grow its cybersecurity  assets.   systems modelling. The cybersecurity   Meghna Pradhan is a Research Analyst
        Windows  vulnerability  exploited  by   For aspects where the indigenous   capability surfaced during the evalu-  at the Manohar Parrikar Institute for
        the ransomware had been discov-     model may not suffice, open mod-  ation of those reasoning capabilities,   Defense Studies and Analysis, New
        ered and patched by Microsoft two   els available internationally may   and Anthropic chose to highlight it in   Delhi. She is currently pursuing her
        months before the attack.           serve as a stopgap.             its subsequent disclosures. The infa-  PhD at the Department of East Asian
            Within these constraints, India’s   Whichever one (or mix) of these   my Mythos has acquired is therefore   Studies, University of Delhi, with
        response space is structured by three   choices India opts for, getting hold of   not a product of deliberate design   her thesis focused on how emerging
        principal options, each with charac-  better tools is only half the answer.   intent, but of inadvertent capabilities   technologies such as AI affect political
        teristic costs.                   Indian institutions also need to make   the model came to exhibit. This is a    processes
        • Full purchase of Mythos-class and   better use of the tools they already   critical inflexion point. As AI systems   Views expressed are of the author and
          any potential Mythos-audited soft-  have. A scan that flags a vulnerability   become more capable, any sufficient-  do not necessarily reflect the views of
          ware  systems is one  of  the  seem-  is only useful if the patch reaches the   ly developed system, regardless of   the Manohar Parrikar IDSA or of the
          ingly obvious and most disadvanta-  actual machine. Critical institutions   the purpose for which it was built,   Government of India.
          geous options for India.        often lack full awareness of their   may develop properties that its de-
        • Collaboration is another option,   software systems and the personnel   signers did not intend. Still, the wider   The full version of this article first ap-
          specifically  with  companies  that   to respond quickly when issues are   world is left to confront and absorb.  peared in the Comments section of the
          are already part of the Glasswing   flagged.  The  use  of  legacy  systems,   For India, Mythos is not an issue   website (www.idsa.in) of Manohar Par-
          project.                        especially when their operators do   because it creates a novel vulner-  rikar Institute for Defense Studies and
        • Indigenisation  of critical  software   not always issue security updates,   ability,  but  because  it  significantly   Analyses, New Delhi, on May 19, 2026


                                                               www.TheIndianEYE.com