Mythos legend ups cybersecurity stakes

Anthropic's Claude Mythos can identify security flaws in software within hours, flaws that have remained undetected for decades. To spot a vulnerability, however, Mythos must be able to exploit it. Which it also does within hours. This makes it a concerning AI tool if it falls into the wrong hands. Anthropic has prudently decided to release the AI model to a select group of companies that develop critical software. The intention is to patch the digital infrastructure before Mythos becomes publicly available. This, in turn, raises two sets of issues. One, not all digital infrastructure is built by Big Tech. And, two, not every company developing AI cybersecurity tools will be as conscientious as Anthropic.

India has built an impressive stack of DPI, and is assessing the new risk environment it faces. GoI, as Nirmala Sitharaman noted last week at the ET Awards for Corporate Excellence, is in talks with the US administration for access to Mythos. India's position is that its digital backbone has a reach comparable to, if not greater than, that of Big Tech firms. However, this stance dilutes Anthropic's original intention of limiting access to a core group. India's argument tends to favour equitable access to cybersecurity tools before Mythos' potential risks are fully mitigated. This represents a balanced approach in an industry divided over whether the model is primarily a security solution or a threat.

Regardless of how Mythos evolves, India has begun auditing its cybersecurity requirements. Large enterprises are better equipped to protect themselves. But small firms require a supportive ecosystem to counter AI-driven threats. Regulatory adoption of AI must align with industry deployment to safeguard all stakeholders. A system as significant as UPI requires an adequate response to the evolving cybersecurity landscape. GoI has identified the threat early, and targeted policy intervention could encourage the development of domestic, agentic defence mechanisms.