The Claude Mythos model, developed by Anthropic and announced on April 7, 2026, has exposed significant cybersecurity gaps in India's critical infrastructure by demonstrating "unprecedented" capabilities in autonomously identifying and exploiting software vulnerabilities.

Key Infrastructure Gaps Identified

The model's ability to scan entire system codebases (via a 1-million token context window) has highlighted structural weaknesses across several Indian sectors:

Banking & Finance:

Legacy Systems: Many Indian banks use modern user interfaces built on top of aging core banking systems (legacy Java/Windows stacks) that are highly susceptible to AI-powered exploitation.

Real-time Fraud: Mythos can identify zero-day bugs that could facilitate fraudulent double-spending or unauthorised inter-bank transfers.

Trading Platforms: Vulnerabilities in exchange software (like NSE/BSE) could be exploited to manipulate prices or force market halts.

Digital Public Infrastructure (DPI):

Scale Risk: The centralisation of platforms like UPI (processing ~20 billion monthly transactions) and Aadhaar creates an "asymmetric risk exposure".

Structural Flaws: Mythos can identify cross-component logic errors in national-scale architectures that traditional security tools miss.

Telecommunications & Energy:

Supply Chain Vulnerability: Major telcos like Bharti Airtel and Vodafone Idea have initiated emergency audits of global vendor software (Nokia, Ericsson, Cisco) after Mythos proved it could scrutinize network-management code for hidden backdoors.

Grid Collapse: The model's "agentic" reasoning could lead to cascading collapses in national signaling or power distribution networks.

Immediate Regulatory Response: The Indian government has initiated a multi-ministerial defense strategy:

High-Level Vigilance: Finance Minister Nirmala Sitharaman directed bank chiefs to prepare for "machine-speed" attacks, noting that traditional response cycles are now obsolete.

Diplomatic Engagement: The Ministry of External Affairs (MEA) and MeitY are in talks with Anthropic and the US government to secure "equitable access" to Mythos for defensive testing, as India was initially excluded from the limited release.

CERT-In Advisory: India's cybersecurity agency issued a high-severity alert on April 26, 2026, warning that vulnerabilities must now be patched within hours rather than weeks.