India’s IT sector and the government are examining the risks linked to Claude Mythos, an unreleased AI model by Anthropic that can both detect and potentially exploit hidden security flaws in widely used systems.
At the same time, officials from the Electronics and Information Technology Ministry and CERT-In are actively discussing how these capabilities might affect cybersecurity in the near future.
India Probes Risks of Anthropic’s Claude Mythos Amid Rising Cybersecurity Concerns
Meanwhile, a group of American firms is already working with Anthropic to fix vulnerabilities that human experts had previously missed.
This effort is part of Project Glasswing, a collaboration involving 40 companies and open-source developers, supported by a $100 million budget to scan global codebases.
As a result, Mythos has already identified weaknesses in major systems like OpenBSD, FFMPEG, and the Linux kernel, prompting early fixes before public release.
Notably, no Indian firms are listed in the initial group, although they may still benefit indirectly from security patches applied to shared technologies.
However, experts stress that Indian companies must still strengthen their own security systems, since that responsibility cannot be outsourced.
In addition, IT services firms are concerned because their custom-built software could become vulnerable to new attack methods enabled by advanced AI models.
Even though Infosys has partnered with Anthropic, it has not confirmed involvement in Project Glasswing.
Simultaneously, the Data Security Council of India (DSCI) is holding discussions across the industry to better understand the evolving situation.
While DSCI supports Glasswing, it also warns that vulnerabilities in core infrastructure could have catastrophic consequences.
Furthermore, product-based companies, especially in SaaS and deep tech, are seen as highly exposed if such tools become widely accessible.
This risk extends beyond digital systems to physical infrastructure like SCADA and IoT networks.
As one expert described it, “It’s an entire tsunami coming in.”
Uncertain Role for Indian Firms as AI Growth Reshapes IT Market Dynamics
Although India is a major market for Anthropic, there is no clarity on the role of Indian firms in the project.
Additionally, AI advancements are already influencing stock prices of Indian IT companies, while the government urges faster AI adoption.
Government systems are considered especially vulnerable due to uneven security standards across departments.
Still, confidence remains in CERT-In’s ability to respond quickly, based on past cyberattack responses.
However, older systems like Aadhaar and GST may be particularly exposed, as Mythos can uncover long-hidden flaws.
Experts also note that while hackers may not target such systems for profit, hostile nations could.
Consequently, Indian firms face a dilemma: allow AI-driven audits from foreign tools or risk leaving systems unprotected. For example, companies like Zoho have not clarified their stance on participating in such initiatives.
Traditionally, Indian researchers have excelled in bug bounty programs, but this work may be disrupted by AI tools like Mythos.
Finally, the long-term impact depends on whether software vulnerabilities are abundant or rare, shaping how cybersecurity evolves.
Although one researcher believes “in the long term, the defenders win,” he cautions that “in the transitionary period… things probably are very bad.”
