Why in news?

Anthropic’s new AI model Claude Mythos has triggered global concern due to its advanced capabilities, marking a significant leap over earlier systems.

In India, the issue has gained urgency, with FM Nirmala Sitharaman chairing a high-level meeting over potential threats to the banking sector, and the government engaging directly with Anthropic’s leadership.

Concerns have intensified further with reports that China has developed a similar system, Qihoo 360, capable of identifying software vulnerabilities at scale. While such tools offer breakthroughs in cyber defence, they also raise fears of misuse, cyber risks, and global technological competition.

What’s in Today’s Article?

• About Mythos
• Why Mythos Has Alarmed Policymakers Worldwide?
• Mythos AI in Real-World Testing: Validation of Cybersecurity Risks
• Mythos Breach and Global Fallout: Rising Cybersecurity and Governance Concerns
• India’s AI Policy Reassessment After Mythos Concerns

About Mythos

• Mythos is the latest model in Anthropic’s Claude AI family, currently released only in a limited preview.
• It represents a major leap in artificial intelligence capability, particularly in cybersecurity.
• What sets Mythos apart is its ability to autonomously detect critical vulnerabilities in widely used software and infrastructure at a speed far exceeding human researchers.
• At the same time, it can also fix these vulnerabilities when used defensively—but poses serious risks because it can exploit them if used maliciously, making it a powerful yet potentially dangerous tool.

Why Mythos Has Alarmed Policymakers Worldwide?

• Anthropic claims that Mythos has identified serious flaws across major operating systems and web browsers, including vulnerabilities that had remained undetected for decades.
• The speed and scale of discovery have raised immediate global concerns.
• Compared to its predecessor Opus 4.6—which had near-zero success in exploit development—Mythos demonstrates a dramatic leap.
• It can convert vulnerabilities into working exploits at a far higher success rate, placing it in an entirely different capability class.
• Ease of Use and Automation Risks
  • A major concern is accessibility: even non-experts can use Mythos to identify and exploit vulnerabilities.
  • Reports indicate that engineers without formal cybersecurity training could generate fully functional exploits overnight, highlighting the risks of widespread misuse.
• Dual-Use Nature: Defence vs Exploitation
  • Mythos embodies a classic dual-use dilemma—the same capabilities that allow it to fix vulnerabilities also enable it to exploit them effectively, amplifying cybersecurity threats if deployed maliciously.
  • Anthropic noted that these powerful features were not explicitly programmed, but emerged from improvements in reasoning, coding, and autonomy.
  • This unpredictability has heightened concerns about control and unintended consequences, prompting the company to pause wider release.

Mythos AI in Real-World Testing: Validation of Cybersecurity Risks

• Strong Performance in Cybersecurity Benchmarks - Independent testing found that Mythos solved 73% of expert-level cybersecurity challenges, far outperforming earlier AI models.
• Improved Reasoning and Problem-Solving Ability - Mythos showed the ability to sustain performance across complex, multi-layered problems, indicating significant improvements in reasoning, planning, and technical depth.
• Emergence of “Agentic” Behaviour - A key concern is Mythos’s agentic capability—its ability to autonomously execute multi-step attack sequences. Instead of acting as a simple tool, it can string together actions into a coherent attack pathway, raising risks of automation in cyberattacks.
• Lowering the Barrier for Cybercrime - The model’s ability to handle complex operations suggests that even less-skilled actors could conduct sophisticated cyberattacks, significantly increasing global cybersecurity risks.

Mythos Breach and Global Fallout: Rising Cybersecurity and Governance Concerns

• Controlled Rollout and Defensive Initiatives - Even while withholding full release, Anthropic launched Project Glasswing to help firms strengthen cyber defences using Mythos. Major players like Apple, Nvidia, Linux Foundation, CrowdStrike, and Google are part of this effort.
• Leak Raises Immediate Alarm - Despite restricted access, Mythos was reportedly accessed by users via a private Discord channel, raising serious concerns about containment and security breaches of highly sensitive AI systems.
• Need for Global AI Governance - The incident highlights the urgent need for international coordination on AI regulation. Experts stress that without common standards and guardrails, controlling such powerful technologies will be extremely difficult across jurisdictions.

India’s AI Policy Reassessment After Mythos Concerns

• Following concerns over Mythos, Union Finance Minister Nirmala Sitharaman directed banks to maintain a high degree of vigilance and develop coordinated mechanisms to counter emerging cybersecurity threats.
• The Mythos episode is prompting India to recalibrate its AI strategy, balancing innovation with stronger governance, coordination, and risk mitigation frameworks.
• Shift from Light-Touch Regulation
  • India had so far followed a light-touch approach to AI regulation, focusing on innovation and economic growth.
  • However, the risks highlighted by Mythos may push policymakers toward a more cautious and security-oriented framework.
• Creation of Institutional Mechanisms
  • The Ministry of Electronics and Information Technology has set up:
    • AI Governance and Economic Group: An inter-ministerial body to coordinate AI policy.
    • Technology and Policy Expert Committee: To provide technical and regulatory guidance.