Quick Take
- A department under MeitY told central ministries to hold off deploying OpenAI and Anthropic models.
- The finance ministry had proposed using GPT-5.5 for cybersecurity and vulnerability discovery work.
- The memorandum questions timing, not the models permanently, ThePrint reported on July 13, 2026.
In This Article
A department under the Ministry of Electronics and Information Technology (MeitY) has asked central ministries to hold off on deploying OpenAI and Anthropic models for cybersecurity and related functions, ThePrint reported on July 13, 2026, citing an office memorandum. The MeitY AI cybersecurity direction lands as frontier models sharpen both attack and defence.
The memorandum followed outreach by representatives of the two US-based AI companies, who approached several ministries with deployment proposals. The department did not permanently bar the models. It questioned the timing and warned against putting such systems to work prematurely, according to the report.
StartupFeed Insight
Read the memorandum as a procurement signal, not a ban. The department rejected a proposal from the finance ministry, which is the arm most exposed to AI-driven attacks, so the objection is about sequencing and control, not capability. Anyone selling AI security tooling to a central ministry should expect hosting location, data residency and audit questions to move ahead of benchmark scores. CISOs at banks, telcos and public sector units should watch this closely. StartupFeed expects MeitY to circulate a formal deployment or evaluation framework for frontier AI in government use before December 31, 2026. Indian security startups with on-premise or sovereign-hosted models gain a real procurement window in that gap. By Soumya Verma.
What the MeitY AI cybersecurity memo says
The office memorandum is an internal government instruction that directs ministries to defer, not abandon, a proposed deployment. The MeitY AI cybersecurity memo was issued last week and rejected a specific finance ministry proposal, ThePrint reported. It remains unclear how many ministries were approached, or at what level those meetings took place.
| Detail | What is known | Notes |
|---|---|---|
| Issuing body | A department under MeitY | Conveyed via office memorandum (ThePrint) |
| Models flagged | OpenAI and Anthropic models | For cybersecurity and related functions |
| Ministry proposal | Finance ministry, six-page letter | Sought clarity on agentic AI and GPT-5.5 |
| Proposal subject | AI-based vulnerability discovery | Also AI-assisted cyber capabilities |
| Outcome | Proposal rejected last week | Not a permanent bar on the models |
| Report date | July 13, 2026 | ThePrint, citing the memorandum |
The most telling detail is the source of the rejected proposal. The finance ministry sits closest to the systems most at risk, which makes a rejection there a deliberate policy choice rather than a routine filing.
About MeitY and the departments involved
MeitY is the Union ministry that governs electronics, IT and digital policy in India, headquartered in New Delhi and headed by Union minister Ashwini Vaishnaw. It runs the IndiaAI Mission, oversees the IT Act framework and houses CERT-In, the national computer emergency response team. MeitY also administers data localisation and cloud rules for government systems.
Why did MeitY pause the ministry proposals?
The pause reflects concern that frontier AI models carry dual-use cyber risk and sit on foreign-controlled infrastructure. The finance ministry proposed examining GPT-5.5 for cybersecurity work in a six-page letter titled around AI-based vulnerability discovery and AI-assisted cyber capabilities, ThePrint reported. The department rejected it.
The context is not new. Union finance minister Nirmala Sitharaman had already flagged the threat in April 2026, speaking at SEBI’s (Securities and Exchange Board of India) 38th Foundation Day in Mumbai.
“The tools of attack are evolving at high speed, and the tools of defence must evolve even faster,” Sitharaman said, urging all regulated entities to remain exceptionally vigilant.
Vaishnaw has separately said India needs a new AI law, arguing the IT Act was written in 2000, long before modern AI. Taken together, the MeitY AI cybersecurity memo, the finance ministry rejection and the push for fresh legislation point one way: New Delhi wants a rulebook in place before frontier models touch sensitive government systems.
How risky are frontier cyber models?
Advanced AI models can scan code, find software flaws and help respond to cyber incidents, but the same capability serves attackers. Agentic systems, which run multi-step tasks with limited human oversight, widen that surface further. Both OpenAI and Anthropic acknowledge the dual-use problem and have built safeguards around their most cyber-capable models.
Anthropic’s own approach shows how tight the controls have become. Its Claude Mythos Preview model is not public. It reaches only vetted organisations through Project Glasswing, Anthropic’s critical-software security programme, which the company expanded to roughly 150 new organisations across more than 15 countries, including India, on June 2, 2026. Anthropic said partners in that programme had already surfaced more than 10,000 high or critical-severity flaws.
| Model tier | Who can access it | Cyber posture |
|---|---|---|
| Claude Mythos Preview | Vetted Glasswing partners only | Highest capability, not publicly released |
| Claude Fable 5 | Broader availability | Same architecture, added safeguards |
| OpenAI GPT-5.5 | Named in the finance ministry letter | Cyber-permissive tier gated by vetting |
What separates these models from ordinary enterprise AI is the gating itself. Access runs through vetting lists, not commercial contracts, and that alone complicates any government procurement plan.
India’s AI sovereignty question
The episode has revived India’s debate over who controls the technology inside its critical systems. In June 2026, Anthropic suspended access to Claude Mythos 5 and Claude Fable 5 for foreign nationals to comply with US export controls. The restrictions were lifted later that month and access was restored, but the sequence showed how availability can turn on decisions taken outside India.
New Delhi’s answer so far has been capacity. The Centre has committed Rs 10,372 Cr (about $109 Mn) to the IndiaAI Mission, approved by the Union Cabinet, covering subsidised compute, startup financing and homegrown foundation models. More than 38,000 GPUs (Graphics Processing Units) have been onboarded through the AI compute portal, MeitY said. The government has also backed domestic developers including Sarvam AI and the BharatGen consortium.
The framework, though, has not caught up. Existing rules on data localisation, cloud infrastructure and government data predate frontier AI. That leaves open questions about where data gets processed, what providers retain and where the models are hosted.
What’s Next
Watch MeitY for a formal evaluation framework covering frontier AI in government use, which would give ministries a clear path to approval instead of a case-by-case block. StartupFeed expects a consultation paper or deployment guideline to surface before December 31, 2026. For Indian security startups, sovereign hosting just became a selling point rather than a compliance footnote. Which will move first in India, the AI law or the procurement rulebook?
Frequently Asked Questions
Have a tip? Write to us at editorial@startupfeed.in.
