Quick Take
- Anthropic’s Mythos AI found thousands of zero-day bugs across every major OS and browser.
- Finance Minister Sitharaman called top bank chiefs for an emergency cybersecurity meeting in April 2026.
- Paytm, Razorpay, and Pine Labs have asked Anthropic for early access to test their own defences.
Anthropic Mythos, a frontier AI model that autonomously finds and exploits software vulnerabilities, has put India’s banking and fintech sector on high alert as of May 2026. Finance Minister Nirmala Sitharaman called an emergency security meeting with top bank chiefs after Mythos was released in April 2026.
The government pushed for faster threat-intelligence sharing between banks, CERT-In (the Computer Emergency Response Team of India), and other agencies. Fintech players including Paytm, Razorpay, and Pine Labs reached out to Anthropic seeking early defensive access to the model. The question now is whether India’s financial institutions can keep pace with a threat that moves at machine speed.
StartupFeed Insight
The Mythos stress test has surfaced something uncomfortable for India’s fintech sector: cybersecurity spending has been treated as a cost, not a capability. AI-enabled attacks rose +89% year-on-year in 2025, according to CrowdStrike, and that figure predates Mythos. A single exploited weakness in a connected fintech could cascade across India’s entire digital financial network. Large banks have dedicated CISOs and board-level oversight. Most fintech startups do not even have a full-time security lead. RBI (Reserve Bank of India) is likely to issue binding cybersecurity norms for regulated fintechs by Q1 FY27, requiring AI-assisted vulnerability testing as part of annual compliance audits, StartupFeed Desk.
What Is Anthropic Mythos and Why Does India Need to Watch It?
| Metric | Detail | Notes |
|---|---|---|
| Model Name | Claude Mythos Preview | Anthropic’s most capable model to date |
| Release Status | Gated preview only (April 2026) | Not publicly available |
| Vulnerabilities Found | Thousands of zero-day flaws | In every major OS and web browser |
| India’s Government Response | Emergency meeting called by FM Sitharaman | Panel headed by SBI Chairman CS Shetty |
| Defensive Programme | Project Glasswing (12 launch partners) | AWS, Apple, Google, Microsoft, Cisco, and others |
| Anthropic’s Commitment | Up to $100 Mn in usage credits | Plus $4 Mn in open-source security donations |
| AI-Enabled Attack Growth | +89% year-on-year in 2025 | Source: CrowdStrike |
India’s government formed a risk-assessment panel under SBI Chairman CS Shetty, who also leads the Indian Banks’ Association (IBA). The panel is tasked with assessing threats and recommending mitigation steps.
About Anthropic and Claude Mythos
Anthropic is a US-based AI safety company founded in 2021 by Dario Amodei and Daniela Amodei, along with other former OpenAI researchers. Its newest model, Claude Mythos Preview, launched in April 2026 as a gated research preview. The model was not specifically trained for cybersecurity. Its ability to find software flaws is an emergent result of its strong coding and reasoning skills. Project Glasswing, launched alongside Mythos, includes 12 major tech companies such as AWS, Apple, Google, and Microsoft, plus over 40 additional organisations using the model for defensive security work.
Why Is Anthropic Mythos a Threat to India’s Financial System?
India’s financial system runs on one of the world’s largest digital public infrastructure stacks. UPI (Unified Payments Interface), Aadhaar-linked identity verification, API-driven (Application Programming Interface) banking integrations, and cloud-native lending platforms all work in close connection. That interconnection is also a vulnerability.
A tool that scans codebases at machine speed can find weaknesses that human researchers missed for decades. Anthropic confirmed that Mythos Preview found a 27-year-old bug inside OpenBSD, an operating system widely considered one of the most secure in the world. The bug had survived millions of automated security tests.
Jaishiv Prakash, Director Analyst at Gartner, put the risk in plain terms.
“Indian banks already view cybersecurity as a board-level issue, but AI systems such as Mythos could compress the time between vulnerability discovery and exploitation so dramatically that conventional testing and patch-management approaches may no longer be sufficient. Many banks have mature cyber governance, but they still depend on manual triage, fragmented asset visibility, slow vendor coordination, and legacy technology estates. Mythos-class systems will punish those weaknesses.”
Jaishiv Prakash, Director Analyst, Gartner.
Ashok Vaswani, MD and CEO of Kotak Mahindra Bank, acknowledged the threat during the bank’s Q4 FY26 results announcement. He said the nature of attacks was shifting from human-speed to machine-speed. “We will step up efforts to identify any kind of vulnerabilities that we have and fix those vulnerabilities as quickly as possible,” Vaswani said.
AI-enabled cyberattacks rose +89% year-on-year in 2025, according to CrowdStrike. That figure was recorded before Mythos existed. The pressure on India’s financial system will only increase in the months ahead.
How Ready Are Indian Fintechs for AI-Powered Cyberattacks?
Banks have dedicated cybersecurity budgets and mandatory oversight from the RBI. Most fintech startups do not have the same resources. The fintech layer in India connects to the broader banking system through PGs (payment gateways), lending APIs, account aggregators, and embedded finance tools. A breach at a small fintech can create a pathway into a far larger financial network.
| Institution Type | Dedicated CISO | Regulatory Oversight | Vulnerability Testing Cadence |
|---|---|---|---|
| Large Banks (SBI, HDFC, Kotak) | Yes, full-time | RBI mandated | Board-level, continuous |
| Mid-size Banks (Axis, IndusInd) | Yes, full-time | RBI mandated | Quarterly, under review |
| Fintech Startups (Paytm, Razorpay, Pine Labs) | Often absent or part-time | FACE SRO guidelines | Periodic, often outsourced |
FACE (the fintech SRO, or Self-Regulatory Organisation) urged member companies to reinforce cyber defences after Mythos launched. Such advisory notices from SROs are rare. This one came fast.
Vinay Tiwari, CISO (Chief Information Security Officer) at Axis Bank, offered a measured view.
“Evolving risks may surface vulnerabilities in highly interconnected environments, particularly where there is significant reliance on shared software platforms, third-party providers, or open-source components without adequate oversight. Over time, the gap may widen between organisations that treat resilience as an ongoing capability and those that rely primarily on periodic checks.”
Vinay Tiwari, CISO, Axis Bank.
Paytm CEO Vijay Shekhar Sharma confirmed the outreach to Anthropic. “We had an urgent call with Anthropic to check when they’re creating a second list of companies that will get access to Mythos,” Sharma told a publication. Punjab and Sind Bank MD and CEO Swarup Kumar Saha told PTI that banks “have to definitely increase their investments in IT to make their system more robust.”
The current Project Glasswing list has 12 named launch partners, all of them global technology and infrastructure companies. No Indian institution is on the first list.
What’s Next
India’s government-appointed panel, headed by SBI Chairman CS Shetty, will present its risk findings to regulators in the coming weeks. Anthropic has committed to releasing a Project Glasswing progress report by early July 2026, covering what has been fixed and what the industry has learned. A second wave of Mythos access is expected. The key question: will any Indian bank or fintech make that list? Follow this story closely. India’s position in the next round of Glasswing access will tell you everything about where its financial cybersecurity infrastructure actually stands.
Frequently Asked Questions
What is Anthropic Mythos and why is it concerning?
Anthropic Mythos (formally Claude Mythos Preview) is an AI model released in April 2026 that autonomously finds and exploits software vulnerabilities at machine speed. It found thousands of zero-day flaws in every major operating system and browser, including a 27-year-old bug in OpenBSD. Its potential misuse by attackers is the central concern for global cybersecurity experts and regulators.
How did the Indian government respond to Anthropic Mythos?
Finance Minister Nirmala Sitharaman called an emergency meeting with India’s top bank chiefs after Mythos was released. A risk-assessment panel was formed under SBI Chairman CS Shetty, who also leads the Indian Banks’ Association. The government is now pushing for real-time threat-intelligence sharing between banks, CERT-In, and cybersecurity agencies.
What are Paytm, Razorpay, and Pine Labs doing about Anthropic Mythos?
Paytm, Razorpay, and Pine Labs reached out to Anthropic for early defensive access to scan their own systems for vulnerabilities. Paytm CEO Vijay Shekhar Sharma confirmed holding an urgent call with Anthropic. FACE, India’s fintech self-regulatory body, also issued a rare advisory urging all member companies to strengthen their cyber defences immediately.
