Mythos is Coming to India: Is India Inc. Ready?

Mythos is coming to India. Anthropic’s controversial cybersecurity-focused AI Model is being now rolled out to select organisations across 15 countries such as Canada, Australia, and South Korea.

This follows Anthropic’s promise to expand the access to the AI model which triggered widespread concerns around preparedness of enterprises. 

For the uninitiated, Anthropic’s Claude Mythos Preview is a general-purpose language model focused on cybersecurity tasks.

Anthropic researchers disclosed that Mythos Preview was capable of identifying and then exploiting zero-day vulnerabilities in every major operating system and major web browser if directed by a user to do so.

It is capable of identifying vulnerabilities that are typically difficult to detect. In one of the cases, Mythos discovered a now-patched 27-year-old bug in OpenBSD, an operating system known for security features. Essentially, it is also capable of finding vulnerabilities classified as ‘zero-day’—a security flaw that is unknown to the vendor or developers and requires immediate action to fix.

“Non-experts can also leverage Mythos Preview to find and exploit sophisticated vulnerabilities. Engineers at Anthropic with no formal security training have asked Mythos Preview to find remote code execution vulnerabilities overnight, and woken up the following morning to a complete, working exploit. In other cases, we’ve had researchers develop scaffolds that allow Mythos Preview to turn vulnerabilities into exploits without any human intervention,” researchers noted.

Back in India, Finance Minister Nirmala Sitharaman held meetings with several top bankers and financial sector executives to discuss the risks from AI models like Claude Mythos.

The conversation, according to reports, revolved around cybersecurity preparedness for banks and critical financial infrastructure against new-age threats. Reports add that the Reserve Bank of India and the Indian Computer Emergency Response Team (CERT-In) also participated in the meeting.

READ: Anthropic Claude Mythos: The Dawn of the Autonomous Cybersecurity Era & Risks To SMEs

As mentioned in our previous deep dive, there have been concerns around gatekeeping of the AI model. There are also demands for wider access. For instance, the EU is also looking to have access to AI as it is limited to select American companies. It, however, is relying on regulation for preparedness.

“Once the enforcement powers of the AI Office start in August 2026, we will ensure to receive, if needed, model access,” an EU spokesperson told Politico last month. 

The entry of Mythos to Indian shores has further intensified the conversation around gatekeeping. It’s pretty much evident that the model is capable of autonomously exploiting zero-day vulnerabilities, even some that may have gone unnoticed for decades. India’s digital footprint is massive, and is still expanding at a fast scale. Even as there are large enterprises with deep pockets, there’s also a large segment of smaller ones, making the challenge even more complex. 

Apart from gatekeeping, it’s important to understand what will be the price to access a model that could be intrusive for an organisation. 

“Enterprises should retain sensitive customer data in private environments and expose only the minimum context an LLM needs at inference. Retrieval policies, masking, tokenization, and encryption enable enterprise AI without transferring raw records to the model provider. In regulated industries, hosting open-weight models on-premises is also emerging as a deployment pattern to keep model execution and data under enterprise control,” Aaishiv Prakash, Director Analyst at Gartner, tells Entrepreneur India. 

That said, the price to access will extend basic subscription costs. Even as enterprises are leveraging tokens for AI consumption, they might need additional to handle something as sophisticated as Mythos. Moreover, they will need further resources on data-masking architectures to ensure the model is not prying way too much or could further risk things for India Inc. 

Moreover, in regulated and data-intensive sectors, a governed access layer will increasingly mediate AI access to sensitive data and function as part of a broader AI governance architecture covering identity, data classification, auditability, and runtime policy enforcement.

And eventually, companies may have to allocate additional resources to scrub and govern their data architecture before allowing such an AI infrastructure. 

“The cost varies widely based on the condition of the enterprise data estate. The largest cost drivers are typically data discovery, classification, cleansing, access control modernization, and governance design, which often require more effort than the AI integration itself,” Prakash further explained.

Developing… Stay tuned for more details

*ENDS*