Detailed Analysis
Anthropic's anticipated release of Claude Mythos — described internally as "substantially beyond" any prior model in the company's lineup — has triggered an urgent policy debate in India about national preparedness for a qualitatively new class of AI-enabled cyber risk. Unlike previous frontier models, Mythos has been demonstrated to autonomously identify system vulnerabilities, scan networks, and generate functional cyberattacks, including executing a verified 32-step cyber intrusion simulation confirmed by UK evaluators who hold exclusive non-US access to the model. Anthropic, now valued at approximately $800 billion, has withheld public release specifically because of these risks, a decision that has nonetheless accelerated global concern about the window between a model's existence and its controlled deployment. India finds itself in a structurally exposed position: no Indian firms are currently included in Anthropic's early access program, Project Glasswing, despite Indian IT companies' code forming the backbone of critical global systems.
The institutional response taking shape in India operates across several simultaneous tracks. Nasscom has formally petitioned Anthropic to include Indian IT firms in pre-release testing, while the Ministry of Electronics and Information Technology is actively negotiating access with Anthropic executives. Finance Minister Nirmala Sitharaman has separately convened bank leadership and the Reserve Bank of India to assess sectoral exposure, a particularly acute concern given that Indian banks collectively process over 18 billion digital transactions monthly. The IT Minister has also initiated the AI Governance and Economic Group as a policy coordination mechanism. Analysts and commentators are recommending that India go further by amending the IT Act to mandate that frontier-model developers provide models for national evaluation prior to licensing — mirroring the statutory model employed by the UK's AI Safety Institute — and by establishing a dedicated Indian AI Safety Institute with binding rather than advisory powers to independently test model capabilities, jailbreak vulnerabilities, and agentic behaviors.
The broader strategic context situates India's response within its geopolitical relationships as much as its domestic institutions. Recommendations from policy analysts include integrating frontier-model safety access into the India-US iCET (Initiative on Critical and Emerging Technology) framework and pursuing bilateral arrangements with the United Kingdom, which currently holds the only confirmed non-US government access to Mythos. These diplomatic channels reflect a recognition that technical resilience alone is insufficient — access to the model itself, for evaluation and red-teaming, is a prerequisite for building meaningful defenses against it. The cascading, cross-border nature of Mythos-class threats means that vulnerabilities in Indian-coded systems could propagate through global infrastructure in ways that outpace conventional incident response protocols.
What India's Mythos debate ultimately crystallizes is a tension running through global AI governance: the gap between the pace of frontier model development and the institutional capacity of states to evaluate, regulate, and defend against those models before public release. India's high degree of digitization — often cited as an economic strength — simultaneously constitutes a broad attack surface in a Mythos-enabled threat environment. Officials and industry groups are acknowledging, with unusual candor, that existing safeguards and firewalls are likely inadequate against AI-generated attacks and that AI countermeasures may themselves be necessary. Whether India can close that institutional gap — securing access, building evaluative infrastructure, and coordinating across ministries and the private sector — before Mythos reaches broader availability will serve as a significant test case for how mid-tier technological powers navigate the governance challenges posed by capability jumps at the AI frontier.
Read original article →