Detailed Analysis
Anthropic's unreleased Claude Mythos model has triggered a significant diplomatic and regulatory response in India, with government bodies, financial institutions, and the technology industry collectively pressing for early access to the system through Project Glasswing, Anthropic's restricted partner program. Finance Minister Nirmala Sitharaman convened a high-level meeting with bank heads, the Reserve Bank of India, and the Ministry of Electronics and Information Technology (MeitY) to assess the threat landscape posed by Mythos, directing financial institutions to strengthen IT defenses, safeguard customer data, and escalate reporting of suspicious activity. Separately, MeitY has established a new AI Governance and Economic Group to coordinate policy responses, while a risk-assessment panel chaired by SBI Chairman C.S. Setty has been tasked with evaluating Mythos-specific vulnerabilities and mitigation strategies. The breadth of institutional mobilization reflects a recognition that Claude Mythos represents a qualitatively different category of AI capability.
Claude Mythos, unveiled around April 7, 2025, is distinguished by its specialized proficiency in cybersecurity operations — identifying software bugs, analyzing complex systems, and generating functional exploits at a scale and speed that significantly outpaces human analysts, including the detection of decades-old vulnerabilities in major operating systems and browsers. Anthropic has declined to release the model publicly, citing national security risks stemming from its potential to automate sophisticated cyberattacks at scale. The concern was amplified by an unauthorized breach during the model's controlled testing phase. Project Glasswing, the program through which roughly 40 vetted partners — including Microsoft, Apple, Google, and the Linux Foundation — receive restricted access, is structured exclusively around defensive use cases such as proactive vulnerability patching before public exposure. Critically, no sovereign governments currently hold membership in the program, making India's formal request both unprecedented in scope and structurally complex for Anthropic to accommodate.
India's motivation is rooted in concrete infrastructure risk. The country's digital financial ecosystem — encompassing the Unified Payments Interface (UPI), the Aadhaar biometric identity system, and the National Payments Corporation of India (NPCI) — constitutes critical national infrastructure that processes hundreds of millions of transactions daily. The prospect of a model like Mythos being acquired or reverse-engineered by hostile actors and deployed against these systems presents an asymmetric threat that Indian policymakers are treating with urgency. Nasscom, the nation's primary IT industry body, has reinforced this argument by emphasizing that Indian software engineers manage significant portions of the global critical infrastructure that Mythos-capable adversaries could target, framing India's inclusion in Project Glasswing not merely as a national security matter but as a contribution to global cybersecurity resilience.
The episode illuminates a broader structural tension in the governance of dual-use AI systems. Anthropic finds itself navigating competing pressures: the defensive imperative to share Mythos capabilities with institutions that can use them to harden infrastructure, and the proliferation risk of expanding access to a model that could be weaponized if controls fail. Regulators in the United States and United Kingdom have voiced similar alarms, with central banks in multiple jurisdictions now actively monitoring Mythos-related developments. Anthropic is reported to be in active discussions with U.S. authorities and allied governments, including India, regarding the timing, scope, and structural safeguards that would govern any expanded access — signaling that the company is treating sovereign access requests as a foreign policy and arms-control-adjacent problem rather than a purely commercial one.
This situation represents an inflection point in how advanced AI capabilities intersect with geopolitics and critical infrastructure security. The precedent set by Project Glasswing — controlled, purpose-limited, partner-vetted access to a model deemed too dangerous for general release — is likely to become a template for future governance frameworks around AI systems with significant offensive potential. India's push to secure a position within that framework, despite the absence of any existing mechanism for sovereign membership, reflects a broader global competition among nation-states to ensure they are not left defensively exposed in an era when AI-enabled cyberattacks could be executed with unprecedented speed and precision. How Anthropic and the U.S. government resolve the question of sovereign access to Mythos will likely shape international norms around AI export controls and allied technology sharing for years to come.
Read original article →