1 day ago
1
When it comes to Artificial Intelligence (AI), the United States is astir six months up of the remainder of the world. Within the U.S., Silicon Valley is six months up of New York, and wrong Silicon Valley, frontier AI companies are six months up of everyone else. Simple maths reveals wherever India stands vis-à-vis the AI frontier. The question that should support america awake astatine nighttime is this: What astir the inevitable proliferation of Mythos-class capabilities, including from labs that bash not stock Anthropic’s restraint and from open-weight exemplary releases implicit which nary 1 has control? Anthropic says its caller model, Claude Mythos, tin outperform quality experts astatine definite cybersecurity tasks.
Mythos entree has expanded to much countries including India and organisations, but with the U.S. government’s anterior scrutiny. What happens if immoderate non-state atrocious histrion takes power of India’s fiscal systems oregon introspection systems oregon powerfulness plants? What tin Anthropic adjacent do?
At a minimum, India should prosecute a antiaircraft AI concern similar an AUKUS Pillar 2 — possibly a “Defensive AI Quad” with the U.S., the United Kingdom, and Japan — to unafraid structured entree to Mythos-class capabilities for investigating and protecting captious infrastructure. In return, India could lend its threat-modelling expertise and the uniquely varied onslaught surfaces of the broader integer nationalist infrastructure stack.
Why Mythos matters
Why is this clip antithetic — and perchance acold much dangerous? First, astir existent AI models place vulnerabilities that tin beryllium explained to and understood by humans, enabling experts to diagnose and hole them. Mythos, however, is discovering vulnerabilities successful systems that cannot ever beryllium explained, understood, oregon adjacent known to beryllium by quality operators.
Second, Mythos is fundamentally antithetic from a modular Large Language Model (LLM) due to the fact that it is “zero day” astatine scale. A zero time is fundamentally an undiscovered bug oregon a flaw successful codification that nary 1 knows exists, but erstwhile recovered tin beryllium exploited to devastating consequences. With it travel superior moral-hazard and nationalist information concerns, particularly erstwhile determination is the imaginable of selling specified capabilities to the highest bidder.
Now, what is adjacent much astonishing is that Mythos’ violative capabilities were not deliberately engineered; they emerged arsenic a byproduct of precocious reasoning, long-horizon planning, and autonomous execution. Mythos discovered long-standing bugs that had eluded quality experts and automated “fuzzing” tools for decades. For example, it discovered a 16-year-old flaw that had survived 5 cardinal automated tests, arsenic besides successful the Linux kernel which is the backbone of each Android instrumentality successful the world.
The latest update connected Mythos, released connected May 22, 2026, reported that it had scanned 1,000 open-source projects and flagged 23,019 vulnerabilities. Of these, 6,202 were assessed arsenic of high- oregon critical-severity. One vulnerability successful wolfSSL — CVE-2026-5194 — could person allowed attackers to forge TLS certificates crossed billions of IoT and concern devices. But the statistic that should interest policymakers astir is this: hardly 1% of the vulnerabilities identified by Mythos person been patched.
Third, what makes Mythos much dangerous, is that dissimilar older models that simply emblem suspicious code, Mythos tin autonomously concatenation aggregate low-severity vulnerabilities — issues that mightiness different beryllium ignored — into a single, highly destructive attack. Finding a vulnerability is 1 happening but chaining a clump of vulnerabilities unneurotic and exploiting them autonomously is thing wholly antithetic and daunting.
Fourth, the barriers to introduction are precise low. The U.K.’s The AI Security Institute (AISI) recovered that adjacent engineers without ceremonial information grooming could usage Mythos to nutrient functional exploits overnight. In effect, it puts cyber capabilities erstwhile associated with nation-states wrong scope of publication kiddies and ransomware groups.
Finally, Mythos whitethorn beryllium showing signs of situational awareness. In sandboxed tests, the exemplary utilized prohibited methods to lick a problem, appeared to recognise that those actions would beryllium detected, and past changed its attack to fell however it had achieved the exploit.
India’s preparedness gap
India has built a distinctive world-class integer beforehand extremity done the India Stack, including UPI, Aadhaar, and the Account Aggregator framework. But overmuch of it inactive runs connected fragmented bequest back-end systems, particularly successful nationalist assemblage units, State departments, and older nationalist assemblage banks. Critical systems crossed concern and authorities inactive trust connected outdated technology. Indian nationalist assemblage banks proceed to tally important COBOL and Windows Server 2008/2012 workloads.
India has moved rapidly successful its response, but important gaps remain. It lacks an AI Safety Institute. While the U.K. and the U.S. person established world-class institutions to measure frontier AI systems, India has nary dedicated assemblage to trial specified models against Indian menace scenarios. The IndiaAI Mission is focused chiefly connected improvement alternatively than information evaluation. India truthful needs a dedicated India AI Safety Institute (IAISI), supported by data-sharing arrangements with the AISI and the U.S. Center for AI Standards and Innovation (CAISI). Without specified a mechanism, India volition stay babelike connected overseas assessments of models that person ne'er been tested against Indian systems and vulnerabilities.
At the aforesaid time, the cybersecurity workforce spread is estimated astatine much than 6,00,000 professionals. Patch cycles for nationalist assemblage banks are measured successful months, not hours. That is simply a unsafe mismatch successful the Mythos era, wherever attackers tin determination astatine instrumentality velocity and exploit vulnerabilities wrong hours. India needs a frontier AI accountability framework, modelled connected California’s SB 53 and the EU AI Act but tailored to Indian conditions. Any AI institution operating successful India whose exemplary exceeds defined thresholds — specified arsenic compute, autonomy, oregon cyber capableness — should disclose capableness evaluations and known harms to the projected IAISI. This could beryllium built into the Digital Personal Data Protection Act, since informed consent requires meaningful disclosure of AI risks and capabilities.
The Centre should make a ₹15,000 crore-20,000 crore captious assemblage cybersecurity upgradation fund, including enactment for bequest modernisation successful nationalist assemblage banks. It should besides money and co-develop sovereign antiaircraft AI models with home deep-tech firms to show telemetry, observe anomalies, and isolate compromised web segments successful existent time.
If a Mythos-class exemplary becomes openly downloadable from a non-restraint-adhering laboratory (Meta has historically published unfastened weights for its frontier models; Chinese labs progressively do), past nary antiaircraft measurement abbreviated of pre-emptive patching helps. India should pb the diplomatic effort astatine the G-20 to found that the merchandise of open-weight models supra defined capableness thresholds — specifically autonomous violative cyber capableness — should beryllium taxable to planetary notification and reappraisal requirements.
India has unsocial lasting for this leadership: it is simply a large AI consumer, a credible neutral dependable betwixt U.S. and Chinese AI argumentation positions, and the relation of the largest integer nationalist infrastructure stack successful the world. Mythos proves that cyber-defence is nary longer a human-versus-human chess match. It is present an algorithmic arms race. For India, securing the integer system requires matching the velocity of the attacker — which means deploying antiaircraft AI that tin reason, patch, and support astatine the nonstop aforesaid velocity.
The model is closing
In sum, this is not astir Mythos versus India, but India’s structural disadvantage successful a satellite wherever the outgo of uncovering zero-days is collapsing portion the outgo of patching is not. The extremity is to forestall a breach astatine the weakest constituent from cascading into systemic failure. None of this is conceptually complex, but it demands accelerated spending, regulatory coordination, and candour astir India’s preparedness. That coordination should beryllium driven by the Prime Minister’s Office and not immoderate azygous Ministry. The Mythos epoch — erstwhile capabilities of this people go routine, including successful unrestrained hands — has already begun. India has 12 to 24 months to physique the architecture needed to enactment up of the menace alternatively than pursuit it. And who knows what Mythos 2.0 volition be?
Srivatsa Krishna is an IAS officer. The views expressed are personal
