India's Finance Minister Nirmala Sitharaman convened a high-level emergency meeting on April 23, 2026, bringing together the heads of scheduled commercial banks, IT Minister Ashwini Vaishnaw, the Reserve Bank of India, the National Payments Corporation of India, and CERT-In to assess the cybersecurity risks posed by Anthropic's advanced AI model Claude Mythos. The Ministry of Finance described the threat as unprecedented, posting on X that it requires a very high degree of vigilance, preparedness, and better coordination across financial institutions and banks. The meeting marks one of the first instances of a national government convening its entire financial regulatory apparatus in direct response to the capabilities of a single AI model.
Claude Mythos is a restricted preview model developed by Anthropic as part of Project Glasswing. Anthropic has significantly limited access to the model — granting it to approximately 40 partner firms globally — citing what the company itself has described as unprecedented cybersecurity risks associated with its capabilities. The model has been described by Anthropic as unusually capable at autonomously finding software vulnerabilities, and independent testing by the UK AI Security Institute placed Mythos at 73% on expert-level hacking tasks — a benchmark that has alarmed security researchers and government officials alike.
India's government briefing also raised concerns that Mythos may have been accessed by unauthorized individuals, prompting the government to open direct conversations with Anthropic about access controls and oversight.
The meeting produced a series of concrete directives aimed at strengthening India's financial sector defences against AI-accelerated threats. Banks have been instructed to take all necessary pre-emptive measures to secure their IT systems, safeguard customer data, and protect monetary resources. A robust mechanism for real-time threat intelligence sharing between banks, CERT-In, and relevant agencies has been mandated. The Indian Banks' Association has been tasked with developing a coordinated institutional response, with the SBI chairman set to lead efforts. Banks have additionally been directed to immediately report any suspicious activity or cyber incident to the relevant authorities and to onboard top cybersecurity professionals and specialised agencies to strengthen monitoring and defensive capabilities.
While the financial sector dominated the headlines, security experts warn that the real exposure from AI models like Mythos extends far beyond banking. Four sectors have been identified as falling within the primary blast radius of AI-enabled attacks using Mythos — Banking, Financial Services and Insurance, Power and Energy, Telecom, and Government and Defence. India's power grids, oil pipelines, telecom networks, and factory floors — many of which depend on decades-old operational technology systems designed for reliability rather than cybersecurity — face acute risk from AI tools capable of scanning vast codebases and mapping network vulnerabilities at machine speed.
Security experts have framed the core danger not as the creation of new vulnerabilities but as the dramatic compression of the timeline between vulnerability discovery and exploitation. As one security professional summarised: Mythos did not create vulnerabilities — they were always there. What it did was industrialise their discovery. Consulting firm Bain warned in a recent report that many organisations have chronically underinvested in cybersecurity and that planned annual increases of around 10% fall far short of what the current threat environment demands, suggesting organisations may need to double their current cybersecurity spending levels or more.
Security experts and the Bain report are aligned on immediate priorities — not exotic new tools, but stronger execution of security fundamentals. This includes accelerated patching of legacy systems, implementation of zero-trust access controls, enhanced anomaly detection, rigorous network segmentation, and formalised cross-institution intelligence-sharing channels. FM Sitharaman's own framing of the challenge — we cannot fight 2026 threats with 2019 playbooks — captures the urgency precisely. For India's enterprises across every critical sector, the arrival of AI-powered vulnerability discovery at scale is not a future risk to plan for. It is a present reality to respond to now.