Monjita Sarkar 
Amid global concerns over the restricted rollout of Claude Mythos, Union Finance Minister, Nirmala Sitharaman warned all entities in the finance and banking sector to be vigilant about cybersecurity issues. Recently, she met heads of banks to discuss the various risks AI posed to the financial sector. The meeting was also attended by officials from the Reserve Bank of India, Ministry of Electronics and Information Technology. Banks were cautioned to develop adequate preventive mechanisms to protect their systems, digital infrastructure, and safeguard customers’ money and data.
What is Mythos AI? What can it do?
Anthropic, the parent company of Mythos, calls it an AI model that surpasses humans in detecting and exploiting software vulnerabilities. According to Anthropic’s official statement:
Mythos Preview has already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser.
Anthropic launched Project Glasswing; an initiative to deploy Mythos Preview through partners like Amazon Web Services, Apple, Google, Microsoft, NVIDIA etc. to check its capabilities for defensive purposes.
What is the risk factor associated with Mythos AI?
The immediate risk factor associated with Mythos AI is its autonomous coding capability, which in the wrong hands could be weaponized with disastrous implications on public safety, national security, and economies. The problem it seeks to solve is noble. Digital infrastructure like banking systems, medical records, logistics networks, power grids etc contain bugs and vulnerabilities. While many are minor, some are security flaws which, if discovered, can be exploited by malicious actors and cyber attackers to hijack entire systems and steal sensitive data. Many such flaws go unnoticed for years because finding and exploiting them has required expertise held by only a few skilled experts. Frontier AI models have caused a fundamental change in the money, efforts and human capital required in finding such vulnerabilities and patching them. A number of organizations that power some of the world’s most critical code will deploy Mythos Preview to test neutralizing risks and vulnerabilities in their systems. Even with the strong emphasis on cybersecurity issues, its deployment is risk-severe because of the lack of safeguards that detect and block its dangerous outputs.
How can it affect the Indian banking sector?
Mythos has been extensively discussed at the International Monetary Fund (IMF) because of the potential risk it poses to critical infrastructure of the finance sector. After the meeting chaired by Sitharaman, the Finance Ministry of India presented that “a very high degree of vigilance, preparedness and better coordination across financial institutions” was required. In India, interconnected systems like UPI process 645 million transactions daily on an average. With the digitization and interconnection of Aadhaar and DigiLocker, if such an AI model falls in the hands of malicious actors the entire digital ecosystem of India’s banking system gets compromised.
What preventive measures are being taken?
A robust, real-time intelligence sharing mechanism will be established among banks, the Indian Computer Emergency Response Team (CERT-In), and other relevant agencies. It will be used to instantly identify and distribute information on emerging threats across the ecosystem. Banks were advised to immediately report any suspicious activities or cyber incidents to CERT-In.
The Indian Banks’ Association (IBA) with leadership from the State Bank of India (SBI) Chairman, C.S. Setty will be developing a coordinated mechanism for responding to AI-driven threats. Banks were directed to strengthen their cyber systems, conduct security audits and use AI to counter AI-driven threats. This includes onboarding specialized cybersecurity agencies to monitor and enhance defense mechanisms. Lastly, the government and the Reserve Bank of India (RBI) are closely studying potential risks.
