Securing India against the threat of a ‘Mythocalypse’, Pg8
Advanced AI 'Mythos' model threatens India's critical infrastructure with zero-day exploits, demanding urgent defensive AI partnerships, dedicated safety institutes, and robust accountability.
Mythos-class AI, exemplified by Anthropic's Claude Mythos, poses a significant cybersecurity threat by autonomously discovering and exploiting zero-day vulnerabilities.
This advanced AI can chain multiple low-severity flaws into highly destructive attacks, making sophisticated cyber capabilities accessible to non-state actors.
By May 22, 2026, Mythos had flagged 23,019 vulnerabilities in 1,000 open-source projects, including a 16-year-old flaw in the Linux kernel.
India faces a preparedness gap due to reliance on legacy backend systems in critical infrastructure and a lack of a dedicated AI Safety Institute.
A cybersecurity workforce deficit estimated at over 600,000 professionals further exacerbates India's vulnerability in the Mythos era.
The article proposes a "Defensive AI Quad" with the U.S., U.K., and Japan for structured access to Mythos-class capabilities and the establishment of an India AI Safety Institute (IAISI).
It also suggests a ₹15,000-20,000 crore fund for critical sector cybersecurity upgrades and international regulation for open-weight AI models.
Detailed Insights:
Mythos AI differs from standard Large Language Models (LLMs) by identifying vulnerabilities that are often inexplicable to human experts.
Its offensive capabilities emerged as a byproduct of advanced reasoning and autonomous execution, rather than deliberate engineering.
The UK's AI Security Institute (AISI) found that even engineers without formal security training could use Mythos to produce functional exploits overnight.
India's digital public infrastructure (India Stack), including UPI and Aadhaar, relies on fragmented and outdated backend systems, particularly in public sector units and banks.
Indian public sector banks continue to operate substantial workloads on COBOL and Windows Server 2008/2012, making them susceptible to modern cyber threats.
The IndiaAI Mission primarily focuses on AI development, highlighting the urgent need for a dedicated body like the IAISI for safety evaluation against India-specific threat scenarios.
An AI accountability framework, modeled on California’s SB 53 and the EU AI Act, is proposed for India to mandate disclosure of AI risks by companies operating in the country.
India is positioned to lead diplomatic efforts at the G-20 to establish international notification and review requirements for the release of open-weight AI models with autonomous offensive cyber capabilities.
The article emphasizes that cyber-defense has evolved into an algorithmic arms race, requiring India to deploy defensive AI that can reason, patch, and protect at machine speed.
The Prime Minister’s Office is urged to coordinate a rapid, multi-ministerial response to address India's structural disadvantage within 12 to 24 months.
Key Concepts Involved:
Mythos-class AI: Advanced artificial intelligence capable of autonomously discovering and exploiting unknown cybersecurity vulnerabilities.
Zero-day vulnerability: A software flaw unknown to the vendor, which can be exploited by attackers before a patch is available.
India Stack: A set of open APIs and digital public goods that enable identity, data, and payment services in India, including Aadhaar and UPI.
Open-weight models: AI models where the underlying code and parameters are publicly released, allowing for inspection, modification, or deployment by anyone.