India's Finance Ministry Convenes Banks Over Mythos AI Threat
Union Finance Minister Nirmala Sitharaman called a high-level security meeting with top bankers last month to address a single threat: an AI model that can find software vulnerabilities faster than human hackers ever could.
The model, called Mythos, was developed by Anthropic. It doesn't attack systems directly. Instead, it identifies unknown software flaws-so-called "zero-day" vulnerabilities-and suggests ways to exploit them. The finance ministry described the risk as "unprecedented."
Mythos can compress weeks of hacking effort into hours. Anthropic has not released it publicly, but provided controlled access to select companies including Apple and Goldman Sachs. Reports of unauthorized access to the model have escalated concern further.
What Makes Mythos Different
Conventional cybersecurity tools detect known threats. Mythos works differently. It scans systems to identify hidden weaknesses that no one knew existed. Once found, it can suggest exploitation methods.
This creates a speed problem for banks. What once took weeks to discover and exploit a flaw could now happen in a day. The traditional cycle of detect-patch-recover becomes obsolete when attackers operate at machine speed.
India's Coordinated Response
Rather than wait for an attack, India is building a framework for real-time threat sharing across banks. The Reserve Bank of India is consulting on the issue. The Indian Banks' Association is creating a unified mechanism so no single bank fights an attack alone.
The approach includes coordination with Indian CERT and faster incident response protocols across the financial system. The U.S. government has engaged Wall Street banks on similar risks.
The Scale of Risk
The threat extends beyond typical cyberattacks. In extreme scenarios, vulnerabilities exposed by AI could disrupt payments, freeze ATMs, or trigger liquidity stress and public panic. The risk cuts across the entire financial system, which is why government language has shifted to "unprecedented."
Attack timelines shrinking fundamentally changes how banks approach cyber defense. Prevention alone will not work anymore.
From Prevention to Resilience
Banks are moving away from perimeter defense toward systems designed with security built in. This means continuous monitoring, strong access controls, network segmentation, and human oversight in decision-making.
Cybersecurity is no longer purely a technology problem. It is a systems design and governance challenge. Banks need architecture that remains auditable and understandable, especially when AI systems make critical decisions.
Over-reliance on opaque AI creates accountability gaps that are difficult to fix after an incident occurs. In banking, that risk is unacceptable.
AI as Both Threat and Defense
The same capabilities that make Mythos dangerous can strengthen financial systems. AI is already reshaping how institutions think about risk-moving from static rule-based systems to real-time, behavior-driven detection. This applies to fraud detection and credit decisions as well as cybersecurity.
The differentiator will be how responsibly institutions deploy these systems. Banks that build with resilience, trust, and accountability will perform better than those that don't.
For finance professionals, the message is direct: cybersecurity is no longer about defending perimeters. It is about keeping pace with machines that outrun human response cycles. The question is not whether AI can break systems. It is whether institutions can evolve fast enough to stay ahead.
Learn more about AI for Finance and AI Learning Paths for Cybersecurity Analysts to understand how these threats are being addressed.
Your membership also unlocks:
