India's government agencies and IT firms have launched vulnerability testing of financial and national identity systems in response to the Mythos AI model.
Infosys and Tata Consultancy Services (TCS) are carrying out tests of their software in secure environments, according to officials who requested anonymity. Infosys is specifically working to identify and patch vulnerabilities in its Finacle banking software, which is deployed across a large number of financial institutions. As neither company currently has access to Mythos directly, both are using Anthropic's Claude Opus 4.7 to conduct the assessments and develop remediation measures.
Separately, CERT-In, India's state-run cybersecurity agency, is testing key digital infrastructure, including the Aadhaar national identity programme and government authentication systems. Infosys, TCS, and India's Ministry of Electronics and Information Technology did not respond to requests for comment cited in the Bloomberg report.
Government response and access requests
According to Bloomberg, the disclosures follow a high-level review convened by India's Finance Minister and IT Minister, attended by banks, regulators, and cybersecurity agencies. The meeting centred on assessing the risks that advanced AI systems such as Mythos could pose to India's financial infrastructure. Officials raised concerns that such models could materially lower the technical barrier required to execute sophisticated cyberattacks. The Finance Minister described the threat as potentially as significant as warfare, and called for existing cybersecurity frameworks to become substantially more adaptable. The IT Minister emphasised the need for tighter coordination between government, regulators, and financial institutions, particularly around real-time information sharing and incident response protocols.
India is among several governments and institutions worldwide seeking early access to Mythos. The National Payments Corporation of India (NPCI) has reportedly sought access specifically to examine day-zero vulnerabilities in the Unified Payments Interface (UPI) system. The industry body Nasscom has also formally requested access to the model to strengthen cybersecurity resilience across the technology sector.
Anthropic has so far restricted access to Mythos to a limited number of organisations, including Apple and JPMorgan Chase, under an initiative called Project Glasswing. That programme allows selected participants to use the technology to probe their own cyber defences. Broader access has not yet been extended to governments or other firms petitioning through official channels.
The development reflects a growing tension in the deployment of highly capable AI systems: the same capabilities that enable automated vulnerability discovery also represent a potential attack vector if such models were to be accessed without adequate controls. For markets such as India, where digital payment infrastructure processes billions of transactions annually through platforms like UPI and Aadhaar-linked services, the stakes of delayed or inadequate assessment are substantial.
