The Mythos Stress Test: Can Indian Fintechs, Banks Fend Off AI-Native Cyber Threats?

by · Inc42

SUMMARY

  • Frontier AI systems such as Anthropic’s Mythos are redefining cybersecurity by enabling machine-speed discovery and exploitation of software vulnerabilities, raising fresh concerns for India’s highly interconnected digital financial infrastructure
  • Indian regulators and banks are ramping up their response through high-level security reviews, threat-intelligence coordination, and stronger cyber defence mechanisms, as traditional human-paced security systems may no longer be sufficient in the AI era
  • Fintech startups are the most vulnerable due to limited cybersecurity resources and deep integration with the banking ecosystem, prompting players like Paytm, Razorpay, and Pine Labs to explore AI-driven vulnerability testing tools to strengthen resilience
  • Added to Saved Stories in Login

Just as the global security community grapples with shockwaves from Anthropic’s Mythos that can autonomously exploit software vulnerabilities, Google recently confirmed the first case of cyberattackers using AI to build a zero-day exploit.

OpenAI, Google’s arch-nemesis, has also announced Daybreak, an initiative focused on strengthening defensive AI infrastructure and improving coordinated cyber resilience.

Together, these developments are marking a turning point in how AI is reshaping cybersecurity. Frontier AI is no longer just helping humans write code or answer questions. It is increasingly being used to spot weaknesses and scan codebases that once took human researchers months or years to uncover.

This shift is already forcing governments and financial institutions to rethink cybersecurity systems. In India, the concern is especially acute because the country’s financial system now sits on top of one of the world’s most expansive digital public infrastructure stacks. 

To safeguard financial systems, regulators have been forming task forces to assess risks and recommend mitigation measures, while the Union government has been holding parlays to figure out the next course of action. 

Banks, meanwhile, are beginning to recalibrate their own defences. They are ramping up their tech stacks and no longer treating cybersecurity as a periodic compliance exercise. Amid this, how are India’s regulators and financial institutions readying themselves for cybersecurity in the AI age? 

Govt Deliberates Risks

The controlled release of Anthropic’s Mythos last month began ringing alarm bells in the corridors of power — and for good reason. Mythos is capable of identifying previously unknown software vulnerabilities that may have gone undetected for years. 

One of the examples was when the AI model reportedly found vulnerabilities inside the operating system OpenBSD, which human researchers had missed for close to three decades. This also became a major talking point because OpenBSD is considered one of the world’s most secure operating systems.

For India’s banking sector, one of the most critical infrastructures powering the world’s fourth-largest economy, the cybersecurity challenge in the backdrop of AI is especially significant. Many fear that if Mythos falls into the wrong hands, it will make finding and exploiting software vulnerabilities far easier. 

Over the past decade, the country has aggressively digitised financial services through real-time payments infrastructure, Aadhaar-linked verification systems, API-driven banking integrations and cloud-native financial platforms. The result is an ecosystem that operates at enormous scale and speed, but one that is also deeply interconnected. 

A tool like Mythos puts this entire interconnected ecosystem at the mercy of hackers. This also explains why finance minister Sitharaman called top banks for a high-level security meeting last month, following Mythos’ release. 

RECOMMENDED FOR yOU