The Mythos Stress Test: Can Indian Fintechs, Banks Fend Off AI-Native Cyber Threats?
Superadmin
Just as the global security community grapples with shockwaves from Anthropic’s Mythos that can autonomously exploit software vulnerabilities, Google recently confirmed the first case of cyberattackers using AI to build a zero-day exploit.
OpenAI, Google’s arch-nemesis, has also announced Daybreak, an initiative focused on strengthening defensive AI infrastructure and improving coordinated cyber resilience.
Together, these developments are marking a turning point in how AI is reshaping cybersecurity. Frontier AI is no longer just helping humans write code or answer questions. It is increasingly being used to spot weaknesses and scan codebases that once took human researchers months or years to uncover.
This shift is already forcing governments and financial institutions to rethink cybersecurity systems. In India, the concern is especially acute because the country’s financial system now sits on top of one of the world’s most expansive digital public infrastructure stacks.
To safeguard financial systems, regulators have been forming task forces to assess risks and recommend mitigation measures, while the Union government has been holding parlays to figure out the next course of action.
Banks, meanwhile, are beginning to recalibrate their own defences. They are ramping up their tech stacks and no longer treating cybersecurity as a periodic compliance exercise. Amid this, how are India’s regulators and financial institutions readying themselves for cybersecurity in the AI age?
Govt Deliberates Risks
The controlled release of Anthropic’s Mythos last month began ringing alarm bells in the corridors of power — and for good reason. Mythos is capable of identifying previously unknown software vulnerabilities that may have gone undetected for years.
One of the examples was when the AI model reportedly found vulnerabilities inside the operating system OpenBSD, which human researchers had missed for close to three decades. This also became a major talking point because OpenBSD is considered one of the world’s most secure operating systems.
For India’s banking sector, one of the most critical infrastructures powering the world’s fourth-largest economy, the cybersecurity challenge in the backdrop of AI is especially significant. Many fear that if Mythos falls into the wrong hands, it will make finding and exploiting software vulnerabilities far easier.
Over the past decade, the country has aggressively digitised financial services through real-time payments infrastructure, Aadhaar-linked verification systems, API-driven banking integrations and cloud-native financial platforms. The result is an ecosystem that operates at enormous scale and speed, but one that is also deeply interconnected.
A tool like Mythos puts this entire interconnected ecosystem at the mercy of hackers. This also explains why finance minister Sitharaman called top banks for a high-level security meeting last month, following Mythos’ release.
During the meeting, Sitharaman warned of the ‘unprecedented’ cybersecurity risks posed by the AI model and constituted a panel to assess allied risks. This panel is headed by SBI chairman CS Shetty, who also leads the industry body Indian Banks’ Association.
The government is now pushing for faster threat-intelligence sharing between banks, regulators and cybersecurity agencies like CERT-In.
Banks On Tenterhooks?
Besides regulators, banks have also begun to assess and remedy the situation. The larger concern is that AI-native cyber tools may expose operational weaknesses that traditional security frameworks were not designed for.
During the announcement of its Q4 FY26 financial results, Ashok Vaswani, the MD and CEO of Kotak Mahindra Bank, said the nature of cybersecurity threats was shifting from human-speed attacks to machine-speed attacks, requiring organisations to rapidly strengthen their detection and response capabilities.
“We will step up efforts to identify any kind of vulnerabilities that we have and fix those vulnerabilities as quickly as possible,” he added.
According to Jaishiv Prakash, director analyst at Gartner, “Indian banks already view cybersecurity as a board-level issue, but AI systems such as Mythos could compress the time between vulnerability discovery and exploitation so dramatically that conventional testing and patch-management approaches may no longer be sufficient.”
“Many banks have mature cyber governance, but they still depend on manual triage, fragmented asset visibility, slow vendor coordination, and legacy technology estates. Mythos-class systems will punish those weaknesses because they move the contest from human-paced security operations to machine-speed exposure discovery and exploitation,” he added.
Meanwhile, addig a slight nuance to the conversation around Mythos, chief information security officer (CISO) at Axis Bank, Vinay Tiwari, told Inc42 that the AI tool could also be described as a capability amplifier that can strengthen systems and improve resilience.
“Evolving risks may surface vulnerabilities in highly interconnected environments, particularly where there is significant reliance on shared software platforms, third‑party providers, or open‑source components without adequate oversight. Over time, the gap may widen between organisations that treat resilience as an ongoing capability and those that rely primarily on periodic checks,” Tiwari added.
Challenges Galore For Fintechs
Amid the Mythos onslaught, India’s fintech ecosystem faces an even sharper challenge from offensive AI systems. Unlike established banks with dedicated cybersecurity budgets and regulatory oversight, most fintech startups have lean engineering teams. As such, these new-age tech platforms may not have enough resources to protect themselves from AI attacks.
On top of this, India’s fintech layer is deeply integrated into the broader banking ecosystem through payment gateways, lending APIs, account aggregators and embedded finance systems. Malicious actors could exploit the interconnectedness and weaknesses in the infrastructure of smaller fintech platforms to potentially create pathways into larger financial networks.
For startups already navigating profitability pressure and rising compliance costs, cybersecurity spending may now become a far bigger operational priority.
Amid this backdrop, fintech players such as Paytm, Razorpay, and Pine Labs have reportedly reached out to Anthropic to let them test Mythos and detect vulnerabilities in their own systems.
“We had an urgent call with Anthropic to check when they’re creating a second list of companies that will get access to Mythos,” Paytm founder and CEO Vijay Shekhar Sharma told a publication last month.
For now, India is not alone. The global frontier AI race is increasingly becoming a battle to secure digital systems before those same systems learn how to break them. This begs the question – do Indian regulators and financial institutions have what it takes to stay one step ahead of this emerging threat?
The post The Mythos Stress Test: Can Indian Fintechs, Banks Fend Off AI-Native Cyber Threats? appeared first on Inc42 Media.
