A single AI tool has put India's entire banking system on high alert. Anthropic's Claude Mythos can find security gaps in major operating systems faster than any human team. Public sector banks are now being forced to rethink how much they spend on staying safe.

What Makes Claude Mythos a Real Threat to Banks?

Claude Mythos is not just another AI model. During testing, Anthropic found it was highly skilled at cybersecurity and hacking tasks, outperforming human experts. The company claimed Mythos had already found thousands of high-severity vulnerabilities across every major operating system and web browser.

Its pilot launch on April 7 triggered global concern. Anthropic gave 12 tech companies access via Project Glasswing, described as an effort to secure critical software. But the same capabilities that help defenders can also help attackers, and that is what worries regulators most.

Key insight: Mythos does not create a new category of risk. It collapses the timeline of every existing one, leaving banks far less time to respond than before.

How Indian Banks Are Responding

Banks Are Opening Their IT Wallets

Punjab and Sind Bank MD and CEO Swarup Kumar Saha told PTI that banks must increase IT investments to reduce vulnerabilities. His bank will raise IT spending this financial year specifically to address threats from new technology. UCO Bank MD and CEO Ashwani Kumar confirmed a similar move, with a major share of the increased budget going toward cybersecurity.

Government Steps In With a Dedicated Panel

Finance Minister Nirmala Sitharaman has urged banks to take pre-emptive measures to secure their IT systems. The government has formed a panel under SBI Chairman C S Setty to assess risks from Mythos and recommend mitigating steps. Sitharaman noted there will be significant interaction among banks over the coming weeks to identify where additional investments are needed.

The Real Problem: Old Defenses Against New Attacks

Srinivas L, Joint MD and Joint CEO of 63SATS Cybertech, put it plainly. The window between a vulnerability being disclosed and it being weaponised has shrunk from 19 days in 2023 to under 72 hours today. Banks are still running on patching and response cycles built for a 2019 threat environment, which means they are defending 2026 attacks with 2019 playbooks.

Financial institutions are especially exposed because of how deeply interconnected they are. One successful attack can cascade quickly across institutions and markets. Here are the key areas where banks remain most vulnerable:

  • Legacy IT infrastructure that is slow to update
  • Patching cycles that cannot keep up with fast-moving threats
  • High interconnectivity across payments, forex, and market systems
  • Real-time operations that leave limited room for downtime or upgrades

Key insight: One bank is linked to dozens of domestic and global institutions for payments, forex, money markets, stock exchanges, depositories, and payment gateways. A single breach does not stay contained for long.

IT spending for Indian banks is no longer just about keeping systems running. It is now about staying in business. As AI tools grow more capable, the cost of inaction will far exceed the cost of upgrading. Banks that move fast on cybersecurity today are building the only defense that will matter tomorrow.

FAQs

What is Claude Mythos and why are banks worried about it?
Claude Mythos is an advanced AI model made by Anthropic that can find security weaknesses in major operating systems and web browsers faster than human experts. Banks are worried because the same tool that helps defenders can also be used by attackers to exploit those weaknesses. Its ability to compress the time between discovery and attack is what makes it especially dangerous.

Why are public sector banks increasing their IT spending now?
Public sector banks are raising IT budgets because older security systems were not built to handle the speed at which modern AI tools can identify and exploit vulnerabilities. The threat from tools like Claude Mythos has made cybersecurity a survival priority rather than just a routine cost. Banks like Punjab and Sind Bank and UCO Bank have already confirmed higher IT spending this financial year.

How does Claude Mythos affect everyday banking customers in India?
If a bank's systems are breached, customer data, savings, and transactions could all be at risk. Since Indian banks are deeply connected to payment gateways, forex systems, and stock markets, one successful attack could affect millions of users across multiple institutions. Higher IT spending by banks is ultimately aimed at protecting the money and data of ordinary account holders.

What happens to bank stocks if a major cyberattack hits the sector?
A large-scale cyberattack on a public sector bank could trigger a sharp fall in its stock price and shake investor confidence across the banking sector. Markets tend to react quickly to news of data breaches or system failures, especially in interconnected financial institutions. Investors should watch for updates on IT investment plans and cybersecurity disclosures from banks as a signal of how prepared they are.

What is the government doing to protect Indian banks from AI-driven cyber threats?
The government has set up a dedicated panel under SBI Chairman C S Setty to study the risks from Mythos and suggest steps to reduce them. Finance Minister Nirmala Sitharaman has also asked banks to take pre-emptive action and has indicated that banks will coordinate closely over the coming weeks. This shows that the response is being treated as a sector-wide issue rather than a problem for individual banks to solve alone.

What should Indian banks do differently to stay ahead of AI-powered cyber threats?
Banks need to move away from patching cycles that were designed years ago and adopt faster, more automated threat detection systems. Simply adding more security tools is not enough as the real gap is in how quickly banks can respond once a vulnerability is found. Investing in real-time monitoring, regular system upgrades, and AI-based defense tools will be critical going forward.