IT industry, Govt. examine cybersecurity implications of Anthropic’s Mythos model

Indian IT firms and government assess cybersecurity risks posed by Anthropic's Mythos model, revealing vulnerabilities in critical software systems.

The Indian IT industry and the Union government are studying the ramifications of Claude Mythos, Anthropic’s unreleased model that has been billed as a powerful scanner – and potentially a vector – of undiscovered security vulnerabilities across the world’s most widely used computer systems.

The Hindu has learnt that officials in the Electronics and Information Technology Ministry and at the Computer Emergency Response Team, India (CERT-in) are deliberating what Mythos’s capabilities could mean in the coming days, even as a consortium of American firms, in partnership with Anthropic, rushes to patch software vulnerabilities that human cybersecurity experts have not hitherto spotted or fixed.

Word of Mythos has spread rapidly in cybersecurity circles since the announcement of Project Glasswing, a consortium of 40 companies and open-source code maintainers to whom Anthropic is giving early access of the LLM, with a $100 million budget to perform scans of the vast codebases that power other IT systems around the world, including in India.

Anthropic said it has already found several vulnerabilities in systems such as OpenBSD, FFMPEG and the Linux kernel, systems that are deeply embedded in computers and servers globally, spurring the firm to work with their developers as much as possible in patching bugs before making the model public. 

No Indian firm appears in the partial list of firms that Anthropic published. This does not mean, however, that Project Glasswing will not benefit Indian firms at all. Since IT firms generally use a “tech stack” that combines hardware and software from a variety of vendors, including several products from Glasswing partners, it is likely that patches being released in the coming days will close off certain security gaps in Indian firms.

“The more relevant question is whether Indian firms are investing enough in their own security posture on top of that shared infrastructure, because that part is entirely on them,” Pawan Prabhat, a co-founder of the LLM deployment startup Shorthills AI, told The Hindu.