Clipped from: https://www.financialexpress.com/business/news/beyond-banks-mythos-widens-india-incs-cyber-risk-map/4218774/?ref=hometop_hp
Experts warn legacy systems across energy, telecom, manufacturing and utilities could be exposed faster as AI accelerates attacks.
Legacy systems across critical sectors face rising cyber threats as AI accelerates attacks, prompting calls for higher cybersecurity spending and stronger defences.
Banking may be grabbing the headlines, but the bigger cyber story is unfolding across corporate India’s wider digital estate. From power grids and oil pipelines to telecom networks and factory floors, security experts say Anthropic’s Claude Mythos has sharpened concerns that AI-powered tools could help attackers identify and exploit weaknesses across enterprise systems at machine speed.
“Banking got the headline because bankers were in the room when Mythos was briefed. The real exposure is in the sectors that weren’t,” Srikara Rao, chief technology officer at R Systems, said.
What do consultants say?
Consulting firm Bain said Mythos should be viewed less as a standalone threat and more as a marker that sophisticated AI-enabled attacks have arrived. It warned that many companies have underinvested in cybersecurity for years, leaving ageing systems and fragmented networks exposed.
“Many organizations will need to significantly increase cybersecurity spending, by up to two times their current levels or even more; planned increases of about 10% annually fall far short of what the threat now demands,” the Bain report said.
“Four sectors lie within the blast radius of bad actors leveraging Mythos — BFSI, Power & Energy, Telecom, and Government & Defence. The first one, BFSI, is also target number one,” Srinivas L, joint managing director and joint chief executive officer at 63SATS Cybertech, said.
‘The threat surface isn’t new’
“The threat surface isn’t new. What’s new is the speed. Mythos didn’t create vulnerabilities, they were always there. What it did was industrialise their discovery,” Rao said.
The risks are particularly acute in sectors dependent on operational technology (OT) — the software and control systems that run plants, pipelines and utilities.
In the power and utilities segment, electricity networks, transport systems and water utilities often rely on decades-old industrial systems designed for reliability rather than cyber defence. Experts said AI models capable of scanning vast codebases and mapping networks could help defenders find hidden flaws faster, but in the wrong hands could also expose vulnerable entry points across critical infrastructure.
“This sector relies on legacy systems and could benefit from rapid discovery of hidden vulnerabilities and zero-day bugs. If not done, attackers can map and exploit vulnerabilities before security teams fix them,” Chetan Jain, managing director at Inspira Enterprises, said.
Likewise, oil and gas companies running refineries, storage terminals and pipeline networks increasingly depend on connected automation platforms. Security specialists warned that many such environments still carry legacy software that is patched slowly or not at all. That raises the prospect of outages, shutdowns or data compromise if attackers use AI to discover exploitable weaknesses faster than operators can respond.
“The real concern for enterprises is not that AI suddenly invented new risks, but that it may significantly shorten the time between vulnerability discovery and exploitation. In other words, the pace of attack could now exceed the pace of remediation for many organizations,” Satykam Acharya, co-founder and director, offensive security practices at Infopercept, said.
Manufacturing companies are also vulnerable as production systems become more connected to enterprise IT networks. A breach can move beyond data theft into physical disruption.
Telecom operators, meanwhile, manage nationally significant infrastructure with sprawling software layers spanning billing, customer systems and network cores. Experts said AI-assisted attacks could intensify the search for zero-day vulnerabilities in such complex environments.
More broadly, security experts said the threat is no longer confined to one industry.
Sunil Sharma, managing director and vice president – sales (India & SAARC) at Sophos, said cyber risk is now defined less by sector and more by interconnected environments spanning cloud, on-premises systems and third parties. “What we are seeing now is a significant shift in attacker capability. Threat actors are increasingly leveraging automation and AI to accelerate the entire attack lifecycle, from reconnaissance to exploitation,” Sharma said.
The Bain report added that the immediate response is not exotic new tools, but stronger basics: patching, zero-trust access controls, anomaly detection and network segmentation.
For enterprises, Mythos may not have created new cracks. It has simply made them harder to ignore. “We cannot fight 2026 threats with 2019 playbooks. The next attacker will not be human, hence our defence also cannot be either,” Srinivas L said.
aniltikotekar4sme.com 