Mythos wake-up call: Questions India must answer – The HinduBusinessLine

Unread Leave a comment

Clipped from: https://www.thehindubusinessline.com/opinion/mythos-wake-up-call-questions-india-must-answer/article70966664.ece

India must build digital infrastructure sovereignty to move from being a consumer to a trusted stakeholder in frontier AI

AI. At the cutting edge | Photo Credit: tadamichi

When Anthropic released Claude Mythos Preview in April 2026, the global cybersecurity community reacted with genuine alarm. The model didn’t just find known vulnerabilities — it reportedly uncovered thousands of zero-day flaws in major operating systems and browsers, many of which had evaded decades of human and automated scrutiny. In several cases, it could also generate functional exploits with minimal guidance.

For India, the episode was a strategic wake-up call to acknowledge a known problem: being one of the world’s largest markets for frontier AI is not the same as having meaningful influence or access when it matters most. We need to think honestly through the following questions.

First, in a crisis, who gets priority access to critical technologies — and on what basis? Alongside Mythos, Anthropic also announced Project Glasswing — a carefully restricted initiative to deploy Mythos Preview for defensive cybersecurity work. That was the responsible thing to do. Its named launch partners included AWS, Apple, Google, Microsoft, NVIDIA, JPMorgan Chase, CrowdStrike, Cisco, Broadcom, Palo Alto Networks, the Linux Foundation, and other major infrastructure players. However, no Indian enterprise or public institution appeared on the initial list.

India is among Claude’s biggest global markets, yet when privileged access to a high-risk frontier model was being distributed, Indian organisations were not in the first circle of trust. The lesson is clear: in frontier technologies with national-security implications, access is shaped by jurisdiction, institutional relationships, infrastructure depth, national-security alignment, and established trust — not market size alone.

Second, do we have the infrastructure depth and enterprise resilience to handle a frontier-AI security crisis?

Frontier AI is becoming deeply dependent on infrastructure. Access to powerful models is only one part of the equation. Do we have the data centres, energy, secure testing environments, and institutional capacity needed to run, benchmark, and assess these systems at scale?

For Indian enterprises, this was especially sobering. We already knew that we remain deeply dependent on imported, black-box technologies. What the incident made clearer is how such dependence can limit visibility, control, and crisis-response capacity.

Third, are we building the institutional capacity to benchmark frontier AI systems ourselves? The UK AI Security Institute was able to secure access to frontier models, including Mythos Preview and GPT-5.5, run extensive evaluations, and publish early findings that were valuable to industry and policymakers. That kind of capability matters. It allows a country to issue informed advisories, shape regulatory responses, and understand which models are safe or suitable for which use cases. That capability — independent benchmarking, risk assessment, and advisory power — is now a strategic asset for any serious technology nation.

India’s agenda

Finally, what should India do next? Mythos is just the beginning. Future models will become more capable, more autonomous, and more widely available. Within weeks of Mythos, OpenAI’s GPT-5.5 demonstrated comparable or stronger performance on some advanced cyber evaluations, including expert-level CTF-style tasks. This direction of travel is clear: AI will increasingly accelerate vulnerability discovery, exploit generation, defensive testing, patch prioritisation, and cyber operations. This marks the beginning of a new cybersecurity operating environment. The advantage will go not only to those with the best models, but to those with the infrastructure, institutions, talent, and trusted access needed to use them safely and effectively. The patterns emerging over the last few months have made one thing very clear: the future of technology is infrastructure. Unless India has meaningful control over key infrastructure layers, it will struggle to influence the rules that govern the stack.

A good place to start is an honest assessment of which layers of the technology stack — compute, energy, chips, cloud, data, models, applications, standards, and evaluation capacity — are strategically critical and must have meaningful domestic capability or reliable control. For the rest, India must deepen alliances that can be trusted even in crisis.

Achieving this will call for a long-term perspective, targeted patient investment and stronger coordination across government, industry, academia, and the startup ecosystem. India already has important institutional building blocks in place: the IndiaAI Mission, CERT-In, emerging efforts toward an AI Safety Institute, and a growing AI and cybersecurity ecosystem.

India needs a 10-year Sovereignty Moonshot Plan. The goal is clear: move India from being a sophisticated consumer of frontier AI to becoming a stakeholder that helps shape its development, deployment, safety, and governance. To do that, we have to build infrastructure sovereignty. Delay means only one thing: hardened dependence.

The writer is Distinguished Fellow – NITI Aayog

Published on May 12, 2026

Leave a Reply