As Artificial Intelligence (AI) evolves, so do the anxieties around it. The discourse on AI ethics, slops and data centres, and AI’s implications on the labour market, warfare and national security are intensifying. Following years of AI advancements, the dynamics have finally changed in 2026, potentially shifting AI from an abstract concept to a force affecting the fundamental infrastructure of institutions. The challenge is to withstand the cybersecurity risks enabled by AI.
The conversation around AI safety can no longer be deemed mythological. Claude Mythos, one of the frontier models — not even built with security in mind, as per Anthropic — has demonstrated that it has surpassed the capabilities of any prior model and could discover vulnerabilities on its own. Recognising the risks this release could pose, they initially chose to delay it and instead recently released Claude Fable 5, a Mythos-class public model with stronger safeguards that has surpassed nearly all other models across all tested AI capability benchmarks. Claude Mythos 5 has been deployed by Anthropic through its “Project Glasswing” initiative, in collaboration with the US government and major tech companies and has extended access to 40 other organisations worldwide to protect critical software.
The Fable 5 release-notes claim Mythos 5 has the strongest cybersecurity capabilities of any model in the world. This is a pivotal moment for governments. As AI prowess continues to advance, the laws and regulations governing them are not keeping pace. But what do we know about this model’s implications so far, and whether India is ready to deal with them?
In a capture-the-flag test by the UK’s AI Security Institute, AI models must find and exploit weaknesses to retrieve “hidden flags”. The Mythos preview outperformed all other AI models, succeeding on 73% of expert-level tasks that no AI model had completed before April 2025. Their evaluation found Mythos could complete a 32-simulated corporate network attack, showing it can target weakly defended systems. However, the tests lacked active defenders and security tools, so real-world performance in well-defended environments remains unproven. The Fable-Mythos split makes it clear that Mythos’s true abilities will only be revealed over time. This raises cybersecurity concerns about AI, given its ability to detect weaknesses in digital infrastructure, and its potential societal implications for public safety and a country’s security.
Some have warned that the Mythos preview was a marketing tactic by Anthropic ahead of its IPO, and an attempt to dramatise its model’s capabilities and position it in AI safety and cybersecurity. While scepticism is welcome, it doesn’t negate the warnings posed by AI frontier development on a nation’s digital infrastructure.
India has responded through CERT-In, issuing an advisory on the capabilities of frontier AI models to support cyberattacks. Finance minister Nirmala Sitharaman has flagged risks to banking, prompting financial sector regulators and infrastructure agencies to coordinate cyber defence from late April. In late May, it was reported that India had requested access to Mythos for domestic firms. However, India’s Mythos response is far from adequate.
Before the AI era, a country’s ability to build and advance digital infrastructure implied success; but now, it also carries implications for vulnerability. Think of the Irish elk, the extinct animal remembered for its enormous antlers that were considered a symbol of evolutionary success; these became harder for the animal to carry as conditions around it changed. Digital payment systems, banking networks, cloud platforms, and public databases are the antlers of digital infrastructure, which are considered important for coordination and controlling national ecosystems. AI changes their conditions. What Mythos Preview claims is that AI has advanced now to a stage that it can probe networks, reason over code to attack, and accelerate vulnerability discovery, whether on the most defended networks or the ones usually left unguarded. This is the AI cyber moment we should all be worried about. The Mythos moment has shown signs that civilisation’s digital intelligence is advancing more quickly than its ability to safeguard the very intelligence it relies on.
The next phase of AI will not reward frontier model developers; it is more about countries that can secure the systems in which these models operate globally. Right now, India does not yet have a binding AI Act nor is it building sovereign AI capabilities, as China or the US. India must enhance its cybersecurity workforce to secure its systems, remain anti-fragile to Mythos, and treat cybersecurity competitiveness as the foundation of AI-era sovereignty.
Amit Kapoor is chair,and Sheen Zutshi is research manager, Institute for Competitiveness. The views expressed are personal
