Get the weekly digest
Top current affairs + exam tips, every Monday morning.
📝 AI-generated analysis for exam preparation. This is original educational content curated for competitive exam aspirants.
Anthropic, an AI safety company, developed Claude Mythos Preview — a large language model with advanced capabilities in code analysis, vulnerability identification, and autonomous task execution. In April, Anthropic announced it would not release Mythos publicly due to its ability to identify previously unknown security flaws in IT systems that could be exploited by malicious actors. On April 22, Anthropic confirmed it was investigating reports that unauthorized users had gained access to this restricted AI model. Mythos demonstrated the capability to identify "zero-day" (previously unknown) vulnerabilities in open-source codebases, reverse-engineer exploits in closed-source software, and transform known-but-unpatched vulnerabilities into working exploits. The International Monetary Fund (IMF) subsequently warned that while AI could strengthen cyber defence, it could simultaneously make cyberattacks faster, cheaper, and accessible to non-experts — with particularly serious implications for the financial sector. In response, the Indian government convened an emergency meeting led by Finance Minister Nirmala Sitharaman and established a committee under SBI Chairman C.S. Setty to assess risks and recommend safeguards.
The intersection of artificial intelligence and cybersecurity represents a rapidly evolving challenge for governments and financial institutions worldwide. [GK] The Information Technology Act, 2000, provided India's initial legal framework for cybersecurity, but subsequent developments have necessitated newer approaches.
Key Historical Milestones: • 2013: The RBI issued initial guidelines on cybersecurity for banks following the organised cyberattack on Indian financial institutions. • 2017: NotPetya and WannaCry ransomware attacks demonstrated the systemic risks of interconnected digital infrastructure, affecting global financial systems. • 2020: CERT-In was designated as the national agency for cybersecurity incident response under amended IT rules. • 2022: The Digital Personal Data Protection Act process began, addressing data security concerns. • 2024: The emergence of advanced AI models capable of autonomous vulnerability discovery marked a qualitative shift in cyber risk landscape. • 2025: RBI introduced a framework for responsible and ethical AI adoption in the financial sector.
Take This Week's Quiz
20 cross-topic questions from this week's current affairs
[GK] The National Cyber Security Policy, 2013, aimed to create a secure cyber ecosystem, but the Mythos incident reveals gaps in anticipating AI-enabled threats. The IMF's warning reflects growing international consensus that AI governance cannot remain purely technical — it requires coordinated regulatory response. India's establishment of a committee under C.S. Setty follows similar regulatory responses in the EU and US, where financial regulators have begun examining AI-specific cyber risks.
IMF Warning on AI-Enabled Cyber Risks: • AI could strengthen cyber defence but simultaneously make cyberattacks faster, cheaper, and accessible to non-experts • Financial sector faces particular risk due to reliance on shared digital infrastructure (software, cloud services, payment networks, interconnected databases)
Anthropic's Mythos Capabilities: • Large language model developed for general-purpose reasoning, coding, and autonomous tasks • Can identify "zero-day" vulnerabilities in real open-source codebases • Demonstrated ability to reverse-engineer exploits in closed-source software • Can transform "N-day" (known but unpatched) vulnerabilities into working exploits • Found vulnerabilities 10-20 years old; oldest discovered was a 27-year-old patched bug in OpenBSD operating system • Anthropic engineers developed complete working exploit in "one night" using the model • Capabilities emerged as "downstream consequence" of general improvements — not intentionally trained
Government Response in India: • Finance Minister Nirmala Sitharaman convened meeting with Electronics and IT Minister Ashwini Vaishnaw, bankers, and stakeholders • Banks advised to establish real-time threat intelligence sharing mechanisms with CERT-In and other agencies • Banks asked to report suspicious activity and cyber incidents more proactively • Committee established under C.S. Setty, Chairman of State Bank of India, to assess risks and recommend safeguards • RBI introduced framework in 2025 for responsible and ethical AI adoption in financial sector
Anthropic's Internal Assessment: • Company refused public release of Mythos in April due to security concerns • Confirmed investigation on April 22 regarding unauthorized user access reports
Political & Constitutional Dimensions:
The government's response through Finance Minister Sitharaman's emergency meeting reflects the political priority given to financial sector cybersecurity. The establishment of a committee under C.S. Setty, a respected institutional figure, signals the gravity assigned to this threat. From a constitutional perspective, the right to privacy under Article 21 [GK] and the state's obligation to protect citizens' data interests are implicated. The IMF's recommendation that governments not treat AI as "purely technical" aligns with the Supreme Court's jurisprudence recognizing data protection as a facet of privacy [GK]. However, the challenge lies in balancing innovation with security — a tension that has no easy political resolution.
Critics argue that India's response remains reactive rather than proactive. The fact that government action followed reports of unauthorized Mythos access, rather than anticipating such risks, raises questions about institutional preparedness. The opposition may question whether regulatory frameworks are keeping pace with technological advancement.
Economic & Financial Impact:
The economic stakes are substantial. The financial sector's reliance on shared digital infrastructure means that a single successful cyberattack could cascade through the system. Banks using AI for customer service, risk management, and fraud detection face dual exposure — both as potential targets and as users of AI systems that could be compromised. The IMF's warning about "scalable, automated, and accessible" cyberattacks suggests a potential democratization of cyber threats, where even financially motivated criminals with limited technical skills could execute sophisticated attacks.
The cost implications are significant: remediation of major cyber breaches can run into thousands of crores, besides reputational damage and loss of public trust. The Mythos incident may also affect foreign investment flows, as international investors increasingly factor cybersecurity preparedness into allocation decisions.
Social Dimensions:
The social dimension centers on public trust in the financial system. If citizens lose confidence in the security of digital banking, it could reverse financial inclusion gains. The vulnerable sections most dependent on digital banking services — including migrant workers using UPI remittances and rural customers accessing credit — would bear disproportionate costs if cyberattacks disrupt services. The IMF's concern about interconnected legacy infrastructure compounds this risk, as such systems are often used by smaller banks serving underserved populations who lack alternatives.
Governance & Administrative Aspects:
The committee under C.S. Setty faces the challenge of recommending safeguards without stifling legitimate AI innovation. Key implementation challenges include: (a) real-time threat intelligence sharing requires interoperable systems across diverse banks; (b) legacy infrastructure upgrades demand significant capital expenditure; (c) CERT-In's capacity to coordinate responses at the speed AI-enabled attacks require. The federal structure adds complexity — while the RBI governs banks centrally, state-level financial institutions may fall outside coordinated frameworks.
The administrative response must also address the international dimension: since AI models like Mythos are developed abroad, domestic regulatory reach is limited. This necessitates coordination with international bodies and potentially bilateral engagement with AI-developing nations.
International Perspective:
Globally, the Mythos incident has prompted regulatory scrutiny. The EU's AI Act [GK] includes provisions for high-risk AI systems, though cybersecurity applications occupy a grey area. The US Cybersecurity and Infrastructure Security Agency (CISA) has issued similar warnings about AI-enabled threats. India's response must be calibrated against these international developments to avoid regulatory arbitrage while maintaining domestic security. The IMF's involvement signals that this is now a matter of international financial stability, not just national cybersecurity.
Short-Term Measures (0-12 months): • Implement the C.S. Setty Committee recommendations on an urgent basis, prioritizing real-time threat intelligence sharing protocols between banks and CERT-In • Conduct immediate audit of legacy infrastructure across public sector banks, with particular focus on systems interfacing with payment networks • Establish dedicated AI cybersecurity cells within major banks modeled on existing fraud detection units • Strengthen CERT-In's technical capacity through partnerships with academic institutions and private cybersecurity firms
Medium-Term Reforms (1-3 years): • Operationalize RBI's 2025 AI framework with specific provisions for AI model evaluation before deployment in financial services • Develop domestic AI safety testing capabilities, potentially through collaboration with institutions like IIT and IIIT research centers • Create regulatory sandboxes for testing AI applications in controlled environments before widespread deployment • Establish bilateral dialogues with major AI-developing nations (US, UK, EU) on AI safety standards for critical infrastructure
Long-Term Vision: • Develop a comprehensive National AI Cybersecurity Strategy that addresses the full lifecycle of AI-enabled threats • Build indigenous AI capabilities for defensive cybersecurity, reducing dependence on foreign-developed models • Establish international coordination mechanisms through G20 and Financial Stability Board for managing systemic cyber risks • Consider a dedicated legislation on AI governance that balances innovation with security, drawing from EU AI Act frameworks while adapting to Indian context
International best practices suggest that Singapore's Cybersecurity Act provides a useful model for harmonizing regulatory oversight, while Israel's Unit 8200 demonstrates how military-grade cybersecurity expertise can be channeled for civilian protection.
"Analyze the implications of AI-enabled cyber threats for India's financial sector. How do the C.S. Setty Committee recommendations address the challenges posed by interconnected legacy infrastructure? (GS-III, 250 words)"
"Discuss the constitutional and legal challenges in regulating advanced AI systems like Mythos that operate across national boundaries. How does the Digital Personal Data Protection Act, 2023 address cybersecurity concerns? (GS-II, 250 words)"
"The IMF has urged governments not to treat AI as a 'purely technical issue.' Examine the governance gaps in India's current approach to AI regulation in critical sectors with reference to federalism implications. (GS-II, 250 words)"
"Evaluate the effectiveness of RBI's 2025 framework for responsible AI adoption in the financial sector. What lessons can India draw from the EU AI Act in balancing innovation with security? (GS-III, 250 words)"
"Critically examine the dual-use nature of AI in cybersecurity — its potential to both strengthen defence and enable sophisticated attacks. How should India develop indigenous defensive AI capabilities? (GS-III, 250 words)"
["cybersecurity", "banking-sector", "governance-reforms", "digital-india", "global-orgs"]