The Centre is in talks with the US administration and Anthropic to secure access to Claude Mythos for Indian companies under Project Glasswing, with no Indian firm among the roughly 40 organisations currently in the programme, according to a report by the Inc42. Ministry of Electronics and Information Technology (MeitY) Secretary S. Krishnan confirmed on April 28 that the government is working out the “logistics” with US authorities to include Indian entities.
What Nasscom said: Nasscom wrote to Anthropic separately, arguing Indian firms maintain critical code used by organisations worldwide. “As AI systems evolve to autonomously identify and chain vulnerabilities across platforms, the potential for cascading, cross-border risks becomes significantly higher. Given this reality, it is imperative that Indian technology firms are included in the global industry consortium by Anthropic,” Nasscom said in a letter to Anthropic, according to ET.
What the government said: A senior government official told ET that rival companies could release similar models without warning. “Currently, Anthropic has held off the wider release, but tomorrow more companies can launch such models. They may release them without advance notice. The government needs to build its capacity as of yesterday.”
OpenAI has since launched GPT-5.4-Cyber with tiered access under its Trusted Access for Cyber programme, demonstrating exactly that risk. The Centre is also weighing a broader policy framework for future high-capability model launches, and is reluctant to enable access for some companies while excluding others.
The restricted launch has not been without incident. Bloomberg reported that a small group of unauthorised users gained access to Mythos through a third-party vendor environment on the day of launch, fuelling concern among governments worldwide that critical systems may already be at risk.
What the government has done: Finance Minister Nirmala Sitharaman and IT Minister Ashwini Vaishnaw chaired a meeting on April 23 with senior officials from the Reserve Bank of India (RBI), National Payments Corporation of India (NPCI), MeitY, the Department of Financial Services, and the Indian Banks’ Association (IBA). Sitharaman called the threat “unprecedented.” The meeting directed:
- Indian Banks’ Association (IBA) to build a coordinated cyber response mechanism
- Banks to report suspicious incidents to CERT-In immediately
- Banks to strengthen cybersecurity systems using specialised agencies
- The National Critical Information Infrastructure Protection Centre (NCIIPC) to harden power grids, telecom networks, and banking systems
The RBI has separately consulted the US Federal Reserve and the Bank of England on the risks.
The access conflict: Even if India secures Glasswing access, NPCI faces a direct compliance problem: India’s 2018 data localisation rules require payment system providers to store all transaction data on servers within India, while Mythos runs on strictly controlled US-based servers. NPCI has not publicly resolved this.
As MediaNama reported, Airtel and Vodafone Idea qualify as data fiduciaries under the Digital Personal Data Protection Act, 2023 (DPDPA), meaning a successful AI-driven breach of their vendor systems would require mandatory user notification and a detailed report to the Data Protection Board within 72 hours, with fines up to Rs 200 crore for non-compliance.
What Glasswing is: Anthropic launched Project Glasswing on April 7 alongside Mythos, restricting access given the model’s ability to autonomously find and exploit software vulnerabilities across major operating systems and browsers, including flaws hidden for decades. Partners include AWS, Apple, Cisco, CrowdStrike, Google, JPMorgan Chase, Microsoft, and Nvidia. Anthropic has committed $100 million in usage credits under the programme.
Anthropic has told US government officials that Mythos capabilities are part of why “the US and its allies must maintain a decisive lead in AI technology,” framing access as a geopolitical question, not just a cybersecurity one. MediaNama founder Nikhil Pahwa writes in Reasoned: “Strategic technologies do not distribute their benefits evenly, even when their risks are universal. The strategic benefit flows first to the US and its allies. Mythos is built by a US company, access is gated by that company, and the capability is explicitly framed as part of maintaining technological lead. Meanwhile everyone is vulnerable.”
Also read:
