Indian fintechs seeking access to Anthropic's Mythos amid cybersecurity concerns

Indian fintech companies are seeking access to Claude Mythos before its public release not out of curiosity, but for defensive reasons. For players handling payments, credits, and vast arrays of customer data, Anthropic's new model looks not like another AI novelty, but as a tool capable of drastically reducing the time between vulnerability discovery and actual attack. Therefore, requests for early access here mean a simple thing: verify your own infrastructure before someone else does. On such a market, even a few hours' head start can matter if it comes to payment gateways, anti-fraud systems, and banking integrations.

Among the companies seeking access are One97 Communications, Razorpay, and Pine Labs. Their logic is clear: if Mythos truly excels at finding weak points better than most specialists, then major financial platforms benefit more from using it for internal audits than from waiting for similar capabilities to appear in the hands of threat actors. According to One97's head, the conversation with Anthropic covered not only access timelines but also how exactly the company plans to deploy the model, indicating strict user vetting.

Anthropic is not planning to open Mythos to everyone. Instead, the company launched Project Glasswing—a controlled program that includes major technology and cybersecurity players, including Amazon Web Services, Microsoft, Apple, Google, NVIDIA, Cisco, CrowdStrike, and JPMorganChase. More than 40 additional organizations responsible for critical software infrastructure received limited access for defensive tasks. Anthropic has allocated up to $100 million in credits for model usage and another $4 million in direct support for open-source security organizations through this program.

The reason for such caution stems from the model's stated capabilities. Anthropic states directly that the model has reached a level where it surpasses nearly everyone except the strongest specialists in finding and exploiting software vulnerabilities. According to the company, Mythos Preview has already discovered thousands of high-criticality vulnerabilities, including in every major operating system and major web browser. This is not merely static code audit: the model is used to search for zero-day issues, black-box testing of binaries, enhancing endpoint protection, and conducting full penetration tests.

The company claims that some of the discovered issues had gone unnoticed for years, and in several cases, the model could not only identify the bug but also provide a working exploitation path. Anthropic's reports also state that in manual verification, experts agreed with the model's vulnerability severity assessment in 89% of the 198 reviewed cases, and in 98% they were no more than one level off.

For banks and fintech, this is particularly sensitive: their stack is typically complex, interconnected with partners, and often relies on legacy components that are difficult to update quickly without business risk.

The Indian market reacted swiftly. The self-regulatory association FACE, which unites more than 275 ecosystem companies and is recognized by the RBI, recommended participants strengthen protection, accelerate patching of known vulnerabilities, establish continuous monitoring, and immediately report suspicious incidents to regulators. For the industry, this is not an abstract threat: fintech in India has grown on a dense network of APIs, mobile applications, payment services, and third-party integrations, meaning a successful exploitation chain can quickly spread across multiple market players.

Against this backdrop, requests for access to Mythos appear not as attempts to gain competitive advantage, but as an early warning measure. Similar concerns are already visible beyond India: in the USA and UK, regulators, central banks, and major banks have separately discussed how such models could accelerate complex cyberattacks faster than the market can rebuild its defenses.

The key takeaway is that models like Mythos fundamentally change the economics of cybersecurity. Previously, finding deep vulnerabilities required rare expertise, weeks of work, and expensive teams; now this process can compress into hours and scale far more broadly. For fintech, this means a new race: defense must use the same tools that potentially strengthen attackers.

The sooner major payment platforms can test their systems in defensive mode, the greater the chance of narrowing the window of vulnerability. But simultaneously, another question grows: if access to such systems remains with only a limited circle of companies and states, the strategic resource will become not just capital or data, but the very ability to find weak points in digital financial infrastructure faster than anyone else.