AI as the Next Cyber Weapon? SBI-Led Panel Probes ‘Mythos’ Threat to India’s Banking Systems

India’s financial ecosystem is entering a new phase of cyber vigilance—not after a breach, but before one. In a rare pre-emptive move, the government has constituted a high-level panel under C S Setty, Chairman of State Bank of India, to forensically assess the potential risks posed by Mythos, an advanced AI model developed by Anthropic.

What makes this development significant is not an attack—but the anticipation of one.

A Threat Without a Breach—Yet

At a high-level review chaired by Finance Minister Nirmala Sitharaman, alongside IT Minister Ashwini Vaishnaw and key institutions like Reserve Bank of India, National Payments Corporation of India, and CERT-In, officials made one thing clear: there has been no cyberattack linked to Mythos.

But the concern lies deeper—at the level of capability, not incident.

From a forensic standpoint, Mythos represents a paradigm shift. Unlike traditional malware or human-driven hacking attempts, this AI system is capable of autonomously identifying and exploiting software vulnerabilities, including legacy flaws buried in decades-old systems.

The Forensic Red Flag: Accelerated Exploitation Cycles

Cyber forensics has long operated on a predictable cycle—identify vulnerability, patch it, monitor systems. Mythos disrupts this timeline entirely.

Experts warn that such AI models can:

• Compress vulnerability discovery timelines from months to hours
• Automate exploit generation, reducing the need for human expertise
• Scale attacks across systems simultaneously, increasing systemic risk

In forensic terms, this reduces the “window of response” to near zero. By the time a vulnerability is detected, exploitation may already be underway.

The SBI Panel: A Digital Forensics Task Force

The newly formed panel under C S Setty is expected to function less like a policy body and more like a national-level forensic audit unit for banking infrastructure.

Its mandate includes:

• Mapping critical vulnerabilities across banking systems
• Assessing AI-driven attack scenarios and breach pathways
• Recommending real-time detection and response frameworks
• Coordinating intelligence sharing through the Indian Banks’ Association

Banks have been directed to share live threat intelligence with CERT-In, signalling a shift from reactive cybersecurity to continuous forensic monitoring.

The Mythos Factor: Why Regulators Are Alarmed

Mythos is not just another AI model—it is reportedly capable of identifying vulnerabilities that even seasoned cybersecurity teams may overlook. Its restricted deployment under “Project Glasswing” has not prevented unauthorised access through third-party channels, raising serious concerns about supply-chain vulnerabilities.

From a forensic lens, this introduces a new dimension:
The attacker may no longer need to “hack”—they can “query.”

This fundamentally alters how digital evidence, breach attribution, and attack tracing will be conducted in the future.

India’s Cybersecurity Crossroads

India’s response now hinges on how quickly its banking sector can transition from traditional cybersecurity frameworks to AI-integrated defence systems.

If the SBI-led panel succeeds in implementing coordinated, forensic-grade monitoring and rapid response mechanisms, India could emerge as a global model in AI-era financial security.

If not, the risks are systemic. A single exploited vulnerability in interconnected banking networks could trigger cascading failures—difficult to trace, harder to contain.

Final Analysis

This is not just about one AI model. It is about the future of cyber warfare in financial systems.

For the first time, India is not investigating a breach—it is investigating a possibility. And in cybersecurity, that may be the most critical investigation of all.