The Reserve Bank of India’s preliminary assessment – just like that of global regulators – suggests Mythos could pose cybersecurity risks by accelerating the discovery and exploitation of software vulnerabilities, the sources, all familiar with the central bank’s thinking, said.
MUMBAI: India’s central bank is in talks with global regulators, Indian lenders and government officials to understand the potential risks posed by Anthropic’s new artificial intelligence model Mythos, three sources said.
The Reserve Bank of India’s preliminary assessment – just like that of global regulators – suggests Mythos could pose cybersecurity risks by accelerating the discovery and exploitation of software vulnerabilities, the sources, all familiar with the central bank’s thinking, said.
Regulators in Asia, Europe and the United States have warned banks to review defences and preparedness. In Japan, the financial watchdog will meet banks this week, while the Australian central bank said it is monitoring Mythos-related developments.
RBI officials have over the past fortnight held consultations on Mythos-related risks with counterparts at the U.S. Federal Reserve and the Bank of England in particular, according to one of the sources.
The RBI may seek direct engagement with Anthropic, the sources said.
“Globally, we are discussing with other countries and other regulators on what are the developments and what safeguards need to be taken,” one of the sources said.
India’s payment authority, the National Payments Corporation of India (NPCI), is trying to secure early access to Mythos alongside a small number of banks, to identify vulnerabilities and “day‑zero” cyber risks ahead of any broader rollout, this source said.
However, such access may not be forthcoming as Anthropic’s Mythos systems is hosted on strictly-controlled servers in the U.S. and running tests on local data in foreign jurisdictions could prove challenging, said a fourth source aware of the matter.
Access to Mythos has been limited to a small number of organisations involved in maintaining key digital infrastructure in the U.S. Anthropic plans to provide Mythos access to European banks soon, Reuters reported earlier this week.
Email requests for comment sent to RBI and NPCI were not immediately answered.
The RBI is preparing broader guidelines for banks entering enterprise partnerships with advanced AI models, including Mythos and Anthropic’s Claude family, as part of a longer‑term strategy on AI adoption, according to two of the sources.
The discussions are at an early stage but the central bank will insist that all analytics based on data of Indian customers complies with RBI’s domestic data localisation, the sources said.
The RBI data localization rule, issued in 2018, requires all payment system providers in India to store end-to-end transaction data, including user information and payment messages, exclusively on servers located within India.