AI-Powered Cybersecurity Risks: India Evaluates Anthropic’s Claude Model

Context:

• The Indian government and IT industry are assessing the implications of Anthropic’s advanced LLM (Claude Mythos), which can detect long-standing software vulnerabilities.
• The model is currently not publicly released, with limited access given to select global firms under Project Glasswing.

Key Highlights:

Capabilities of the AI Model

• Claude Mythos can identify decade-old vulnerabilities in widely used systems like:
  • Linux kernel
  • OpenBSD
  • FFMPEG
• Acts as both:
  • Security scanner (defensive tool)
  • Potential cyberattack enabler (offensive risk)

Project Glasswing Initiative

• Collaboration of ~40 companies and open-source maintainers.
• Backed by $100 million funding.
• Objective: Scan and patch vulnerabilities before public release.

India’s Response

• MeitY and CERT-In evaluating risks and preparedness.
• Indian IT firms not part of early access consortium.
• Industry bodies like DSCI (NASSCOM) engaging stakeholders.

Potential Risks & Concerns

Cybersecurity Threats

• If publicly released, such models could:
  • Enable mass-scale vulnerability discovery
  • Trigger cyberattacks on global infrastructure
• Risk particularly high for:
  • Legacy systems (e.g., Aadhaar, GST platforms)
  • SCADA and IoT systems

Economic & Industry Impact

• Threat to SaaS and deep-tech ecosystems.
• Indian IT firms may lag behind due to limited access to early tools.
• Potential disruption to bug bounty ecosystem.

Strategic Concerns

• Increased risk of state-sponsored cyberattacks.
• Dilemma for Indian firms:
  • Use foreign AI tools → dependency risk
  • Avoid tools → security vulnerabilities remain

Opportunities

• Strengthening cybersecurity infrastructure.
• Encouraging indigenous AI development.
• Improved global collaboration on cyber resilience.

Relevant Prelims Points:

• CERT-In (Indian Computer Emergency Response Team):
  • National agency under MeitY for cybersecurity incident response.
• Large Language Models (LLMs):
  • AI systems trained on vast data for text generation, coding, and analysis.
• SCADA Systems:
  • Used in industrial control systems (power, water, manufacturing).
• IoT (Internet of Things):
  • Network of connected physical devices exchanging data.
• Linux Kernel / OpenBSD:
  • Core open-source operating systems widely used globally.
• Bug Bounty Programs:
  • Reward system for identifying software vulnerabilities.

Relevant Mains Points:

• AI and Cybersecurity Nexus:
  • AI enhances defensive capabilities (vulnerability detection).
  • Simultaneously increases offensive cyber risks (weaponisation of AI).
• Implications for India:
  • Need to strengthen cybersecurity preparedness across sectors.
  • Risk to critical infrastructure and government databases.
  • Potential digital sovereignty concerns due to reliance on foreign AI tools.
• Policy Challenges:
  • Lack of global governance frameworks for AI in cybersecurity.
  • Need for responsible AI deployment and access control.
  • Balancing innovation with security safeguards.
• Concerns:
  • Unequal access to advanced AI tools (global tech divide).
  • Vulnerability of legacy systems in India.
  • Risk of large-scale cyber warfare.
• Way Forward:
  • Invest in indigenous AI and cybersecurity tools.
  • Strengthen CERT-In capabilities and inter-agency coordination.
  • Regular security audits of critical infrastructure.
  • Develop AI governance and ethical frameworks.
  • Enhance public-private partnerships in cybersecurity.

UPSC Relevance

• GS III (Science & Technology): AI, cybersecurity, emerging technologies.
• GS III (Internal Security): Cyber threats, critical infrastructure protection.
• GS II (Governance): Digital governance, data protection policies.