Key Points
- RBI consulting US Federal Reserve and Bank of England over Claude Mythos risks
- NPCI working with banks to secure early access for vulnerability testing
- Central bank preparing long-term AI guidelines for enterprise partnerships
The Reserve Bank of India is consulting international regulators over cybersecurity threats posed by Anthropic’s Claude Mythos, an advanced artificial intelligence model that officials fear could accelerate attacks on India’s banking infrastructure. The central bank has held discussions with counterparts at the US Federal Reserve and the Bank of England, according to a Reuters report published on Wednesday.
A preliminary RBI assessment has flagged concerns that the AI system could help malicious actors discover and exploit software vulnerabilities faster than banks can patch them. This poses direct risks to millions of Indian customers who rely on digital banking and payment platforms daily.
India’s financial sector has seen rapid digitisation in recent years, with the Unified Payments Interface processing over 14 lakh crore rupees monthly. Any vulnerability in banking systems could expose customer accounts, transaction data and payment credentials to exploitation.
Global regulators sound alarm
RBI officials are not alone in their concern. Regulators across Asia, Europe and the United States have warned banks to review their defences against potential threats from the AI model.
“Globally, we are discussing with other countries and other regulators on what are the developments and what safeguards need to be taken,” one source told Reuters.
Japan’s financial watchdog has scheduled meetings with banks this week to assess preparedness. Central banks in Australia and New Zealand are also monitoring developments closely. The RBI may seek direct engagement with Anthropic, the San Francisco-based company that developed Claude Mythos, the sources added.
NPCI seeks early access for testing
The National Payments Corporation of India is working with a small group of banks to secure early access to Claude Mythos. The aim is to identify zero-day vulnerabilities, which are security flaws unknown to software makers that have no existing fix, before Anthropic deploys the model more widely.
NPCI manages the UPI platform, which handles digital payments for hundreds of millions of Indians. However, obtaining access to Mythos presents challenges. The AI model is hosted on strictly controlled servers in the United States.
Conducting tests involving Indian customer data on foreign servers raises compliance issues, another source told Reuters. India’s 2018 data localisation rules require payment system providers to store all transaction data, including user information and payment messages, exclusively on servers located within India.
Access remains tightly restricted
Anthropic has so far limited access to Claude Mythos to a small number of US organisations responsible for critical digital infrastructure. The company plans to extend access to European banks in the near future, according to the Reuters report, but no firm timeline has been announced.
The restricted access makes it difficult for Indian regulators and banks to assess the model’s capabilities directly. This has prompted the RBI to rely on information sharing with foreign counterparts who have closer access to Anthropic’s operations.
Central bank prepares AI guidelines
Beyond the immediate Mythos concerns, the RBI is developing broader guidelines for banks entering enterprise partnerships with advanced AI models. These guidelines cover the Claude family of AI systems developed by Anthropic as well as competing models from other technology companies.
The discussions remain in early stages, according to reports. The central bank is expected to enforce strict compliance with existing data localisation requirements as part of any AI adoption framework for India’s financial system.
Your Questions, Answered
What is Claude Mythos and why is RBI concerned?
Claude Mythos is an advanced AI model developed by Anthropic. RBI fears it could help attackers discover and exploit banking software vulnerabilities faster than institutions can fix them, threatening India's digital payment infrastructure.
Which international regulators is RBI consulting on Claude Mythos?
RBI has held discussions with the US Federal Reserve and the Bank of England. Regulators in Japan, Australia and New Zealand are also assessing risks from the AI model.
Why does NPCI want early access to Claude Mythos?
NPCI wants to identify zero-day vulnerabilities in India's payment systems before Anthropic deploys the model widely. This would help secure UPI and other digital payment platforms proactively.
What are India's data localisation rules and how do they affect Mythos testing?
India's 2018 rules require payment providers to store all transaction data on servers within India. Testing Mythos with Indian customer data on US servers where the model is hosted raises compliance concerns.
