Anthropic’s unreleased Claude Mythos is scanning critical open source codebases under Project Glasswing, prompting India’s government and IT sector to evaluate the risks of AI-driven vulnerability discovery before such tools become widely accessible.
Anthropic’s unreleased AI model, Claude Mythos, is driving a new phase of AI-led open-source security hardening, prompting the Indian government and the broader IT sector to reassess cyber risk exposure. Under Project Glasswing, a $100 million initiative involving 40 companies and open-source developers, Mythos is scanning global open-source codebases to uncover hidden vulnerabilities before public release.
The model has already identified flaws in critical open-source systems, including OpenBSD, FFmpeg, and the Linux kernel, with patches now being prepared ahead of wider disclosure. This early-fix approach is pushing MeitY officials and CERT-In to closely study the cybersecurity implications of AI systems that can both detect and potentially exploit software weaknesses.
Although no Indian firms are part of the first Glasswing cohort, local companies may still benefit indirectly as patches flow into shared open-source infrastructure used across enterprise software stacks. However, Indian IT services firms remain concerned that their custom-built software environments could become vulnerable to AI-enabled attack pathways.
The Data Security Council of India has also begun industry-wide consultations, while product-led SaaS and deep-tech firms assess heightened risks that may extend into SCADA and IoT infrastructure, raising concerns beyond software into physical systems. Legacy public platforms such as Aadhaar and GST may also face elevated exposure, particularly where uneven security standards persist.
As one unnamed expert warned, “It’s an entire tsunami coming in.” Yet a researcher noted that “in the long term, the defenders win,” even if “in the transitionary period… things probably are very bad.”
