HN-RP-009 · · Policy · 39 min read · 7,756 words · Version 1.0

Frontier AI and the Indian Banking System

Cybersecurity risks from Mythos-class AI and a framework of safeguards for the financial sector

An independent assessment prepared for the consideration of the Hon'ble Union Finance Minister.

Abstract

On 8 April 2026, Anthropic PBC released Claude Mythos Preview. In published evaluation across 198 manually-reviewed vulnerability findings, the model agreed with expert human severity assessment in 89 per cent of cases. Across ten fully-patched targets in internal Anthropic testing, the model achieved complete control-flow hijack. The implications for Indian banking are direct: UPI processed 21 billion transactions worth INR 27 lakh crore in December 2025 alone, the system depends on shared technology service providers serving up to 300 cooperative banks each, and the prevailing time-to-patch is measured in weeks. The window between vulnerability discovery and weaponisation has collapsed from months to hours. This paper sets out a seven-pillar framework of safeguards: indicative cost INR 4,200 to 5,800 crore over three years; equivalent to 3.5 to 4.8 per cent of the INR 1.2 lakh crore that the Indian Cyber Crime Coordination Centre estimates Indians lost to cyber fraud in 2025.

Contents

  1. 011. What changed in April 2026
  2. 022. The threat to Indian banking, by the numbers
  3. 033. Four scenarios with consequence estimates
  4. 044. The existing regulatory framework, and where it stops
  5. 055. The seven-pillar framework
  6. 066. International responses and adoption opportunity
  7. 077. Implementation roadmap
  8. 088. Costs, return, and the calculus of inaction
  9. 099. Conclusion and three immediate recommendations
  10. 1010. References and author note

Request the full paper

The complete paper, including all figures, tables, references, and citations, is available as PDF. Enter your details to receive it.

Request paper · HN-RP-009.pdf

Key findings

  • Constitute, by Ministerial direction within 30 days, an Inter-Ministerial Working Group on Frontier AI Risk to the Indian Banking System, chaired by the Secretary, Department of Financial Services, with the institutional composition and the 90-day mandate set out in Section 7. The Working Group to report quarterly to the Hon'ble Finance Minister.
  • Communicate, through such channels as the Hon'ble Finance Minister considers appropriate, the strategic significance of the matter to the Reserve Bank of India and to the Boards of the major banks, in parallel with the Working Group constitution, to ensure supervisory and operational responses move in concert from the outset.
  • Initiate, through MeitY and MEA, engagement with Anthropic PBC and other frontier AI laboratories, to secure for designated Indian institutions (NPCI, IDRBT, the proposed NAICD-BFSI, and 4 to 6 major banks) access to Mythos-class capability under defensive controls equivalent to those extended to peer institutions in Japan, the United States, and the European Union.

Related papers

Previous in series
HN-RP-008·Sustainability·27 May 2026
The Water Math
Putting data center water use in context for India

Browse all nine papers ›

Reference this paper

Plain text
HyperNext Research. (04 June 2026). Frontier AI and the Indian Banking System: Cybersecurity risks from Mythos-class AI and a framework of safeguards for the financial sector. HyperNext Data Center Limited. HN-RP-009. Retrieved from https://www.hypernxt.com/research/hn-rp-009
BibTeX
@techreport{hypernext_hn_rp_009,
  title = {Frontier AI and the Indian Banking System: Cybersecurity risks from Mythos-class AI and a framework of safeguards for the financial sector},
  author = {HyperNext Research},
  institution = {HyperNext Data Center Limited},
  number = {HN-RP-009},
  year = {2026},
  url = {https://www.hypernxt.com/research/hn-rp-009}
}