Claude Mythos finds 10000 bugs: Is Indian industry ready?
Follow UsClaude Mythos turns vulnerability hunting into industrial-scale automation
India’s legacy systems face a new AI cyber reckoning
Banks, hospitals and utilities must modernise before attackers do
As Claude Mythos nears its launch, news of how it’s finding flaws in decades old code keeps gathering pace. It makes me wonder whether the most dangerous aspect of Claude Mythos isn’t that it can find software flaws, but that it makes the process of flaw-finding seem almost clerical and low-brow. That’s what makes the situation scary.
SurveyBecause ask any cyber security industry techie, and they’ll tell you how vulnerability research was akin to a dark art practised by hoodie-wearing wizards in dimly lit basements, fuelled by equal amounts of caffeine social awkwardness. But in 2026, Anthropic’s Mythos Preview has reportedly found more than 10,000 high or critical-severity bugs across open-source projects under Project Glasswing. That’s a serious shift in the scale of potential attack vectors whole industries are suddenly susceptible to.
Whatever little comfort we can take right now is that Mythos isn’t being tossed into the public like a free PDF converter. Anthropic has kept it fairly restricted, despite all the crazy leaks, reportedly offering access to only select organisations. Many reports indicate that Anthropic is even briefing the Financial Stability Board, which governs the world’s financial systems, because of the concerns such AI models mean for banks, markets and systemic cyber risk.
As sensible and responsible that may seem from Anthropic, history also tells us that that kind of capability rarely remains politely bottled forever. Once the genie escapes the bottle, it’s difficult to force it back in, and even more impossible to effectively control what it does.
Also read: Claude Mythos found decade old Firefox bugs that years of fuzzing missed
All of this affects India deeply. Not because Claude Mythos will personally descend upon Navi Mumbai data centres in a trench coat, but because India runs on a peculiar tech stack of ambition. CERT-In said it handled over 29.44 lakh cyber incidents in 2025, issued 1,530 alerts, 390 vulnerability notes, and 65 advisories, which shows the sheer national scale of the threat surface.
We have UPI, ONDC, Aadhaar-linked services, 5G rollouts, cloud migration, AI adoption and app-first everything. And in the background, unbeknownst to the general public at large, there’s creaking back-end systems, outsourced IT, legacy databases, and human processes held together by Excel, passwords and optimism.
Banking is the obvious place to start, much of which still runs on COBOL – yes, that programming language 80s and 90s kids learned in their school’s computer lab. Is COBOL itself the problem? Not exactly, because mainframes can be boringly secure. The problem is what surrounds them, which can appear messy: APIs, mobile banking layers, middleware, call-centre workflows, and those tiny “temporary” integrations IT teams keep introducing.
In this scenario, a Mythos-like advanced AI model doesn’t need to “hack COBOL” to cause trouble. It only needs to help attackers uncover the cracks faster than defenders can patch them.
India’s healthcare is another big target for cyber attacks, where hospitals often run a museum-grade mixture of old billing software on ancient Windows systems, all managed by overworked non-technical staff. Here, an advanced AI model that quickens vulnerability discovery will help defenders, but in the wrong hands it can weaponise forgotten workstations in no time.
Power, transport and manufacturing should be equally nervous. All those legacy SCADA systems were built for uptime, not for an era where AI can help map exposed systems. All these public utilities won’t just merely lose data if systems fail. They will lose critical production and public trust.
With all that being said, Mythos is not the cyber apocalypse. Not yet anyway, as all the fears of wanton hacking may be overstated. Because finding a flaw isn’t the same as reliably exploiting it, according to cyber experts.
But as far as India’s concerned, the problem has never been a shortage of clever attackers. It is a shortage of boring discipline to exercise cybersecurity effectively. In that sense, Claude Mythos may simply reveal how much of it was already waiting to be broken.
Also read: Google wants to compete with Claude Mythos with its new CodeMender, here is how
