惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

L
LINUX DO - 最新话题
G
Google Developers Blog
J
Java Code Geeks
The GitHub Blog
The GitHub Blog
F
Full Disclosure
H
Help Net Security
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Vercel News
Vercel News
酷 壳 – CoolShell
酷 壳 – CoolShell
Recent Announcements
Recent Announcements
Help Net Security
Help Net Security
The Hacker News
The Hacker News
IT之家
IT之家
Y
Y Combinator Blog
Martin Fowler
Martin Fowler
L
Lohrmann on Cybersecurity
C
CERT Recently Published Vulnerability Notes
V
Visual Studio Blog
博客园 - 聂微东
Hacker News: Ask HN
Hacker News: Ask HN
H
Hacker News: Front Page
Know Your Adversary
Know Your Adversary
Security Latest
Security Latest
Security Archives - TechRepublic
Security Archives - TechRepublic
Simon Willison's Weblog
Simon Willison's Weblog
www.infosecurity-magazine.com
www.infosecurity-magazine.com
T
Troy Hunt's Blog
Last Week in AI
Last Week in AI
Schneier on Security
Schneier on Security
N
News and Events Feed by Topic
博客园 - 【当耐特】
有赞技术团队
有赞技术团队
AWS News Blog
AWS News Blog
Blog — PlanetScale
Blog — PlanetScale
博客园_首页
Google DeepMind News
Google DeepMind News
Cloudbric
Cloudbric
N
News | PayPal Newsroom
A
About on SuperTechFans
S
Schneier on Security
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Hugging Face - Blog
Hugging Face - Blog
M
MIT News - Artificial intelligence
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
雷峰网
雷峰网
T
The Exploit Database - CXSecurity.com
罗磊的独立博客
K
Kaspersky official blog
The Cloudflare Blog
I
Intezer

MEDIANAMA

India in talks with US, Anthropic for Mythos access; no Indian firms in Project Glasswing yet Including OTTs in TRAI’s spam protection draft rules a ‘regulatory overreach’: IAMAI Eternal Q4FY26: All Users Pay Higher Platform Fee, Only Some Get Discounts Amazon, Meta to challenge PhonePe-Google Pay dominance as UPI cap delayed since 2020 Meta failed to protect the safety of under-13s: European Commission If markets and regulators are ready for network slicing, we are ready: JIO Why defining ‘news’ won’t fix the free speech problems of draft IT Rules? #NAMA Eternal Q4FY26: Goyal Dismisses AI Disruption Risk as Zomato Quietly Builds Agentic Commerce Infrastructure Karnataka files appeal challenging the bike taxi ban lift in the Supreme Court How did WhatsApp turn 17 govt. flags into 9,400 digital arrest scam bans? Google Wallet integrates Aadhaar as digital ID, expands India’s mobile identity ecosystem Kerala HC issues notice on MediaOne’s Facebook page block in India MeitY warns VPN providers against enabling access to blocked betting platforms Shreya Singhal targeted private censorship. Today’s threat is the State #NAMA Amazon scales its quick delivery service ‘Amazon Now’ in 100 cities Can MeitY issue binding rules via advisories? Experts raise alarm over draft IT Rules #NAMA How 2019 election code of ethics became India’s three-hour content takedown mandate #NAMA Australia proposes new levy on big tech to fund news, opens draft law for consultation ‘judge, jury, executioner’: experts warn of Inter-Departmental Committee (IDC) overreach under New draft IT Rules Lowdown: TRAI flags low deployment under PM-WANI in public Wi-Fi consultation paper Why the NBFC licence matters for MobiKwik China blocks Meta-Manus deal, asserts origin-country jurisdiction: what this means for India ‘No transparency’: experts warn of expanding powers to block online speech in India #NAMA X launches standalone iOS messaging app XChat with encryption in India How India’s content takedown framework was built and where It has gone wrong #NAMA Explained: why did the RBI cancel Paytm’s banking licence? Meta now instantly blocks content in India Govt. asks ZEE5 to halt ‘Lawrence of Punjab’ web series release Online Gaming Rules notified, to be in effect from May 1, what are the major changes? RBI mandates additional factor authentication for e-mandates No notice, no explanation, no recourse: how content creators experience censorship in India #NAMA Telangana Police invokes UAPA to demand TeluguScribe’s user data from X Lowdown: RBI releases draft PPI rules covering capital requirements, wallet limits & escrow norms MeitY tightens AI label rules, mandates continuous disclosure Watch Live: IT Rules and the Future of Online Speech in India, Delhi April 23, #NAMA Govt. defends 4 PM YouTube ban, cites foreign influence and ‘digital lobbying’ in Delhi HC Anthropic’s Mythos AI accessed without approval via third-party vendor route: Report YouTube expands AI likeness detection tool to celebrities amid deepfake surge ECI orders 3-hour takedown rule for AI and fake content in elections Final Call: IT Rules and the Future of Online Speech in India, Delhi April 23, #NAMA Announcing Speakers: Victims of Censorship | IT Rules and the Future of Online Speech in India, Delhi April 23, #NAMA Apple withholds financial data as India App Store antitrust case heads to final hearing Sony rolls out age checks in Playstation in the UK, users to prove age to access chat Vercel confirms hack via third-party AI tool, says sensitive data safe Karnataka High Court stays blocking orders against Proton Mail J&K DMs impose sweeping 60-day social media curbs; IFF calls them “illegal, overbroad” Flipkart plans ticketing entry, food delivery pilot in May ahead of IPO ANI v OpenAI: Not Everything an LLM Does is Copyright Infringement EU’s “safe by design” age-verification app cracked in minutes, raising data security fears Molitics’ Instagram suspended days after Facebook ban Speaker Announcement: IT Rules and the Future of Online Speech in India, April 23, 2026, Delhi X has only responded to 13 out of 94 takedown notices since 2024: Centre tells Gujarat HC Jio Financial Services Q4FY26 profit declines 14% to Rs 272 crore Bombay HC cracks down on fake ‘NSE’ social media handles amid rising impersonation fraud Government drops proposal to mandate Aadhaar app on smartphones Ola’s Krutrim quietly shuts down its agentic AI assistant ‘Kruti’ Anthropic taps Peter Thiel-backed Persona for Claude ID checks, raising DPDP concerns YouTube rolls out option to turn off Shorts, expands time controls Amnesty calls for ‘immediate withdrawal’ of India’s 2026 IT Amendment Rules, cites threat to free speech and privacy Lowdown: Insurers have to comply with DPDP as IRDAI updates Cyber Security Guidelines European Commission proposes Google have to share search data with rivals under the DMA AIGEG: MeitY’s new AI governance body excludes regulators recommended by its own AI guidelines Amazon acquires Globalstar for $11.57 Billion: What it means for India European Commission rolls out privacy-focused age verification app for child safety Reading List: IT Rules and the future of online speech in India, April 23, Delhi #NAMA Digital rule, colonial echo – India’s IT Rules 2021 amendments Agenda: IT Rules and the future of online speech in India, Delhi, April 23 #NAMA Motorola gets court order to block YouTube videos critical of its phones in India Apple and Google promote ‘nudify’ apps despite policy bans, report finds National security could be used to mandate registration of online games HBO Max enters India via JioHotstar partnership Andhra Pradesh police detain stand-up comedian Anudeep Katikala over YouTube video jokes Aptoide sues Google for app store monopoly, alleges ‘anticompetitive chokehold’ HBO Pushes X to Unmask User Behind Euphoria Season 3 Spoilers Delhi HC directs DoT, MeitY to take action against Tucows for failing to take down infringing URLs in Premier League case Claude users say accounts suspended after being incorrectly flagged as minors MeitY may let users, intermediaries join content-blocking hearings Sucheta Dalal challenges Delhi Court order using ‘Right to Be Forgotten’ in Sterling Biotech case Govt launches Rs 10,000 Cr Startup India Fund of Funds 2.0 to bridge early-stage funding gap in deep tech Advisories as Law? Panelists Debate Legal Sanctity Under Draft IT Rules Amendments Independent journalists in Punjab allege censorship by ruling AAP using copyright strikes, IT act Supreme Court Issues Notice on PIL Seeking Biometric Verification of Voters Fact-check: MP Nishikant Dubey’s claim on X community notes & Australian tax is false “No scientific evidence”: 438 scientists call for pause on age-based controls until benefits and risks understood Developer partially bypasses Google’s AI watermark, undermining detection India’s deepfake rules rely on Event Announcement: IT Rules and the Future of Online Speech in India, April 23, #NAMA UK plans jail risk for tech executives over failure to remove intimate images Press bodies demand ‘unconditional withdrawal’ of draft amendment to IT Rules, warns of free speech threat Zoho revenue crosses Rs 12,000 crore in FY25, but profit slips 3% YouTube’s AI avatar tool for Shorts raises questions around India’s deepfake rules, personality rights Instagram expands safety settings on teen accounts with 13+ content ratings Digi Yatra is eyeing international travel roll-out with passport-based enrolment Meta’s new AI model Muse Spark is coming to WhatsApp. Here is what that means for Indian users Andhra Pradesh explores DigiLocker age tokens for social media curbs on children aged 13-16 Kunal Kamra tells Bombay HC police sent “thousands” of takedown notices via Sahyog portal Extra safeguard for the elderly: RBI suggests trusted person approval for high-value digital payments Delhi court orders Google to remove Sterling Biotech case links, cites ‘right to be forgotten’ RBI Proposes 1-hour delay, customer controls for digital payments as frauds surge Should only MIB-authorised apps be allowed to stream free TV on Smart TVs? TRAI Seeks Inputs OpenAI releases child safety policy framework recommendations to combat AI-enabled CSAM
Claude Mythos puts India on alert: CERT-In, telcos, banks assess unprecedented cyber risks
Aakriti Bans · 2026-04-27 · via MEDIANAMA

Bharti Airtel and Vodafone Idea are reviewing the security practices of their network software vendors after Claude Mythos Preview, an artificial intelligence (AI) model released by US-based Anthropic on April 7, autonomously found and exploited software vulnerabilities that had survived decades of human review, Moneycontrol reported.

India’s nodal cybersecurity agency, the Indian Computer Emergency Response Team (CERT-In), issued a High-severity rating advisory on April 26, directly citing the AI model, warning organisations to treat every newly disclosed vulnerability as exploitable within hours, not weeks.

Why this matters for ordinary users: Airtel and Vodafone Idea (Vi) hold the call records, location data, and payment information of hundreds of millions of Indians. Their core network software runs on systems built and maintained by vendors like Nokia, Ericsson, and Samsung, meaning the operators themselves cannot patch vulnerabilities. An AI that finds those vulnerabilities faster than any human team compresses the window for attackers to exploit them before a fix arrives.

What Claude Mythos is, and why it matters: Every app, website, and telecom network runs on software. That software has bugs, some hidden for years, even decades, that attackers can exploit to break in and steal data. Finding those bugs has always required rare, expensive human expertise and months of painstaking work. That is the only reason most of them stayed hidden for so long.

Claude Mythos Preview changes that. It is an AI model that can read software code, identify hidden flaws, and figure out how to exploit them, entirely on its own, in hours, across thousands of programmes simultaneously. It does not get tired, does not need a salary, and does not need a decade of security training. Anyone with access to it gets, effectively, an army of expert hackers available at the push of a button.

To understand the scale of what it found during testing: Claude Mythos Preview identified thousands of zero-day vulnerabilities across every major operating system and every major web browser. A zero-day vulnerability is a flaw that even the software’s own developers did not know existed; there is no fix available the moment it is discovered, so whoever finds it first, defender or attacker, holds a complete advantage. Confirmed examples from Anthropic’s red team blog:

  • A 17-year-old flaw in FreeBSD that lets an attacker gain complete control of a server from anywhere on the internet, with no human involved, after the initial prompt
  • A 27-year-old bug in OpenBSD, an operating system that security experts consider extremely hard to compromise attackers
  • A 16-year-old flaw in FFmpeg, software that handles video playback on billions of devices


Why Anthropic restricted it: Anthropic acknowledged that the same capabilities that can bolster cyber defences can also be weaponised by attackers, and privately warned top government officials that Mythos makes large-scale cyberattacks significantly more likely this year. Rather than a public release, Anthropic launched Project Glasswing, a $100 million initiative giving access to critical industry partners, including Amazon Web Services, Apple, Cisco, CrowdStrike, Google, JPMorgan Chase, Microsoft, and Nvidia, to use Claude Mythos Preview for defensive security work. No Indian company features among the named partners.

What CERT-In said: The April 26 CERT-In advisory, issued under the Ministry of Electronics and Information Technology (MeitY), tells organisations to:

  • Treat every critical vulnerability as exploitable within hours of disclosure, not weeks
  • Apply critical patches within 24 hours of release
  • Monitor traffic to external AI tools to prevent employees from using unsanctioned services
  • Track the software and AI components used across systems, and require vendors to meet rigorous security standards

What Airtel said: Airtel’s chief technology officer, Randeep Sekhon, speaking at a Cellular Operators Association of India (COAI) event, confirmed the company is in active discussions with its suppliers, saying “we don’t do this, the software is owned by them.” Sekhon said vulnerabilities flagged so far are incremental software bugs rather than systemic infrastructure threats and that the government had not yet directly approached telecom operators on the issue.

What Vi said: Vodafone Idea’s chief executive, Abhijit Kishore acknowledged the growing focus on advanced AI systems and their ability to detect vulnerabilities and potential data security risks, without confirming specific partnerships or fix timelines.

What the Finance Ministry and banks are doing: Finance Minister Nirmala Sitharaman, on April 23, chaired a meeting with bank chiefs, Reserve Bank of India (RBI) officials, and MeitY representatives to assess the risks Claude Mythos poses to India’s financial systems. Sitharaman described the risks as “unprecedented” and called for a real-time threat intelligence sharing system across banks, CERT-In, and other agencies. Key outcomes of the meeting:

  • The Indian Banks’ Association (IBA) must build a coordinated cyber response mechanism
  • Banks must take preventive steps to ensure their systems remain secure and do not impact customers or their deposits
  • Banks must immediately report suspicious cyber activity to CERT-In
  • Both the Finance Ministry and the RBI maintain that the Indian banking system is currently secure

The National Payments Corporation of India (NPCI) wants early access to Claude Mythos to identify zero-day vulnerabilities in India’s payment systems before the AI model deploys more widely. However, India’s 2018 data localisation rules require payment system providers to store all transaction data exclusively on servers within India, while Mythos runs on strictly controlled servers in the United States, creating a direct compliance conflict that NPCI has not publicly resolved.

Furthermore, Bloomberg reported on April 21 that a small group of unauthorised users gained access to Mythos through a third-party vendor environment on the same day the model was announced, raising questions about whether restricted access controls are as airtight as Anthropic claims.

CERT-In’s compliance track record: The April 26 advisory is not CERT-In’s first attempt to enforce tight cybersecurity timelines. Its 2022 cybersecurity directions required all organisations to report incidents within six hours of detection, a mandate MediaNama reported at the time that cybersecurity experts called “a complete joke” and “not feasible at all”. The directions faced such pushback that CERT-In extended the compliance deadline for micro, small, and medium enterprises (MSMEs).

CERT-In’s 2022 annual report, which revealed it handled nearly 14 lakh cyber incidents that year, contained no statistics on how many entities actually complied with the directions. The new 24-hour patch requirement raises the same enforcement question.

The data protection angle: Airtel, Vi, and banks all qualify as data fiduciaries under the Digital Personal Data Protection Act, 2023 (DPDPA). As MediaNama has reported, a successful AI-driven breach of systems owned by their software vendors would constitute a personal data breach under the DPDP Rules, 2025, requiring data fiduciaries to notify affected users without delay and submit a detailed report to the Data Protection Board within 72 hours. Failure to report a breach carries a fine of up to Rs 200 crore. Neither Airtel nor Vi has clarified whether their current vendor contracts include mandatory patch timelines consistent with CERT-In’s 24-hour requirement.

A note of caution: Security researcher Bruce Schneier argued that a separate firm replicated some findings using older, cheaper models and that Project Glasswing is partly a PR exercise. Anthropic itself acknowledged that the long-run outcome is likely to favour defenders but warned that the transitional period will be fraught.

Also read: