惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Threat Research - Cisco Blogs
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
The Register - Security
The Register - Security
A
About on SuperTechFans
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
L
LangChain Blog
N
Netflix TechBlog - Medium
量子位
博客园 - 三生石上(FineUI控件)
宝玉的分享
宝玉的分享
H
Help Net Security
D
Docker
D
DataBreaches.Net
T
Tailwind CSS Blog
阮一峰的网络日志
阮一峰的网络日志
B
Blog
博客园 - 聂微东
Apple Machine Learning Research
Apple Machine Learning Research
Google DeepMind News
Google DeepMind News
The Cloudflare Blog
F
Full Disclosure
GbyAI
GbyAI
F
Fortinet All Blogs
Last Week in AI
Last Week in AI
Y
Y Combinator Blog
人人都是产品经理
人人都是产品经理
Recent Announcements
Recent Announcements
博客园 - Franky
MongoDB | Blog
MongoDB | Blog
有赞技术团队
有赞技术团队
博客园 - 叶小钗
小众软件
小众软件
V
Visual Studio Blog
月光博客
月光博客
Stack Overflow Blog
Stack Overflow Blog
The GitHub Blog
The GitHub Blog
Recorded Future
Recorded Future
J
Java Code Geeks
雷峰网
雷峰网
P
Privacy & Cybersecurity Law Blog
C
Cisco Blogs
C
Cyber Attacks, Cyber Crime and Cyber Security
AWS News Blog
AWS News Blog
Webroot Blog
Webroot Blog
美团技术团队
N
News | PayPal Newsroom
G
Google Developers Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
博客园_首页
V
Vulnerabilities – Threatpost

MEDIANAMA

India in talks with US, Anthropic for Mythos access; no Indian firms in Project Glasswing yet Eternal Q4FY26: All Users Pay Higher Platform Fee, Only Some Get Discounts Amazon, Meta to challenge PhonePe-Google Pay dominance as UPI cap delayed since 2020 Meta failed to protect the safety of under-13s: European Commission If markets and regulators are ready for network slicing, we are ready: JIO Why defining ‘news’ won’t fix the free speech problems of draft IT Rules? #NAMA Eternal Q4FY26: Goyal Dismisses AI Disruption Risk as Zomato Quietly Builds Agentic Commerce Infrastructure Karnataka files appeal challenging the bike taxi ban lift in the Supreme Court How did WhatsApp turn 17 govt. flags into 9,400 digital arrest scam bans? Google Wallet integrates Aadhaar as digital ID, expands India’s mobile identity ecosystem Kerala HC issues notice on MediaOne’s Facebook page block in India MeitY warns VPN providers against enabling access to blocked betting platforms Shreya Singhal targeted private censorship. Today’s threat is the State #NAMA Amazon scales its quick delivery service ‘Amazon Now’ in 100 cities Can MeitY issue binding rules via advisories? Experts raise alarm over draft IT Rules #NAMA How 2019 election code of ethics became India’s three-hour content takedown mandate #NAMA Australia proposes new levy on big tech to fund news, opens draft law for consultation ‘judge, jury, executioner’: experts warn of Inter-Departmental Committee (IDC) overreach under New draft IT Rules Lowdown: TRAI flags low deployment under PM-WANI in public Wi-Fi consultation paper Why the NBFC licence matters for MobiKwik China blocks Meta-Manus deal, asserts origin-country jurisdiction: what this means for India ‘No transparency’: experts warn of expanding powers to block online speech in India #NAMA X launches standalone iOS messaging app XChat with encryption in India How India’s content takedown framework was built and where It has gone wrong #NAMA Claude Mythos puts India on alert: CERT-In, telcos, banks assess unprecedented cyber risks Explained: why did the RBI cancel Paytm’s banking licence? Meta now instantly blocks content in India Govt. asks ZEE5 to halt ‘Lawrence of Punjab’ web series release Online Gaming Rules notified, to be in effect from May 1, what are the major changes? RBI mandates additional factor authentication for e-mandates No notice, no explanation, no recourse: how content creators experience censorship in India #NAMA Telangana Police invokes UAPA to demand TeluguScribe’s user data from X Lowdown: RBI releases draft PPI rules covering capital requirements, wallet limits & escrow norms MeitY tightens AI label rules, mandates continuous disclosure Watch Live: IT Rules and the Future of Online Speech in India, Delhi April 23, #NAMA Govt. defends 4 PM YouTube ban, cites foreign influence and ‘digital lobbying’ in Delhi HC Anthropic’s Mythos AI accessed without approval via third-party vendor route: Report YouTube expands AI likeness detection tool to celebrities amid deepfake surge ECI orders 3-hour takedown rule for AI and fake content in elections Final Call: IT Rules and the Future of Online Speech in India, Delhi April 23, #NAMA Announcing Speakers: Victims of Censorship | IT Rules and the Future of Online Speech in India, Delhi April 23, #NAMA Apple withholds financial data as India App Store antitrust case heads to final hearing Sony rolls out age checks in Playstation in the UK, users to prove age to access chat Vercel confirms hack via third-party AI tool, says sensitive data safe Karnataka High Court stays blocking orders against Proton Mail J&K DMs impose sweeping 60-day social media curbs; IFF calls them “illegal, overbroad” Flipkart plans ticketing entry, food delivery pilot in May ahead of IPO ANI v OpenAI: Not Everything an LLM Does is Copyright Infringement EU’s “safe by design” age-verification app cracked in minutes, raising data security fears Molitics’ Instagram suspended days after Facebook ban Speaker Announcement: IT Rules and the Future of Online Speech in India, April 23, 2026, Delhi X has only responded to 13 out of 94 takedown notices since 2024: Centre tells Gujarat HC Jio Financial Services Q4FY26 profit declines 14% to Rs 272 crore Bombay HC cracks down on fake ‘NSE’ social media handles amid rising impersonation fraud Government drops proposal to mandate Aadhaar app on smartphones Ola’s Krutrim quietly shuts down its agentic AI assistant ‘Kruti’ Anthropic taps Peter Thiel-backed Persona for Claude ID checks, raising DPDP concerns YouTube rolls out option to turn off Shorts, expands time controls Amnesty calls for ‘immediate withdrawal’ of India’s 2026 IT Amendment Rules, cites threat to free speech and privacy Lowdown: Insurers have to comply with DPDP as IRDAI updates Cyber Security Guidelines European Commission proposes Google have to share search data with rivals under the DMA AIGEG: MeitY’s new AI governance body excludes regulators recommended by its own AI guidelines Amazon acquires Globalstar for $11.57 Billion: What it means for India European Commission rolls out privacy-focused age verification app for child safety Reading List: IT Rules and the future of online speech in India, April 23, Delhi #NAMA Digital rule, colonial echo – India’s IT Rules 2021 amendments Agenda: IT Rules and the future of online speech in India, Delhi, April 23 #NAMA Motorola gets court order to block YouTube videos critical of its phones in India Apple and Google promote ‘nudify’ apps despite policy bans, report finds National security could be used to mandate registration of online games HBO Max enters India via JioHotstar partnership Andhra Pradesh police detain stand-up comedian Anudeep Katikala over YouTube video jokes Aptoide sues Google for app store monopoly, alleges ‘anticompetitive chokehold’ HBO Pushes X to Unmask User Behind Euphoria Season 3 Spoilers Delhi HC directs DoT, MeitY to take action against Tucows for failing to take down infringing URLs in Premier League case Claude users say accounts suspended after being incorrectly flagged as minors MeitY may let users, intermediaries join content-blocking hearings Sucheta Dalal challenges Delhi Court order using ‘Right to Be Forgotten’ in Sterling Biotech case Govt launches Rs 10,000 Cr Startup India Fund of Funds 2.0 to bridge early-stage funding gap in deep tech Advisories as Law? Panelists Debate Legal Sanctity Under Draft IT Rules Amendments Independent journalists in Punjab allege censorship by ruling AAP using copyright strikes, IT act Supreme Court Issues Notice on PIL Seeking Biometric Verification of Voters Fact-check: MP Nishikant Dubey’s claim on X community notes & Australian tax is false “No scientific evidence”: 438 scientists call for pause on age-based controls until benefits and risks understood Developer partially bypasses Google’s AI watermark, undermining detection India’s deepfake rules rely on Event Announcement: IT Rules and the Future of Online Speech in India, April 23, #NAMA UK plans jail risk for tech executives over failure to remove intimate images Press bodies demand ‘unconditional withdrawal’ of draft amendment to IT Rules, warns of free speech threat Zoho revenue crosses Rs 12,000 crore in FY25, but profit slips 3% YouTube’s AI avatar tool for Shorts raises questions around India’s deepfake rules, personality rights Instagram expands safety settings on teen accounts with 13+ content ratings Digi Yatra is eyeing international travel roll-out with passport-based enrolment Meta’s new AI model Muse Spark is coming to WhatsApp. Here is what that means for Indian users Andhra Pradesh explores DigiLocker age tokens for social media curbs on children aged 13-16 Kunal Kamra tells Bombay HC police sent “thousands” of takedown notices via Sahyog portal Extra safeguard for the elderly: RBI suggests trusted person approval for high-value digital payments Delhi court orders Google to remove Sterling Biotech case links, cites ‘right to be forgotten’ RBI Proposes 1-hour delay, customer controls for digital payments as frauds surge Should only MIB-authorised apps be allowed to stream free TV on Smart TVs? TRAI Seeks Inputs OpenAI releases child safety policy framework recommendations to combat AI-enabled CSAM
SEBI forms task force, orders immediate cybersecurity overhaul amid Claude Mythos concerns
Aakriti Bans · 2026-05-06 · via MEDIANAMA

The circular can be accessed here.

The Securities and Exchange Board of India (SEBI) has named Anthropic’s Claude Mythos in a circular dated May 5, ordering every regulated entity in Indian securities markets to immediately overhaul their cybersecurity infrastructure. SEBI is the first Indian financial markets regulator to name a specific AI model in a formal circular; CERT-In had first named Mythos across all sectors on April 26.

The circular covers stock exchanges, depositories, mutual funds, brokers, credit rating agencies, custodians, merchant bankers, and portfolio managers, among others.

SEBI’s concern: Mythos can identify and exploit vulnerabilities “using speed and scale,” threatening data confidentiality, application integrity, and reliability of outputs. Because all market participants are interconnected, one breach can trigger a domino effect across the entire ecosystem.

SEBI has also constituted a task force called cyber-suraksha.ai, comprising representatives from market infrastructure institutions (MIIs), qualified registrars and transfer agents (QRTAs), and other regulated entities, to examine AI-driven cybersecurity risks, share threat intelligence, report cyber incidents on priority, and review third-party vendor security posture.

What the circular requires:

  1. Patch immediately. All operating systems and applications must be updated right away. Where patches don’t exist yet, entities must use virtual patching, a temporary protective layer applied over a vulnerability when no official fix is available.
  2. Run AI-based vulnerability assessments. Entities must conduct Vulnerability Assessment and Penetration Testing (VAPT), simulated cyberattacks used to find weaknesses before real attackers do, continuously using both conventional and AI-based tools, in line with SEBI’s Cyber Security and Cyber Resilience Framework (CSCRF).
  3. Hold vendors accountable. Entities must engage third-party vendors on timely patching. Exchanges and depositories must specifically direct their empaneled application vendors to run comprehensive risk assessments on AI-led vulnerability detection models and implement safeguards, including patching, VAPT, and continuous monitoring.
  4. Lock down change management. Every system change, including minor ones, requires full documentation, impact analysis, structured review, rigorous testing, and secure deployment.
  5. Secure all APIs. An Application Programming Interface (API) is a connection point that lets different software systems communicate; in financial markets, APIs connect brokers, exchanges, and payment systems. The circular requires:
  • Updated inventory of all APIs and apps using them
  • Strong authentication on a least-privilege basis (users get access only to what they strictly need)
  • Rate limiting and throttling to detect abuse
  • Connections only via whitelist

6. Overhaul SOC monitoring. A Security Operations Centre (SOC) monitors an organisation’s systems for threats around the clock. The circular requires:

  • Daily monitoring of all systems and networks including low-priority alerts that are typically ignored
  • Implementation of a SOAR (Security Orchestration, Automated Response) playbooks integrated with SIEM (Security Incident and Event Management) solutions for automated threat detection and response
  • Fast-track onboarding onto the Market SOC (M-SOC), a centralised 24×7 security platform run by NSE and BSE
  • MIIs to run workshops to help entities integrate with M-SOC

7. Include AI as a risk scenario. Periodic risk assessments must now explicitly model AI model capabilities as a threat scenario.

8. Harden systems. Entities must adopt secure configurations, disable unnecessary services and default accounts, and enforce Zero Trust Network Architecture (ZTNA), a security model that requires verification at every step, assuming no user or system is trustworthy by default.

9. Update software inventory. Entities must periodically update their Software Bill of Materials (SBOM), a complete list of all software components, including open-source code, for all critical applications.

10. Build long-term AI defence. All regulated entities must prepare a long-term plan for using AI in detection and autonomous agentic mitigation, where AI systems independently identify and respond to threats without waiting for human instruction, including AI-augmented SOC transformation.

Why this matters: SEBI naming Mythos in a circular is a significant regulatory moment. As MediaNama has reported, no Indian company, bank, or government agency has secured access to Mythos under Project Glasswing, Anthropic’s $100 million restricted access programme. MeitY Secretary S. Krishnan confirmed on April 28 that India is still working out logistics with US authorities.

This creates a structural contradiction: SEBI is ordering Indian financial institutions to defend against a model they cannot access to defend themselves with. Claude Security, Anthropic’s enterprise defensive tool, gives Indian firms an indirect path through Infosys as a named partner, but runs on Opus 4.7, which produces two working exploits on the Firefox 147 benchmark against Mythos’s 181, a 90x capability gap.

MediaNama founder Nikhil Pahwa identified the core problem: “A tool that compresses attack timelines without compressing defense timelines increases systemic risk before it improves security.”

The data localisation conflict also remains unresolved. India’s 2018 rules require payment system providers to store all transaction data on servers within India, while Mythos is hosted on US-based servers. The National Payments Corporation of India (NPCI) has not publicly addressed this.

Finance Minister Nirmala Sitharaman chaired a meeting on April 23 with Reserve Bank of India (RBI), NPCI, Indian Banks’ Association (IBA), and CERT-In officials, calling the Mythos threat “unprecedented.” CERT-In has separately issued a high-severity advisory directing organisations to treat every newly disclosed vulnerability as exploitable within hours, not weeks.

Also read: