Claude Mythos Preview: When AI Turns Fraud Into an Industry of Fear

Claude Mythos Preview: A Frontier AI Built to Find What Hackers Cannot

Anthropic's Mythos is not just another chatbot, not merely a faster Claude, and certainly not a routine software upgrade. It is an unreleased frontier Artificial Intelligence model, placed under the guarded umbrella of Project Glasswing, because Anthropic says its capability in finding and exploiting software vulnerabilities has reached a level that could reshape cybersecurity itself. The promise is dazzling: an AI that can help Apple, Google, Microsoft, Amazon, NVIDIA, CrowdStrike, Palo Alto Networks, JPMorgan Chase, the Linux Foundation and others discover hidden weaknesses before criminals or hostile states do. The peril is equally stark: if such a model leaks, is misused, or is copied, it could lower the cost of sophisticated cyberattacks and place near-state-level hacking power in far less responsible hands. The controversy around Claude Mythos Preview therefore captures the central paradox of frontier AI: the same intelligence that may protect civilization's digital foundations may also expose their deepest cracks.

Also Read:Digital Arrest: How Cyber Criminals Exploit Fear to Defraud Victims

Anthropic's Mythos is not merely a technological milestone; it is a stress test for the entire architecture of digital trust. While earlier discussions focused on banks, regulators and systemic risk, the sharper and more immediate danger lies elsewhere — in the living rooms of ordinary citizens. The rise of scams such as digital arrest, where fraudsters impersonate law enforcement or regulators to psychologically coerce victims into transferring money, reveals a deeper truth: modern cybercrime is no longer about breaking systems; it is about breaking people.

With the advent of AI systems capable of identifying vulnerabilities, crafting exploits and scaling operations — the industrialisation of deception may reach a new and disturbing phase. Such tools could supercharge fraud against Indian customers, and that is why the Finance Minister's recent warning must be read in this context, and what this means for the future of financial safety.

From OpenAI Roots to Constitutional AI: How Anthropic Built Claude Mythos Preview

Anthropic was founded in 2021 by a group of researchers who had previously worked at OpenAI, including Dario Amodei (CEO) and Daniela Amodei. The founding motivation was both technical and philosophical: they believed that as AI systems become more powerful, alignment — ensuring AI behaves safely and predictably — would become the defining challenge of the field.

Anthropic's core product line is the Claude family of AI models, which compete directly with GPT models. However, unlike many competitors, Anthropic has consistently emphasised what it calls "Constitutional AI" — a method of training models to follow a set of explicit principles rather than relying solely on human feedback.

Anthropic describes Claude Mythos Preview as a general-purpose, unreleased frontier model whose coding capability can surpass all but the most skilled humans at finding and exploiting software vulnerabilities. That is the core of the matter. Mythos is not being treated like an ordinary consumer AI product because its most dramatic value lies in cybersecurity: it can help trained defenders locate weaknesses in browsers, operating systems, cloud systems, open-source software and financial infrastructure.

Under Project Glasswing, Anthropic has given limited access to selected organisations responsible for critical software and infrastructure, including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA and Palo Alto Networks.

The name Project Glasswing is therefore apt. A glasswing butterfly appears transparent, delicate and beautiful; Anthropic's project similarly promises transparency and protection, but it also reveals how fragile the modern digital order has become. The world runs on software that nobody fully sees, fully understands, or fully audits. Banks, telecom networks, stock exchanges, hospitals, airports, defence suppliers and governments depend on millions of lines of code, much of it layered over decades, patched repeatedly, and supported by open-source maintainers who often carry civilisational weight without civilisational resources. Claude Mythos Preview enters this landscape like a searchlight. It can illuminate the hidden cracks. But a searchlight in the wrong hands can also guide the burglar.

Also Read:Patent Filings in India Surge—Are Universities Faking Innovation?

Five Concerns Behind a Restricted Release

The immediate concern is dual use. A model that can help defenders find vulnerabilities can also help attackers exploit them. Reuters reported that Mythos has raised concern because it can identify software vulnerabilities across major systems and browsers, while experts warn that such systems may be able to exploit unknown vulnerabilities faster than institutions can patch them. Anthropic itself has acknowledged the potential public safety, economic stability and national security implications of the technology.

The second concern is containment. There are media reports that unauthorised users accessed Anthropic's Claude Mythos Preview model shortly after its limited release; Anthropic reportedly investigated access believed to have occurred through a third-party vendor environment. Even if the unauthorised users did not use it for cybersecurity exploitation, the episode cuts to the heart of the matter. A cyber-supertool that cannot be perfectly contained becomes a risk multiplier. The breach is not merely an embarrassment; it is a warning about vendor chains, evaluator access, credential discipline and the difficulty of securing frontier models that are too dangerous for ordinary release.

The third concern is systemic finance. There is also anxiety among bank regulators, and public reporting confirms that banks and regulators have been closely tracking Mythos. Reuters reported that major banks, including JPMorgan, Bank of America, Goldman Sachs, Morgan Stanley and Citigroup, received access under Project Glasswing, while regulators in Europe, Asia and the UK discussed risks around the model during the IMF spring meetings. The fear is not just that one bank might be hacked. The fear is that an AI capable of rapidly mapping vulnerabilities in legacy banking systems could expose weaknesses across interconnected payment, settlement, trading and customer platforms.

The fourth concern is fairness and concentration. If only a few giant banks or technology firms get early access, they may become safer than their rivals, but the system as a whole may remain unevenly exposed. German Bundesbank President Joachim Nagel reportedly called for wider institutional access, warning that Mythos is a double-edged sword and that Europe must prevent misuse while avoiding competitive imbalance. That is a sharp regulatory point: a defensive tool restricted to a privileged circle may become a private moat as much as a public shield.

The fifth concern is Anthropic itself. Anthropic's public identity rests on safety, constitutional AI and responsible scaling. Its Responsible Scaling Policy is a voluntary framework for managing catastrophic risks from advanced AI systems, and its 2026 version ties more dangerous capabilities to stronger safeguards. But Mythos exposes the limits of voluntary governance. The company may be sincere, sophisticated and safety-conscious; yet sincerity is not a substitute for enforceable accountability. When one private company holds a model that regulators, central banks and critical infrastructure operators fear could affect public safety and economic stability, the question becomes constitutional in spirit even if commercial in form: who elected Anthropic to decide access, timing, risk thresholds and acceptable use?

Anthropic's rivals are equally important to the story. In the frontier AI race, Anthropic competes most directly with OpenAI, Google DeepMind, Meta, xAI, Mistral AI, Cohere, DeepSeek and other model developers, while also competing indirectly with Microsoft, Amazon and NVIDIA in the wider AI stack of cloud, chips, platforms and enterprise distribution. The rivalry is not only about model performance. It is about trust, enterprise adoption, developer ecosystems, safety reputation, compute access, government contracts and control over the future interface between humans and machines. Mythos gives Anthropic a distinctive edge in cybersecurity, but it also places the company under a harsher spotlight than a normal chatbot launch would have done.

Also Read:AI Summit: Hype, Hard Truths, and India’s AI Gap

The United States response is still a mixture of urgency, fragmentation and strategic ambition. The White House's AI Action Plan emphasises American leadership in frontier AI, infrastructure, national security and international diplomacy, while NIST's AI Risk Management Framework and Generative AI Profile offer voluntary risk-management guidance for organisations deploying generative AI.

CISA has also framed AI as both an opportunity for cybersecurity and a threat vector requiring protection of critical infrastructure. Yet the Claude Mythos Preview episode shows the gap between frameworks and real-time crisis governance. When a frontier model suddenly appears capable of changing the cyber balance, voluntary standards, agency roadmaps and inter-agency briefings may not be enough.

The EU approach is more legalistic and system-based. The EU AI Act creates obligations for general-purpose AI models, with special attention to models posing systemic risk, while the General-Purpose AI Code of Practice provides a route for providers to demonstrate compliance on transparency, copyright, safety and security. Anthropic has said it intends to sign the EU Code of Practice, describing it as aligned with transparency, safety and accountability. This gives Europe a stronger formal architecture than the United States, but Europe's challenge is execution. A model like Mythos moves at machine speed; regulation moves at institutional speed. The EU may have the better rulebook, but the question is whether the referee can keep up with the match.

How Claude Mythos Preview Could Supercharge Digital Arrest Scams in India

There is a quiet but devastating shift underway in cybercrime, and India has already begun to experience its consequences. The phenomenon popularly referred to as "digital arrest" is a telling illustration. In these cases, fraudsters impersonate officials — often from the police, the Central Bureau of Investigation, the Enforcement Directorate or even the Reserve Bank of India — and inform unsuspecting victims that they are under investigation for financial crimes.

The victim is told that their accounts are being monitored, that they must cooperate to avoid arrest, and that funds must be "secured" or "verified." What follows is not hacking in the traditional sense, but psychological capture. The victim, overwhelmed by fear, complies.

This is where Claude Mythos Preview-like capabilities fundamentally alter the equation.

Until recently, such scams relied on crude scripts, broken language, and limited personalisation. The fraudster's success depended on chance and persistence. With advanced AI, that changes dramatically. A system capable of analysing vast datasets, generating fluent multilingual communication, and simulating institutional authority can transform a low-grade scam into a highly convincing, targeted operation.

Imagine a fraudster equipped with AI that can generate: a flawless impersonation of a bank officer speaking in the victim's native language, complete with regional accent; a real-time script tailored to the victim's profile — age, location, transaction habits, even recent banking activity if data leaks are available; official-looking documents, notices, and legal threats indistinguishable from genuine communications; and dynamic responses that adapt to the victim's hesitation, questions, or attempts to verify authenticity.

The fraud ceases to be generic. It becomes bespoke intimidation at scale.

The Finance Minister's warning about AI-driven cyber risks must therefore be interpreted not merely as a concern for institutional cybersecurity, but as an alarm about citizen-level vulnerability. India's digital financial revolution has brought millions into the formal system, often with limited financial literacy and minimal exposure to sophisticated fraud tactics. For these users, the interface of trust is fragile. A convincing voice call or message from an "authority" is often sufficient to trigger compliance.

Mythos-like tools could lower the cost of such deception to near zero while increasing its effectiveness exponentially.

There is also a darker dimension. The concept of "digital arrest" thrives on fear of authority. In India, where enforcement agencies command significant public respect — and sometimes apprehension — this fear can be weaponised.

AI systems can amplify this by simulating authority with uncanny precision. A deepfake video call showing a uniformed officer, a digitally generated FIR with correct legal language, or a synchronised multi-channel attack involving calls, emails and messages can create a closed loop of perceived legitimacy. The victim no longer questions reality; they surrender to it.

Also Read:Deepfakes Leveled Up in 2025 — Here’s What’s Coming Next

The risk is not confined to individuals. As such scams proliferate, they can erode trust in institutions themselves. If citizens begin to doubt whether a call from a bank or regulator is genuine, the entire communication architecture of the financial system weakens. Trust, once fractured, is difficult to restore.

The interplay between Mythos-like systems and such frauds is therefore not incidental; it is structural. Mythos is designed to identify vulnerabilities in systems. But human beings — particularly under stress — are the most exploitable vulnerabilities of all. When AI extends its reach from code to cognition, from systems to psychology, the attack surface expands dramatically.

What Claude Mythos Preview Means for Indian Banking and Regulators

This is why the implications for Indian banking are profound. Banks may invest heavily in firewalls, encryption and intrusion detection, but if customers themselves become the entry point, the defence perimeter collapses. A customer who voluntarily transfers funds under coercion bypasses every technical safeguard. The fraud is "authorised" in the system's eyes, even though it is morally and legally fraudulent.

The regulatory response must therefore evolve beyond traditional cybersecurity frameworks. It is no longer sufficient to secure systems; regulators must secure interactions. Banks must treat every customer communication channel — calls, messages, emails, apps — as a potential vector of attack. Real-time fraud detection must incorporate behavioural analytics that can flag unusual transactions triggered by distress patterns. Customer education campaigns must move from generic warnings to vivid, scenario-based awareness, explaining exactly how such scams operate.

There is also a case for stronger institutional signalling. Regulators like the Reserve Bank of India and enforcement agencies must repeatedly and unequivocally communicate that no legitimate authority will ever demand fund transfers under threat. This message must be amplified across languages, regions and media formats. In a country of India's diversity, a one-size-fits-all warning will not suffice.

The legal framework may also need recalibration. The burden of proof and liability in such cases is complex. When a customer is coerced through sophisticated deception enabled by AI, should the loss rest entirely on the individual? Or should banks, telecom providers and digital platforms share responsibility for failing to detect and prevent such patterns? These questions will become increasingly urgent.

India stands at a critical juncture. Its digital financial ecosystem is a global model, but it is also a vast and intricate network of trust. Preserving that trust in the age of AI-driven deception will require a fusion of technology, regulation, education and vigilance.

If Mythos represents the future of cyber capability, then "digital arrest" represents the future of cybercrime. One is sophisticated, systemic and strategic. The other is personal, psychological and immediate. Between them lies the ordinary citizen — whose trust, savings and security will define whether this new era becomes one of empowerment or exploitation.

The way forward lies in recognising that the battlefield has shifted. Cybersecurity is no longer just about protecting machines from hackers; it is about protecting people from manipulation. AI systems like Mythos accelerate both sides of this equation. They can help defenders identify weaknesses, but they can also help attackers exploit them — not just in software, but in human behaviour.

The way forward must also begin by abandoning the old Silicon Valley slogan of "move fast and break things." In ordinary software, that slogan was costly. In frontier cyber-capable AI, it may be reckless. Mythos-type systems require licensed access, independent security audits, mandatory incident disclosure, strong third-party vendor controls, regulator-supervised red-teaming, sector-wide vulnerability-sharing protocols and clear liability rules when restricted models leak or are misused. Critical infrastructure regulators should not merely be briefed after the fact; they should be embedded in controlled evaluation regimes before deployment. Banks and technology firms receiving access should be required to share defensive findings through trusted channels, not hoard them as competitive intelligence.

The future will not wait. AI-assisted cyber defence is inevitable because human-only cybersecurity cannot keep pace with machine-speed threats. But AI-assisted cyber offence is equally inevitable unless contained by design, law and international coordination. Mythos may therefore be remembered either as the moment when the world learned to use frontier AI to harden its digital foundations, or as the moment when vulnerability discovery became industrialised beyond human control. The technology is powerful; the governance is immature. That gap is where the danger lives.