New Delhi, May 3 (PTI) Public sector banks are bracing up to increase IT spending in order to secure their systems, safeguard customer data, and protect monetary resources amid global concerns over Anthropic's Claude Mythos AI tool and its potential implications for financial data security.
Mythos' advanced coding capabilities give it an unprecedented potential to detect cybersecurity weaknesses and develop methods to exploit them, sparking concerns that it could be used to disrupt banking systems.
In view of this new challenge, banks have to definitely increase their investments in IT to make their system more robust and reduce vulnerabilities with regard to cyber attacks, Punjab & Sind Bank MD and CEO Swarup Kumar Saha told PTI.
He said the bank is going to increase its IT spending this financial year to meet the challenges posed by new technology.
Besides, UCO Bank MD and CEO Ashwani Kumar said the bank's IT spending is going to be higher than last financial year, and a major part would go towards cyber security.
These statements assume significance in view of Finance Minister Nirmala Sitharaman urging banks to take all necessary pre-emptive measures to secure their IT systems after Mythos exhibited its capability to find weaknesses in their operating system and launch a potential cyber attack.
"Banks in India are now entering a phase where they have to see IT spend from a 'cost of running' to a 'cost of surviving' spend. Frontier AI systems, especially the unreleased models like Anthropic's Claude Mythos, do not create a new category of risk; they collapse the timelines of every existing one," said Srinivas L, Joint MD & Joint CEO, 63SATS Cybertech Limited, a subsidiary of 63 moons technologies limited.
The window between a public vulnerability of a software/platform disclosure and its weaponisation has compressed from 19 days in 2023 to under 72 hours today. On the other hand, banks are still operating on patching and response cycles designed for a 2019 threat surface, so they are basically defending 2026 attacks with 2019 SOPs, Srinivas said, adding that the common instinct has been to add more tools.
To deal with such challenges, the government has formed a panel under SBI Chairman C S Setty to assess risks emanating from the AI platform Mythos and come up with mitigating measures.
There will be a lot of interaction among banks over the next few weeks to understand the threats and also look at the areas where additional investments will be required, Sitharaman said last week.
Mythos has raised alarm bells among regulators, who see it as a significant challenge to the banking sector and its legacy technology systems.
Banks and financial institutions are most vulnerable as there is high interconnected (payments, markets, clearing systems) and dependence on legacy IT systems operating in real-time.
One successful cyberattack can cascade quickly across institutions and markets as one bank is linked to many domestic and global institution for inward and outward payment, forex trading, money market exposure, stock market linkage, depositories and payment gateway, etc.
The pilot launch of Claude Mythos on April 7 raised global concern with regard to their potential hacking capacity. During tests, Anthropic, the US-based artificial intelligence company, found that the latest model was highly skilled at cybersecurity and hacking tasks, outperforming humans.
"Mythos preview has already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser," Anthropic claimed.
Anthropic gave 12 tech companies access via Project Glasswing, which it described as "an effort to secure the world's most critical software".