IAS/UPSC Coaching Institute  

25 Apr 2026 : AI Security Governance

Article 1: AI Security Governance

Why in News: Anthropic is in talks with India to safeguard critical infrastructure from emerging cybersecurity threats posed by its advanced AI model Mythos.

Key Details

  • Anthropic is engaging with India to secure banking, energy, and telecom infrastructure from AI-driven cyber risks.
  • Its new AI model Mythos can autonomously detect serious software vulnerabilities, raising global concerns.
  • The Government of India has initiated discussions through the Ministry of External Affairs and financial regulators.
  • The Finance Ministry has advised banks to maintain high vigilance and coordination mechanisms against AI-based threats.

Critical Infrastructure Security in India

  • Definition & Importance: Critical infrastructure includes sectors like banking, power, telecom, transportation, and defence, whose disruption can severely impact national security and economic stability.
  • Legal & Policy Framework: India protects such assets under the Information Technology Act, 2000, and policies like the National Critical Information Infrastructure Protection Centre (NCIIPC) guidelines.
  • Growing Vulnerabilities: Increasing digitalisation, cloud computing, and interconnectivity have expanded the attack surface, making infrastructure more vulnerable to cyberattacks.
  • Recent Focus Areas: The financial sector, digital payments (UPI), and smart grids are particularly sensitive, requiring real-time threat monitoring and resilience planning.

Artificial Intelligence and Cybersecurity Threats

  • AI as a Double-Edged Sword: AI enhances cybersecurity through automation but also enables advanced cyberattacks such as automated hacking, phishing, and malware generation.
  • Mythos Model Risk: Anthropic’s Mythos reportedly identifies critical vulnerabilities in operating systems and browsers, outperforming most human experts.
  • Weaponisation of AI: AI tools can be used to exploit zero-day vulnerabilities, posing unprecedented risks to governments and corporations.
  • Global Concern: Countries like the US are studying such models to develop defensive capabilities, indicating AI’s growing role in national security.

India’s Cybersecurity Architecture

  • Institutional Framework: India has established bodies like CERT-In, NCIIPC, and National Cyber Coordination Centre (NCCC) for cyber defence.
  • National Cyber Security Policy (2013): Aims to create a secure cyber ecosystem, though it requires updating to address AI-driven threats.
  • Digital India & Risks: Initiatives like Digital India and fintech expansion have increased efficiency but also created new vulnerabilities in cyber space.
  • Capacity Challenges: India faces a shortage of skilled cybersecurity professionals and lacks advanced indigenous AI defence capabilities.

Global AI Governance & Strategic Competition

  • Geopolitics of AI: AI is becoming a tool of strategic competition among major powers like the US, EU, and China, especially in cyber warfare and surveillance.
  • Regulatory Efforts: The European Union’s AI Act and global discussions on AI ethics highlight the need for responsible AI governance.
  • Democratic Collaboration: Companies like Anthropic advocate for “allied democracies” collaboration to ensure secure and ethical AI deployment.
  • India’s Position: India is emerging as a key player, balancing innovation, regulation, and security concerns in AI governance.

Financial Sector Vulnerability & Preparedness

  • High-Risk Sector: Banking systems are prime targets due to large-scale digital transactions and sensitive data.
  • Government Response: The Finance Ministry has urged institutions to maintain high vigilance and coordination mechanisms against AI-based threats.
  • Systemic Risk: AI-driven cyberattacks can trigger financial instability, data breaches, and loss of public trust.
  • Need for Coordination: Strengthening collaboration among RBI, banks, and cybersecurity agencies is crucial for real-time response mechanisms.

Ethical AI & Responsible Deployment

  • Precautionary Approach: Anthropic has restricted public release of Mythos, reflecting the principle of “safety before scalability”.
  • Project Glasswing: Designed to help companies strengthen cyber defences before AI deployment, indicating proactive risk mitigation.
  • Ethical Concerns: Issues like misuse, bias, and lack of accountability require robust ethical frameworks.
  • India’s AI Policy Direction: India is working towards responsible AI frameworks focusing on inclusivity, safety, and innovation.

Conclusion

India must adopt a multi-layered cybersecurity strategy integrating AI capabilities, institutional coordination, and global cooperation. Updating cyber laws, investing in indigenous AI security tools, and strengthening public-private partnerships are essential. As AI evolves rapidly, ensuring secure, ethical, and resilient digital infrastructure will be critical for safeguarding national interests.

EXPECTED QUESTION FOR UPSC CSE

Prelims MCQ

Q. Which of the following institutions is responsible for responding to cybersecurity incidents in India?

(a) NITI Aayog

(b) CERT-In

(c) RBI

(d) SEBI

Answer: (b)