India Gets Claude Mythos Keys: CERT-In, Banks — IT Firms Out

India did not get a public Mythos download link on June 4 — a handful of Indian cyber, telecom, banking, and finance organizations received controlled preview access to Claude Mythos under Anthropic's expanded Project Glasswing, while major IT services vendors were left off the list, government officials told Economic Times and The Hindu BusinessLine.

"Gets keys" in headline terms means gated API access with security reviews, not keys on GitHub.

What Anthropic Announced

On June 2, 2026, Anthropic posted that ~150 additional organizations in more than 15 countries joined Project Glasswing, extending Claude Mythos Preview beyond the initial ~50 partners (clouds, banks, hardware majors) from April 2026.

Anthropic's public note stresses partners defend critical infrastructure — power, water, health, communications, finance, national security — where a major attack could affect 100M+ people.

The company does not publish org names or country lists, but confirmed to Indian outlets that India is included.

What India Actually Received

Economic Times (June 3–4 reporting) cited senior officials:

• Single-digit count of Indian orgs so far (public + private)
• Sectors: cybersecurity, telecom, banking, finance
• No major Indian IT outsourcing giants on the early list
• Government pushing to widen access; CERT-In (national cyber agency) likely in the preview pipeline
• MeitY engaged ~two months with US counterparts to secure access so Indian critical infrastructure is not stuck patching blind while US peers use Mythos-class tooling

India Today and News9 echoed the same framing: tight controls, infrastructure defenders first, RBI already analyzing Mythos alongside global regulators after April's launch spooked finance ministries.

Why IT Services Were Excluded (For Now)

Mythos is not a coding copilot. It is an offensive-security-capable frontier model Anthropic and the White House already fought over expanding (White House blocked wider Mythos rollout after 1,726 confirmed CVEs).

Letting every global IT body shop touch Mythos preview would multiply misuse and credential theft risk. Sectoral filtering — banks and CERT teams first — matches Glasswing's defensive patching mission, not TCS/Infosys contract velocity.

Developers at outsourcers still patch the same FFmpeg, OpenSSL, Linux bugs Mythos finds — they just do it without Mythos in the loop until access broadens.

Technical Implications for Indian Dev and SecOps Teams

If you run critical infra in India:

1. Expect dual-speed patching — partners with Mythos may get earlier flaw reports routed via Glasswing; you still owe your own scanning
2. Do not wait for Mythos — April Mythos runs already surfaced 10,000+ high/critical issues industry-wide; see developer patch action list
3. Supply-chain audits — banks with preview access may demand faster SBOM proof from vendors still excluded
4. Data residency — preview terms likely restrict cross-border prompt data; architecture reviews should assume no Mythos prompts leave approved environments

Finance angle: April launch triggered RBI and Finance Ministry warnings to tighten defenses — preview access is acknowledgment that regulators want parity, not relaxation.

How This Fits Global AI Security Politics

Glasswing is Anthropic's attempt to coordinate defensive patching faster than adversaries copy Mythos-class capability — Amodei's 6–12 month adversary window still applies in India as much as the US.

India sitting inside the tent beats reading about 1,726 CVEs in press releases after US banks patch first. Excluding IT majors signals capacity-constrained rollout, not a snub.

Cross-read Uber token caps vs engineers for how even AI buyers hit budget walls — Glasswing is the opposite problem (too much capability, tightly rationed).

Tooling: track model costs on LLM API Pricing; Mythos itself is not a public API product.

Key Takeaways

• June 2, 2026: Anthropic added ~150 orgs, 15+ countries to Project Glasswing / Mythos Preview
• India: single-digit early orgs in cyber, telecom, banking, finance — not big IT firms
• CERT-In and wider govt access in negotiation; MeitY pursued access for ~two months
• "Keys" = vetted preview credentials, not open weights or public endpoints
• Developers: patch cadence pressure rises; excluded vendors must still match Glasswing-disclosed flaw velocity
• Watch: IT sector inclusion, RBI guidance, White House view on India expansion, adversary replication timeline

Sources

• Indian cyber, telecom, banking get Mythos — Economic Times
• India gets Claude Mythos access — Hindu BusinessLine, June 3 2026
• Anthropic — expanding Project Glasswing (company post)
• India Today — selective org access, June 3 2026