Relevance: GS III (Internal Security – Cyber Security & Science and Technology) | Source: The Indian Express
1. What is the Crisis? (The Context)
Recently, India’s top ministries (Finance, IT, and External Affairs) held urgent, high-level meetings regarding a massive new cyber threat.
- The Threat: A new, highly dangerous Artificial Intelligence (AI) model called ‘Mythos’, created by a US-based company named Anthropic.
- The Government’s Action: This is not a future problem; it is happening right now. The government has ordered the Indian banking sector to unite and build a strong defense. Simultaneously, the Ministry of External Affairs is talking directly with the AI company to protect India before this AI is released to the public.
2. Why is the ‘Mythos’ AI So Dangerous?
Normal AI helps us write emails or code. ‘Mythos’ is dangerously different because of these three reasons:
- Automatic Hacking: In tests, Mythos successfully hacked complex systems all by itself, without needing any human guidance.
- Finding “Zero-Day” Flaws: It can instantly find deep, unknown weaknesses in global computer systems. (When hackers attack a weakness before the software company can issue a fix, it is called a “Zero-Day Exploit”).
- The Big Fear (Weaponization): If cyber-criminals get their hands on this AI, they could launch massive, automatic attacks on India’s power grids, hospitals, and banks, easily overpowering human security guards.
3. How is India Defending Itself? (The Action Plan)
To fight this unique “AI-born challenge,” the administration is taking two major steps:
- United Banking Shield: Individual banks cannot fight advanced AI alone. Therefore, the government has asked the Indian Banks’ Association (IBA)—currently led by the State Bank of India (SBI)—to lead a joint defense. Banks are pooling their money and technology to protect citizens’ savings.
- Pre-emptive Action (Project Glasswing): The creator of the AI (Anthropic) knows it is dangerous. So, they started Project Glasswing. Through this, they are secretly working with democratic countries (like India) and tech giants to fix global software weaknesses before they release the Mythos AI to the public.
4. The Way Forward for Administration
India’s entire economy runs on Digital Public Infrastructure (DPI) like UPI and Aadhaar. A cyberattack on these systems would paralyze the country.
- We are now entering an era of “Machine vs. Machine” warfare. Human cyber-experts are no longer enough.
- The administration must heavily fund and create domestic “Defensive AI.” These are AI guards that run 24/7, automatically hunting for and fixing weaknesses in our own networks before enemy AI can find them.
The Trap
- The “Nodal Agency” Trap: UPSC often tries to confuse the roles of cyber agencies. An exam statement might claim, “CERT-In is the exclusive agency legally mandated to protect India’s Critical Information Infrastructure (CII) like banking networks.” Incorrect. While CERT-In responds to everyday cyber incidents, the special statutory body legally made to protect critical sectors (like banking and power) is the National Critical Information Infrastructure Protection Centre (NCIIPC).
UPSC Value Box
| Key Concept / Body | Simple Meaning |
| Critical Information Infrastructure (CII) | Defined under Section 70 of the IT Act, 2000. These are computer systems so vital that their destruction would ruin national security, the economy, or public health (e.g., Banks, Power Grids). |
| NCIIPC | National Critical Information Infrastructure Protection Centre. The central intelligence agency specifically mandated to protect India’s CII from cyber threats. |
| CERT-In | Computer Emergency Response Team – India. The national agency that responds to active, day-to-day cybersecurity incidents (like a digital fire brigade). |
| NPCI | National Payments Corporation of India. The organization that runs UPI. Protecting NPCI from AI attacks is the government’s top financial security priority. |
With reference to India’s cybersecurity framework and digital infrastructure, consider the following statements:
- Under the Information Technology Act, 2000, core banking and financial networks are classified as Critical Information Infrastructure (CII).
- The National Critical Information Infrastructure Protection Centre (NCIIPC) is the nodal agency for protecting CII in India.
- The National Payments Corporation of India (NPCI), which manages the Unified Payments Interface (UPI), operates as a statutory body under the Ministry of Finance.
Which of the statements given above is/are correct?
(a) 1 and 2 only
(b) 2 and 3 only
(c) 1 and 3 only
(d) 1, 2 and 3
Correct Answer: (a)
Share This Story, Choose Your Platform!
Start Yours at Ajmal IAS – with Mentorship StrategyDisciplineClarityResults that Drives Success
Your dream deserves this moment — begin it here.