SEBI Names Claude Mythos in Historic Circular, Orders Immediate Cybersecurity Overhaul Across Indian Securities Markets

The Securities and Exchange Board of India has issued a directive targeting Anthropic's Claude Mythos model, marking the first time a domestic financial markets regulator has explicitly named a specific AI system in a formal circular. SEBI's May 5 order compels every regulated entity in India's securities ecosystem to immediately overhaul cybersecurity infrastructure, signaling an unprecedented level of regulatory urgency around AI-enabled threats.

The directive covers stock exchanges, depositories, mutual funds, brokers, credit rating agencies, custodians, merchant bankers, and portfolio managers. SEBI's core concern: Mythos can identify and exploit system vulnerabilities at speeds and scales previously unseen, threatening data confidentiality, application integrity, and output reliability. The regulator warns that because all market participants operate within a tightly interconnected ecosystem, a single breach involving the AI model could trigger cascading failures across the entire financial system. CERT-In had previously flagged Mythos across all sectors on April 26, making SEBI the first financial regulator to act on that designation.

SEBI has simultaneously constituted a task force called cyber-suraksha.ai, drawing representatives from market participants to coordinate the response. The dual action—mandatory overhaul plus coordinated task force—reflects the regulator's assessment that AI-enabled threats require both immediate compliance measures and sustained institutional coordination. The directive positions India at the forefront of financial-sector AI governance, setting a precedent other regulators may follow as AI model capabilities continue to outpace existing security frameworks.