Mythos vs. Daybreak: The AI Cyberwar Started Without India

On May 11, 2026, two events rewired cybersecurity forever — in the same 24-hour window. India was present in neither room. Here is exactly what happened, why it matters, and what every Indian CISO must do before the window closes.

Dhananjay Rawal·Founder & Director, iManEdge·EC-Council C|CISO Hall of Fame 2025·~2,200 words · 9 min read

 

10,000+Critical vulns found by Mythos in weeks

May 11Date AI zero-day was first confirmed in the wild

0Indian orgs publicly named in Project Glasswing

---

Monday, May 11, 2026 will be studied in security strategy courses for decades. Two bulletins arrived within hours of each other — and together, they closed a chapter in cybersecurity history that most Indian CISOs haven't even opened yet.

The Day That Redefined Everything

First: OpenAI announced a new cybersecurity initiative called Daybreak, using its large language models, Codex's agentic capabilities, and security partners to root out risk and call defense into action. Partners included Cloudflare, Cisco, and CrowdStrike. Broad commercial access. Available now.

Second — and this is the part that should keep you awake: Google's Threat Intelligence Group reported that it had disrupted an attempted cyber operation involving the use of AI models to develop and weaponise a zero-day software vulnerability for broad exploitation. GTIG assessed with "high confidence" that an unidentified malicious actor employed an AI model to develop and weaponise a previously unknown zero-day exploit, enabling the actor to bypass two-factor authentication on an open-source, web-based system administration tool.

The theoretical became operational. On the same day. By coincidence or by convergence — it doesn't matter. The signal is unmistakable: the AI cyberwar is no longer a future event.

"AI is industrialising cybercrime. It allows both attackers and defenders to operate faster."

— Google Threat Intelligence CTO, May 2026

Mythos — The Weapon Anthropic Won't Release (But Already Deployed)

Before we talk Daybreak, understand the order of events — because it matters enormously.

Five weeks before Daybreak, Anthropic quietly introduced Claude Mythos Preview. Not through a press release. Not at a conference. Through a restricted program called Project Glasswing, with roughly 50 hand-selected organisations: AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks, and other partners in the open source community.

Anthropic's own language from the Glasswing announcement was deliberately alarming: Claude Mythos Preview is a general-purpose, unreleased frontier model that reveals a stark fact: AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities.

Mythos Preview has already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser. This is not a product launch. This is a controlled weapons deployment.

Those early partners collectively identified more than 10,000 high- or critical-severity security flaws, underscoring the raw detection power of Mythos-class AI models when applied to enterprise and infrastructure codebases.

"The same capabilities that make AI models dangerous in the wrong hands make them invaluable for finding and fixing flaws in important software." — Anthropic

Two days ago — June 3, 2026 — Anthropic expanded Project Glasswing, bringing 150 more organisations into the initiative, including sectors such as healthcare, energy, communications, technology, and other infrastructure operators spanning more than 15 countries. The FT also reported several organisations that have been given access to Mythos, including: US-based identity and security management tool Okta; South Korean companies Samsung, SK Hynix, and SK Telecom; NATO, the US-led military alliance headquartered in Brussels; and the EU's cybersecurity agency ENISA.

No Indian organisation is publicly listed.

Daybreak — The Commercial Bet

OpenAI made a different call. Daybreak combines OpenAI models, Codex Security, and cyber-focused GPT-5.5 variants to help organisations identify, validate, and prioritise software vulnerabilities. Daybreak builds editable threat models from a company's code repository, analyses realistic attack paths, validates likely vulnerabilities in isolated environments, and helps teams focus on exploitable issues instead of noisy alerts.

The philosophy is fundamentally different from Glasswing. Where Anthropic said "this is too dangerous to release broadly," OpenAI said "the best defense is widespread deployment." Both positions are intellectually defensible. Both carry profound risk.

	Anthropic — Mythos / Glasswing Restricted	OpenAI — Daybreak Commercial
Access model	Gated, vetted, sovereign partnerships	Commercial, broad access
Philosophy	Defensive-first, controlled release	Widespread adoption = best defense
Risk posture	Proliferation risk outweighs access gap	Access gap creates attacker asymmetry
Geographic focus	US, EU, NATO-aligned nations	Global
India access	Not publicly listed in Glasswing	Available — at cost, in foreign cloud

The Google Bombshell — Theory Became Fact

Every CISO in India needs to internalise the technical reality of what Google confirmed on May 11.

March 2026 — Pre-attack

A cybercrime group called TeamPCP compromised several GitHub repositories, including those tied to the LiteLLM AI gateway library and vulnerability scanner Trivy, embedding a credential stealer called SANDCLOCK in affected build environments, extracting cloud secrets including AWS keys and GitHub tokens. Your AI integration layer — LiteLLM, which connects your software to OpenAI, Anthropic, and others — was already a vector.

May 11, 2026 — Confirmation

The exploit targeted a popular open-source web-based system administration tool. It allowed attackers to bypass two-factor authentication once they had valid user credentials. The flaw stemmed from a semantic logic error — a hardcoded trust assumption that contradicted the application's authentication enforcement. The method was a Python exploit. Researchers at GTIG determined that the zero-day exploit was written as a Python script and exhibited patterns indicative of large language model involvement.

Now — The precedent

Writing a working zero-day exploit has historically required deep specialist knowledge and significant time. Google has high confidence that AI was used to compress both requirements. The barrier to state-grade cyberattack just dropped by an order of magnitude. And it will drop further.

The same AI models being marketed as defensive tools are already being reverse-engineered and weaponised by adversaries. Someone — state-sponsored or criminal — built a Mythos-equivalent, pointed it at real infrastructure, and had a mass-exploitation campaign staged and ready.

The India Problem

Critical Gap — India's position in the AI security order

Korean chaebols are in Glasswing. NATO is in Glasswing. ENISA is in Glasswing. India — a G20 economy with the third-largest internet user base, an active APT target, and declared sovereign tech credentials — is not publicly named. This is not an oversight. It is a structural signal.

Anthropic has warned explicitly: "Within 6 to 12 months, we expect that many other AI companies will have Mythos-class models, and they could release them without safeguards that prevent misuse. In that world, cyberattacks could occur much more often, and in much more unpredictable forms."

When that moment arrives, nations inside Glasswing will have already stress-tested their critical infrastructure using Mythos-class capabilities. Nations outside it will be responding to the first wave of attacks in real-time. That is the two-tier defensive world that is being built right now — and India is on the wrong side of the line.

There is a second, more immediate problem. The Center for Internet Security published a formal report on April 1, 2026 warning that prompt injection attacks — in which malicious instructions hidden in documents, emails, or code that an AI tool is allowed to read can redirect the model's behaviour — represent a serious and growing threat. Every Indian enterprise that has deployed a GenAI tool — Copilot, Gemini, Claude, any agent — now has a prompt injection attack surface that its legacy security stack was never designed to see.

What Indian CISOs Must Do — Now

I have been saying this for three years: the Indian enterprise does not have a technology deficit. It has a sovereignty deficit. Here is the action agenda:

• Audit your AI integration attack surface immediately. Every AI API call, every SDK integration, every MCP connector — treat them as potential SANDCLOCK vectors. LiteLLM was the point of compromise. What is yours?
• Implement NHI governance now. Cloud secrets, AI provider credentials, GitHub tokens — the LiteLLM breach was about API key exfiltration. Non-human identities are the fastest-growing unmonitored attack surface in Indian enterprise.
• Upgrade your threat modelling to detect LLM-generated exploit patterns. AI-generated exploits leave fingerprints — code that exhibits LLM-generation patterns gives defenders a new signal for threat hunting. Your SIEM doesn't know how to look for this yet. Make it learn.
• Engage CERT-In and MeitY on a sovereign Glasswing equivalent. India needs an AI-augmented vulnerability disclosure programme — built on Indian-origin models, operated under DPDPA jurisdiction, covering Indian critical infrastructure. This is not aspirational. It is urgent.
• Stop treating AI security tools as optional. The old security playbook — scan at CI, pentest before release, patch after disclosure — is broken. AI-assisted research has compressed vulnerability discovery timelines to near-zero. Enterprises that are still debating procurement are already behind.

The Sovereign Imperative

Mythos and Daybreak are extraordinary capabilities. They deserve genuine respect. Both labs are making high-stakes bets on how to navigate a genuinely unprecedented moment in security history.

But neither was built for Bharat. Neither operates under DPDPA. Neither stores data in Indian jurisdiction. Neither maps to Aadhaar, PAN, VPA, or the 40+ indigenous PII identifiers that define Indian data fiduciary obligations. And both require sending your code, your vulnerability maps, and your threat intelligence into foreign sovereign infrastructure.

When your codebase and its full vulnerability map live in a US hyperscaler's AI pipeline — and that pipeline is governed by the CLOUD Act — who really owns your threat intelligence?

The AI cyberwar started without us in the room. Glasswing is expanding. The window to establish operating norms — sovereign, defensible, Indian — is measured in months, not years.

Choose which side of that line you want to be on. Then act accordingly.

Jai Gurudev.

Dhananjay Rokde

Founder & Director · iManEdge Digital Services Bharat Pvt. Ltd. · EC-Council C|CISO Hall of Fame 2025 · CRISC | CGEIT | CIPP | AIGP | CCISO

 

#SecuringBharat #MakeInIndia #CyberSecurity #AI #CISO #DSPM #ZeroDay #Glasswing #Daybreak #Mythos