Connect with us

NEWS

PNB To Spend ₹3,400 Crore On AI And Cyber After Mythos Alarm

Published

on

Punjab National Bank is throwing roughly ₹3,400 crore at AI and cybersecurity this fiscal year, with about a fifth of that earmarked purely for cyber defenses, as Indian lenders rush to harden systems against a new class of AI-driven attacks. Executive Director D Surendran told Reuters on Tuesday that PNB has more than doubled the pace of its security audits to 24/7 and is fast-tracking firewall purchases. The trigger, he made clear, is the same model regulators in Washington, London, and Mumbai have been quietly briefing bank chiefs about for weeks: Anthropic’s Claude Mythos.

That makes PNB the first major state-run Indian bank to put a hard rupee figure on its Mythos response, three weeks after Finance Minister Nirmala Sitharaman called Mumbai’s biggest lenders into an emergency meeting on the model.

The ₹3,400 Crore Number, Decoded

The headline figure breaks into two very different buckets. The full ₹3,400 crore covers AI tooling, fraud monitoring, predictive analytics, customer-service automation, and digital banking modernization across PNB’s 10,000-plus branch network. Around 20 percent of that, between ₹700 crore and ₹800 crore (roughly $73.5 million to $84 million), is ring-fenced for cybersecurity alone.

Surendran said that cyber slice is more than 50 percent higher than last year. “We don’t want to compromise on this kind of expenditure,” he told Reuters, adding the bank will spend more if needed.

For context, PNB just posted its highest-ever annual net profit of ₹16,904 crore for FY26, with Q4 net profit climbing 14.4 percent year-on-year to ₹5,225 crore. The cyber budget alone now eats roughly five percent of full-year profit. That’s a heavy line item for a bank whose Q4 net interest margin slipped to 2.61 percent from 2.96 percent a year earlier, per its PNB Q4 FY26 financial disclosure.

Where The Money Actually Goes

  • AI fraud monitoring and predictive analytics: real-time scoring of transactions to flag mule accounts and account-takeover attempts
  • Cybersecurity infrastructure: next-gen firewalls, endpoint detection, network segmentation, and 24/7 audit instrumentation
  • Generative AI and data analytics: a fresh Request for Proposal is going out to hire specialist consultants
  • Digital banking modernization: upgrades to PNB One, the bank’s mobile app, and back-end core systems
  • Customer service automation: AI-driven assistants and call-center tooling

Why Mythos Has Bankers Spooked

Anthropic released Claude Mythos Preview on April 7 under a controlled rollout it calls Project Glasswing. Internal testing of the model surfaced thousands of severe security vulnerabilities across major operating systems and browsers, many of them long-undisclosed zero-days. An earlier Claude generation found about 20 vulnerabilities in Firefox; Mythos found nearly 300, according to Anthropic CEO Dario Amodei’s remarks on the cyber ‘moment of danger’.

Amodei has put the patch window at six to 12 months before Chinese AI catches up. That is the timeline PNB and every other regulated bank now plans against.

The danger is just some enormous increase in the amount of vulnerabilities, in the amount of breaches, in the financial damage that’s done from ransomware on schools, hospitals, not to mention banks.

That warning came from Amodei this week, and it explains the urgency in Surendran’s language. Indian banks run on stacks where COBOL middleware still talks to modern UPI rails. If autonomous AI can spot decade-old flaws in days, the historical “weeks to patch” window collapses. Oton Technology covered the Firefox finding in detail in this look at how Mythos surfaced 271 bugs Mozilla had missed for years.

Sitharaman’s April 23 Wake-Up Call

The PNB announcement does not exist in a vacuum. On April 23, Finance Minister Nirmala Sitharaman pulled bank CEOs, RBI officials, NPCI executives, and CERT-In into a closed-door review on Mythos-class threats. IT Minister Ashwini Vaishnaw joined.

“The new challenge, which is coming in the name of Mythos, about which not much is known, not very many people have tested or tried,” Sitharaman said at the meeting, per ANI. She called the risks “unprecedented” and ordered banks to lift cyber monitoring, retain specialist consultants, and report incidents to CERT-In in real time.

The Indian Banks’ Association was tasked with building a unified threat-intelligence mechanism so that an attack on one bank becomes shared signal for all. PNB’s spending pattern, particularly the audit-frequency lift and the consultant RFP, maps directly onto that directive.

What Other Regulators Are Doing In Parallel

  1. U.S. Treasury and Federal Reserve: Secretary Scott Bessent and Chair Jerome Powell convened JPMorgan, Goldman, Citi, Bank of America, and Morgan Stanley on April 7. The Sullivan & Cromwell memo on Treasury’s bank CEO Mythos briefing documents what was said.
  2. Bank of England: Held parallel talks with major UK banks and cybersecurity officials.
  3. SEBI: India’s market regulator stood up a task force, covered in Oton Technology’s report on the SEBI cyber-suraksha.ai task force naming Claude Mythos.
  4. IMF: Flagged Mythos as a macro-financial stability risk, with emerging markets named as the most exposed cohort.

The Fraud Numbers PNB Is Trying To Get Ahead Of

The Mythos-shaped fear is layered on top of a fraud problem that is already bleeding Indian customers. According to data on the Press Information Bureau briefing on cyber frauds in Digital India, the National Cyber Crime Reporting Portal logged about 28 lakh fraud cases in 2025, with reported losses near ₹22,931 crore.

  • $2.5 billion: total digital payment scam losses in India in 2025
  • 4,300 percent: rise in digital payment fraud volumes since 2021
  • 2.5 million: Indians estimated to have been hit in a single year
  • ₹2,000 crore: losses tied to “digital arrest” scams alone, with most operations traced to Myanmar, Cambodia, and Laos

Bank-reported numbers paint a different but still ugly picture. Banks reported 11,615 fraud cases worth ₹3,497 crore in FY25, with card and internet fraud accounting for 66.8 percent of cases by volume. The catch: nearly 90 percent of frauds reported to RBI in any given year actually occurred in earlier years, meaning current-year exposure is almost certainly understated.

The Quiet Goldmine: PNB Already Has A 24/7 Audit Cadence

Most coverage has focused on the headline rupee figure. The operationally interesting line is buried in Surendran’s quote: “We have increased our frequency of audit… now we have made our audit process 24/7 so that the criticality will be identified fast.”

For a public-sector Indian bank, that is a structural shift. Traditional PSU audit cycles run quarterly or, at best, monthly. Continuous auditing requires telemetry pipelines, automated control testing, and a security operations center capable of triaging signals in minutes. It also implies PNB has either already retained or is about to retain a managed detection and response provider, given the bank does not run that capability natively at scale.

Pair that with the in-flight RFP for generative AI consultants and the picture sharpens: PNB is buying capability faster than it is building it, a pragmatic move when the patch window is measured in months, not years.

The PSB Hackathon Angle Nobody’s Connecting

Separately, PNB and IIT Kanpur are running a 2026 hackathon series themed “Quantum-Proof Systems for Public-Facing Applications.” The branding reads forward-looking, but the timing alongside the Mythos response is not coincidental. Quantum-resistant cryptography and AI-resistant detection are increasingly bundled in procurement conversations across Indian PSUs.

That is the bet PNB seems to be hedging: defend against the AI threat that exists today while building for the cryptographic threat that arrives tomorrow.

How PNB’s Spend Compares

Bank Reported FY26 Cyber/IT Posture Trigger
PNB ₹3,400 crore total IT, ~₹700-800 crore cyber, +50% YoY Mythos, Sitharaman directive
JPMorgan Chase Internal Mythos testing partner under Project Glasswing Treasury/Fed briefing
Goldman Sachs Internal Mythos testing Treasury/Fed briefing
Deutsche Bank Active engagement with European regulators on Mythos EU regulator outreach
Indian PSU peers Cyber budgets under board review post-April 23 Sitharaman directive

The disclosed numbers from US banks remain opaque because none have published a Mythos-specific budget line. PNB’s willingness to volunteer the figure, in rupees and as a year-on-year delta, sets a transparency bar few peers will want to match.

What This Means For PNB Customers

For the bank’s roughly 180 million customers, the practical changes will roll in quietly. Expect more friction on high-value transfers, more aggressive flagging of unusual login patterns on PNB One, more device re-binding prompts, and slower clearance for first-time beneficiaries on account-to-account transfers.

RBI is already pushing a one-hour cooling period for some account-to-account transfers and has rolled out MuleHunter.ai to 23 banks as of December. PNB’s own AI fraud layer will plug into that ecosystem rather than replace it.

Frequently Asked Questions

Will My PNB Transactions Get Slower Because Of This?

Yes, but only on flagged scenarios. Routine UPI payments and intra-bank transfers should run at normal speed. Expect added friction on first-time beneficiaries, high-value account-to-account transfers, unusual device logins, and overseas transactions. RBI is also testing a one-hour delay on some account-to-account transfers across the system. If a transaction gets flagged, PNB One will typically prompt for re-authentication or a brief hold, not an outright block.

Is PNB One Safe To Use Right Now?

Yes. There is no public report of a Mythos-linked breach at PNB. The bank’s 24/7 audit cadence and firewall procurement are preventive, not reactive. Keep PNB One updated to the latest version on the Play Store or App Store, enable biometric login, and never share OTPs. If you spot an unauthorized transaction, report it within three working days through the 1930 helpline or your branch to limit liability under RBI’s customer protection framework.

What Is Claude Mythos And Should I Worry As An Account Holder?

Claude Mythos is Anthropic’s frontier AI model that can find software vulnerabilities at unprecedented speed. The risk is to the banks running the software, not directly to your account. Your exposure rises only if attackers exploit a bank-side flaw before it is patched. Mitigations on your end remain standard: strong unique passwords, two-factor authentication, no clicking links from SMS or WhatsApp claiming to be from PNB, and reviewing your statement weekly.

How Do I Report A Suspicious Transaction On My PNB Account?

Call the national cybercrime helpline 1930 immediately, file a complaint at cybercrime.gov.in within 24 hours, and inform your home branch. Block the affected card or account through PNB One under the “Manage Cards” or “Block Account” section. Under RBI’s customer liability rules, reporting within three working days caps your loss at ₹25,000 for most cases, while delays beyond seven days can shift the full liability onto you.

Will The ₹3,400 Crore Spend Push Up PNB’s Service Charges?

Unlikely in the short term. The bank is funding the spend out of operating profit, which rose 9.2 percent in FY26 to ₹29,290 crore. PNB has also kept its FY27 loan growth target at 12-13 percent, which suggests management sees room to absorb the cost. Watch the next two quarterly results for any service-charge revisions in the small print, particularly on debit card annual fees and SMS alert charges.

The bigger question now is whether other PSU lenders, including SBI, Bank of Baroda, and Canara Bank, will publish comparable budgets or quietly follow PNB’s lead without disclosure. Surendran’s willingness to put a number on the table reframes what counts as adequate transparency in Indian banking cyber posture. For depositors, the next signal worth watching is the IBA’s threat-intelligence framework taking shape, expected before the end of FY27 Q1.

Disclaimer: This article reports on a publicly disclosed corporate technology spending plan and related regulatory developments. It is for informational purposes only and does not constitute investment, banking, or cybersecurity advice. Account holders with specific concerns about transaction limits, customer liability, or fraud reporting should consult Punjab National Bank’s official channels or a qualified financial professional. Figures and quotes cited are accurate as of publication and may be revised by the bank or Reserve Bank of India in subsequent disclosures.

Logan Pierce is a writer and web publisher with over seven years of experience covering consumer technology. He has published work on independent tech blogs and freelance bylines covering Android devices, privacy focused software, and budget gadgets. Logan founded Oton Technology to publish clear, no nonsense tech news and reviews based on real hands on testing. He has personally tested and reviewed dozens of mid range and budget Android phones, written extensively about app privacy, and built and managed multiple WordPress publications over the past decade. Logan holds a bachelor's degree in English and studied digital marketing at a certificate level.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending