PNB Pumps Billions More Into Cybersecurity as AI Models Like Anthropic’s Mythos Threaten Banks

Punjab National Bank has raised its cybersecurity allocation to 7-8 billion rupees, over 50% higher than last year and 20% of its tech budget. Citing risks from AI models like Anthropic’s Mythos, the lender accelerated tool purchases and shifted to 24/7 audits. The move mirrors wider regulatory pressure from Finance Minister Sitharaman and the RBI. Indian banks now coordinate defenses through the IBA while overall security spending heads toward $3.4 billion in 2026.
PNB Pumps Billions More Into Cybersecurity as AI Models Like Anthropic’s Mythos Threaten Banks
Written by Sara Donnelly

Punjab National Bank has drawn a line in the sand. The lender, India’s third-largest state-run bank by market capitalization, now directs roughly 20% of its technology budget toward cybersecurity. That slice equals 7 billion to 8 billion rupees, or about $73.5 million to $84 million, for the current financial year. The sum marks more than a 50% jump from the year before.

Executive director D Surendran delivered the numbers in a recent interview. He left little doubt about priorities. “We don’t want to compromise on this kind of expenditure,” Surendran said. The bank stands ready to spend even more if threats demand it. And threats have changed.

Advanced artificial intelligence models now sit at the center of concern. Reuters first reported how models such as Anthropic’s Mythos have raised alarms inside boardrooms and regulatory offices. These systems can probe software for weaknesses faster and more creatively than earlier tools. They turn defense into a moving target.

PNB isn’t waiting. It has accelerated purchases of firewalls, detection systems and other security technology. Audits no longer run on a schedule. The bank shifted them to round-the-clock operation. “We have increased our frequency of audit… now we have made our audit process 24/7 so that the criticality will be identified fast,” Surendran explained. Speed matters when attacks can unfold in minutes.

The move aligns with a wider push across Indian finance. Last month Finance Minister Nirmala Sitharaman convened bank chiefs, the Reserve Bank of India, NPCI and CERT-In. The meeting examined how AI could weaponize vulnerabilities in banking systems. Sitharaman later stressed that past success offers no guarantee. “What we’ve had and therefore proved ourselves — that we are careful and protective of our customers — may not be sufficient,” she told reporters. “They need to be there, they need to improve, they need to grow. But we need something new and something far more versatile to counter the newer threats which are likely to come.”

Her comments, carried by The Economic Times, followed direct discussions with Electronics and Information Technology Minister Ashwini Vaishnaw and other officials. Banks now coordinate through an Indian Banks’ Association-led effort headed by the State Bank of India chairman. The group will map vulnerabilities, review vendor risks and explore ways to turn AI into a defensive asset. Assessments begin in the coming weeks.

Industry spending data backs the urgency. Gartner projects Indian organizations will direct $3.4 billion toward information security in 2026. That figure reflects an 11.7% increase from the prior year, driven by AI-powered attacks and tighter rules. Mathrubhumi English highlighted the forecast and quoted analysts who see regulatory pressure compounding the technical challenge.

Public-sector banks in particular feel the heat. Several have signaled higher information-technology budgets with cybersecurity as the main focus. UCO Bank’s leadership indicated its spending would rise, according to reports that echoed PNB’s stance. The pattern suggests a sector-wide reallocation even as loan books expand.

PNB itself posted solid results alongside its security announcement. Net profit climbed more than 14% to 52.25 billion rupees. Loan growth reached 12.7% while deposits rose 9.2%. The bank aims for 12% to 13% loan expansion in fiscal 2026-27, centered on small and medium enterprises plus retail. Deposits should increase 9% to 10%. Strong performance gives management room to fund protection without immediate pressure on margins.

Yet the numbers tell only part of the story. Earlier this year PNB ran its first cybersecurity hackathon aimed at malware defense. The initiative, covered by The Times of India, sought fresh ideas from developers and ethical hackers. Such programs signal an attempt to build internal talent and awareness beyond vendor contracts.

Regulators have tightened expectations. The RBI’s updated cybersecurity framework for 2025-26 demands continuous monitoring, stronger encryption, zero-trust principles and board-level accountability. Banks must now run large-scale simulated attacks and prove their ability to recover. Third-party risk management receives extra scrutiny because many lenders depend on the same cloud providers and fintech partners.

Finance Minister Sitharaman’s call for real-time intelligence sharing adds another layer. Banks, CERT-In and government agencies should exchange threat data immediately rather than after incidents. The mechanism aims to shorten the window between detection and response. In an environment where AI can generate convincing phishing campaigns or discover zero-days overnight, that window shrinks daily.

PNB’s 24/7 audit shift offers a concrete example of adaptation. Traditional periodic reviews miss fleeting intrusions. Constant oversight, paired with automated tools, raises the odds of catching anomalies before damage spreads. Surendran’s insistence that spending will rise if needed suggests the current allocation represents a floor, not a ceiling.

Other institutions watch closely. Recent coverage from Rediff noted that public-sector banks broadly plan to lift information-technology budgets to safeguard customer data and financial assets. The concern over Anthropic’s Claude Mythos tool appears repeatedly as a catalyst. Its reported capabilities have forced executives to reconsider assumptions about attack sophistication.

The broader context includes India’s rapid digital payments growth. UPI transactions continue setting records. Each new user and merchant adds another endpoint. NPCI’s role in the recent high-level meeting reflects worries that a breach in the payments infrastructure could cascade quickly. Hence the emphasis on collective defense rather than isolated efforts.

Still, challenges remain. Attracting and retaining top cybersecurity talent competes with private technology firms and global banks. Many institutions lean on outside specialists while trying to develop in-house expertise. The IBA-led process may help standardize certain tools and training, yet implementation speed will vary.

PNB has chosen visibility. By disclosing both the spending increase and operational changes, it sets a benchmark. Surendran’s comments leave no ambiguity. Security ranks alongside loan growth and deposit mobilization as a strategic imperative. The bank’s profit rise and steady asset-quality improvement provide the financial flexibility to act on that view.

Whether 7 billion to 8 billion rupees proves enough will depend on how quickly threats evolve. AI models improve monthly. Attackers adopt them faster than many defenders anticipate. For now PNB bets that higher budgets, constant audits and faster procurement will keep it ahead. Other banks will soon reveal if they share the same conviction.

Markets have taken note. PNB shares reacted modestly to the earnings and security updates. Investors appear to accept the trade-off between higher costs today and lower risk tomorrow. In an industry where trust underpins every transaction, that calculation carries weight.

Subscribe for Updates

AISecurityPro Newsletter

A focused newsletter covering the security, risk, and governance challenges emerging from the rapid adoption of artificial intelligence.

By signing up for our newsletter you agree to receive content related to ientry.com / webpronews.com and our affiliate partners. For additional information refer to our terms of service.

Notice an error?

Help us improve our content by reporting any issues you find.

Get the WebProNews newsletter delivered to your inbox

Get the free daily newsletter read by decision makers

Subscribe
Advertise with Us

Ready to get started?

Get our media kit

Advertise with Us