At the time that Anthropic unexpectedly implemented the US government's export control directive on its powerful AI model Fable, I was using it, trying to strengthen security for my vibe-coded apps one by one. With one sweep, Fable's usage was stopped for anyone who was not a US national.
Fable is a restricted version of Anthropic's powerful Mythos AI model, which has found security vulnerabilities in well-maintained software containing code that has been security-tested for as long as 16 yrs. These are called zero-day vulnerabilities: security loopholes and gaps that remain undiscovered, and can be used to launch attacks on software before they're identified and fixed. One well-known zero-day vulnerability was in WhatsApp when Pegasus used it to infiltrate devices couple of years ago, which was subsequently patched.
Fable was restricted, and meant to be used to identify and fix vulnerabilities, not exploit them. By banning its use for foreign nationals, the US has prevented the rest of the world from securing its critical software and defending itself. So, the model that was restricted is not uniquely dangerous. This affirms sovereign control over frontier AI models, and that developing frontier models is now a national security consideration.
There is precedent for this. During Trump 1.0, the US briefly restricted security updates for Android OS on Huawei devices. China's response was to develop its own mobile OS, HarmonyOS. Most Indian handsets run Android, and US tech companies power significant infrastructure in India.
The rest of India needs to follow Kerala's approach and adopt open-source technologies, especially when it comes to critical deployments. So, how sovereign will the infrastructure that OpenAI-TCS builds be, especially given OpenAI's deal with the US Department of War? We must be clear that sovereign AI means that deployments are on Indian soil, and all control resides with Indian companies, with no external kill switch.
When Anthropic announced a partnership with TCS, the same day it pulled Fable, Dario Amodei's 'commitment to India, our second-largest market, rang hollow. When Anthropic launched Project Glasswing, its effort to 'secure the world's most critical software', partners listed were Amazon Web Services (AWS), Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Linux Foundation, Microsoft, NVIDIA and Palo Alto Networks - US companies, US interests, US infrastructure.
Anthropic had the opportunity to give access to its partners Infosys, which runs Finacle in banking, and TCS, which runs a host of India's digital infra, including passport and tax systems, with access to highly sensitive personal data that's now at risk. We need to recognise that for companies like ChatGPT and Anthropic, India is a market for AI products, and nothing more.
The Nishikant Dubey-chaired parliamentary standing committee on IT should seek answers from Anthropic's representatives in India on what the company's obligations are to Indian infrastructure operators - whether Project Glasswing access will be extended to companies running India's critical systems, and what conditions govern any future access suspension.
India's cybersecurity agencies are out of their depth. CERT-In's response to the panic that spread after Claude announced Mythos AI was to hold meetings with Indian infrastructure providers to ask them what they could do to strengthen cybersecurity against Mythos. It is next to impossible to detect and address zero-day vulnerabilities, and bureaucratic checkbox exercises serve no purpose.
We need less theatre and more competence. Indian committees often look for big names and credentials, not competence. These are specialised areas where expertise matters.
Nandan Nilekani's suggested focus on India building AI applications over developing its own LLMs should alone disqualify him from any key role. Let's also not forget that Aadhaar was so badly built that read-write access to the database was being sold on WhatsApp groups for ₹500.
We need to build AI capacity. Atal Tinkering Labs (ATL) is a laudable initiative for encouraging school students to build tech. India AI Impact Summit in New Delhi in February did well in promoting AI diffusion. We need more such summits to encourage students. Importantly, we need interventions at university and industry levels.
Allow universities to monetise research, and professors and students to start companies with university support. Build a marketplace that rewards innovation and expertise. Consider launching a special visa, with perks, to attract AI talent to the country. India also needs to strengthen IndiaAI Mission, provide hardware and encourage competition in AI model development, and not just put all its eggs in the Sarvam basket.
India is the second-largest market and largest available market for US tech companies in terms of user base. They have significant investments and customers here. We need to use market access as a mechanism to build leverage with the US, especially since it's clear that the win-win era of geopolitics is over, and that access to frontier technology is being used to exacerbate vulnerability. If that means that Anthropic won't get access to the Indian market if it doesn't give access to the latest frontier models, so be it.
For those looking to strengthen their deployments, OpenRouter has made available a version of the Fable AI model. Critical infrastructure providers should use that to secure their deployments in the absence of access to Fable from Anthropic.
.jpeg?w=600)
