India's top securities regulator has sounded an alarm, urging financial market participants to urgently reassess and strengthen their cybersecurity measures in response to the rapid advancement of artificial intelligence. The Securities and Exchange Board of India (SEBI) issued an advisory on Tuesday, May 5, 2026, highlighting the potential for AI-driven tools to create new avenues for cyberattacks.
AI's Double-Edged Sword in Cybersecurity
The SEBI advisory specifically points to AI models designed for identifying software vulnerabilities, such as Anthropic's Mythos, as a potential catalyst for a surge in cyberattacks. These advanced tools, while beneficial for legitimate security testing, can also be weaponized by malicious actors. The regulator observed that "the rapid evolution of emerging technologies including AI-driven vulnerability identification tools (E.g. Claude Mythos) has introduced new dimensions of risks for Regulated Entities." The concern is that such tools could enable attackers to discover and exploit existing system weaknesses with unprecedented speed and scale, thereby increasing the risk exposure for financial institutions and other regulated entities.
Beyond vulnerability exploitation, the advisory also flags concerns related to data confidentiality, application integrity, and the reliability of AI-generated outputs. As AI becomes more integrated into business operations, ensuring the security and trustworthiness of these systems becomes paramount. The SEBI's proactive stance aims to prevent a scenario where sophisticated AI tools become the enablers of widespread cybercrime within India's financial sector.
Taskforce and Proactive Defense Strategies
In response to these evolving threats, SEBI has established a dedicated taskforce. This interdisciplinary group will be responsible for examining the specific risks posed by AI models like Mythos, facilitating the sharing of crucial threat intelligence among market participants, reporting cybersecurity incidents, and initiating a review of cybersecurity practices among third-party software vendors that serve the regulator and the entities it oversees. This multi-pronged approach underscores the seriousness with which SEBI is treating the potential impact of AI on cybersecurity.
The advisory also provides a set of fundamental cybersecurity recommendations for market players. These include ensuring all software patches are up-to-date, conducting thorough audits to identify potential vulnerabilities, maintaining inventories of all Application Programming Interfaces (APIs) and securing them, operating a robust Security Operations Center (SOC) and actively heeding its recommendations, and hardening systems through the adoption of principles like zero-trust networking and the principle of running only essential services. Furthermore, SEBI has directed IT committees within equity market entities to develop guidance on mitigating AI-related risks and to formulate strategies for incorporating AI into their own cybersecurity arsenals.
The move by SEBI reflects a broader trend in India's cybersecurity landscape, which has seen a significant increase in sophisticated attacks. Reports from earlier in 2026 indicated a rise in Advanced Persistent Threats (APTs) targeting critical infrastructure and defense sectors, alongside an increase in ransomware and AI-generated phishing attacks. The focus on AI by the securities regulator suggests a forward-looking approach to cybersecurity, acknowledging that defense strategies must evolve in tandem with technological advancements.