India’s markets regulator, the Securities and Exchange Board of India (SEBI), has sounded an alarm to financial institutions over Anthropic’s Claude Mythos and a new class of artificial intelligence tools that could pose severe cybersecurity risks.

In an advisory issued on Tuesday, SEBI announced setting up of a task force ‘Cyber Suraksha AI’ to examine cybersecurity risks and assess digital infrastructure security against challenges posed by frontier AI models like Mythos.

The advisory signed by Deputy General Manager Mamata Roy of SEBI comes after India’s Finance Minister Nirmala Sitharaman asked Indian banks to brace for severe cybersecurity risks associated with advanced AI models.

In SEBI’s advisory, the regulator has flagged the ability of AI models to detect and exploit software vulnerabilities at unprecedented speed. The regulator warned that these tools are capable of identifying “zero-day” flaws and, in some cases, generating working exploits almost instantly. The advisory is addressed to the Indian securities markets including stock exchanges, credit institutions, brokers, mutual funds and merchant bankers

SEBI’s 10-point advisory tells regulated entities to immediately patch all operating systems and applications, and to use virtual patching as a stopgap where fixes are not yet available.
Vulnerability assessments using conventional tools as well as AI-based ones where suitable and security audits must be conducted on a continuous basis under SEBI’s existing Cyber Security and Cyber Resilience Framework (CSCRF). 

Exchanges and depositories have been told to push their empaneled vendors, who supply commercial off-the-shelf software to market members, to assess risks from AI-led vulnerability detection models and roll out safeguards including patching, Vulnerability Assessment and Penetration Testing (VAPT), continuous monitoring, and hardening.

Also Read: India’s CERT-In Flags Claude Mythos as High-Severity