India Issues Red Alert as Regulators Brace for AI-Driven Cyberattacks
India’s securities regulator has ordered financial market participants to urgently harden their systems against the threat of AI-accelerated cyberattacks, specifically citing risks posed by Anthropic’s Mythos vulnerability-finding tool.

India’s Securities and Exchange Board (SEBI) has issued an urgent advisory to the nation’s financial sector, warning that AI-driven vulnerability identification tools, specifically Anthropic’s Mythos, could trigger a surge in cyberattacks The Register Security. The regulator cautioned that such tools enable attackers to identify and exploit security flaws with unprecedented speed and scale, potentially compromising data confidentiality, application integrity, and system reliability.
The technical concern centers on the ability of AI models like Mythos to automate the discovery of vulnerabilities. By accelerating the reconnaissance phase of an attack, these models allow threat actors to scan and identify weaknesses across large-scale infrastructure much faster than traditional manual methods. The regulator emphasized that this shift introduces new dimensions of risk for regulated entities, necessitating a proactive defense posture The Register Security.
In response to this threat, SEBI has established a dedicated taskforce to monitor risks posed by AI models, facilitate threat intelligence sharing, and oversee incident reporting. The board is also initiating a comprehensive review of cybersecurity practices among third-party software vendors that supply the regulator and the broader equities industry. This directive applies to 19 distinct classes of companies, including stock exchanges, mutual funds, merchant bankers, and KYC data storage agencies The Register Security.
The advisory mandates that market participants immediately strengthen their security foundations. Recommended actions include ensuring all software patches are up to date, conducting rigorous audits of potential vulnerabilities, and performing thorough inventories of APIs to ensure they are properly secured. Furthermore, the regulator urged firms to harden their systems by adopting zero-trust networking principles and restricting operations to essential services only The Register Security.
Beyond immediate hardening, SEBI is pushing for a strategic shift toward AI-augmented defense. The regulator has directed IT committees to develop plans for integrating AI into their own security arsenals, including the transformation of Security Operations Centers (SOCs) and the implementation of continuous, AI-driven vulnerability management. Firms are also expected to recalibrate their risk assessments to account for threats accelerated by AI The Register Security.
The concern over Mythos is global, with financial regulators worldwide taking similar precautions. US Treasury Secretary Scott Bessent recently convened an emergency meeting with banking leaders, while regulators in Singapore, Australia, and Hong Kong have also issued warnings or are developing new guidance to address the risks posed by AI-led vulnerability detection The Register Security.
This move by India’s regulator highlights a growing trend of authorities moving from passive observation to active intervention as AI tools lower the barrier to entry for sophisticated cyberattacks. By ordering regulated entities to take specific, actionable steps, the board is attempting to close the gap between the speed of AI-driven offense and the current pace of corporate defense. Future developments will likely focus on how effectively these organizations can integrate AI into their own security workflows to counter the very tools they fear The Register Security.