The Securities and Exchange Board of India (SEBI) has constituted a dedicated task force, cyber-suraksha.ai, to examine emerging cybersecurity risks arising from rapid advancements in artificial intelligence (AI), particularly AI-driven vulnerability identification tools such as Claude Mythos. SEBI noted that such technologies, while beneficial, could significantly increase risk exposure by enabling faster identification and potential exploitation of system vulnerabilities at scale. Given the interconnected nature of the securities market ecosystem, the regulator emphasised the need for a coordinated approach to vulnerability management, information sharing, and continuous monitoring to prevent cascading cyber incidents.
The newly formed task force comprises representatives from market infrastructure institutions (MIIs), qualified registrars and transfer agents (QRTAs), regulated entities (REs), and other stakeholders. Its mandate includes assessing AI-related cyber risks, developing uniform mitigation strategies, facilitating threat intelligence sharing, and reporting critical cyber incidents on priority.
A recent meeting of the task force reviewed risks posed by AI platforms like Mythos and discussed mitigation measures. Based on these consultations, SEBI has issued an advisory outlining key steps for regulated entities.
These include immediate patching of systems, regular vulnerability assessments (including AI-based tools), strengthened vendor risk management, robust change management protocols, enhanced API security, and continuous Security Operations Centre (SOC) monitoring. SEBI has also urged entities to onboard the Market-SOC platform for real-time threat detection.
Additionally, the regulator has called for periodic risk assessments, system hardening, updated asset inventories, and long-term strategies for the secure adoption of AI in cybersecurity operations.
