ewsba.se
India’s market regulator has warned that fast-evolving AI tools could amplify cyber vulnerabilities across the securities ecosystem.
In an advisory issued on Tuesday, the Securities and Exchange Board of India (Sebi) said it has constituted a task force named cyber-suraksha.ai, which includes market infrastructure institutions and other related stakeholders.
“Due to the interconnectedness and interdependency of market participants in the securities market ecosystem, a periodic coordinated approach for vulnerability management, information sharing and monitoring/assessment is required to prevent a cascading impact,” said Sebi in a circular.
The regulator cautioned regulated entities about the rising risks from emerging technologies, particularly AI-driven vulnerability identification tools such as Claude Mythos.
These systems can detect weaknesses at scale and speed, raising the possibility of their exploitation, while also raising concerns about data confidentiality, application integrity, and the reliability of outputs, it said.
Sebi has also directed entities to immediately update their operating systems and applications to the latest patches to address known vulnerabilities and to consider virtual patching as an interim measure when fixes are unavailable.
It has mandated regular, continuous vulnerability assessments using both conventional and AI-based tools, along with security audits aligned with its cybersecurity and cyber resilience framework.
Market participants will have to engage closely with third-party vendors to ensure timely patch deployment.
Exchanges and depositories have been tasked with ensuring vendors assess risks posed by AI-led models and implement safeguards such as patching, vulnerability testing, continuous monitoring, and system hardening.
Further, Sebi has tightened the norms governing system changes, mandating full documentation, impact analysis, and rigorous testing for all such changes.
It has prescribed enhanced API security through updated inventories, strong authentication and whitelist-based connections.
Market participants have also been asked to strengthen the security operation centre (SOC) monitoring, including reviewing low-priority alerts and integrating automated response systems.
Sebi has also pushed eligible entities to onboard the market-wide SOC platform set up by the National Stock Exchange of India and BSE for real-time threat detection.
“All regulated entities need to prepare a long-term plan for the usage of AI in detection and autonomous/agentic mitigation,” it added.
The regulator also suggested other measures, including recalibrating risk assessments for AI-accelerated threats, AI-enabled SOC transformation, and continuous vulnerability management using AI tools.
Apoorva is a Mumbai-based journalist at Mint who covers the Securities and Exchange Board of India (SEBI), tracking the pulse of India’s capital markets, regulatory developments and the people who operate within them. She holds a postgraduate diploma in business and financial journalism from the Asian College of Journalism, where she developed a strong foundation in markets, companies, and economic policy. She began her journalism journey with an internship at Bloomberg, where she worked across beats such as real estate, infrastructure, capital markets, and deals, which helped her understanding of business and finance.<br><br>She is guided by the belief that everything in this world can be explained in simple and fewer words, and that idea shapes how she approaches her writing. She aims to cut through complexity and present nuanced regulatory and financial developments in a way that is both accessible and meaningful to readers.<br><br>When she is not tracking market chatter, Apoorva can usually be found deep into a fiction novel or out on a long run. She is also a trained classical dancer in Bharatanatyam, Mohiniyattam, and Kathakali.
Catch all the Business News , Market News , Breaking News Events and Latest News Updates on Live Mint. Download The Mint News App to get Daily Market Updates.