New Delhi [India], May 6 : Market regulator Securities and Exchange Board of India has constituted a dedicated task force named "cyber-suraksha.ai" to examine cybersecurity risks arising from advanced Artificial Intelligence (AI) tools and strengthen cyber resilience across the securities market ecosystem.
In a circular issued on Tuesday, SEBI said the rapid evolution of AI-driven vulnerability detection tools such as "Claude Mythos" has "introduced new dimensions of risks for Regulated Entities."
"The rapid evolution of emerging technologies including AI-driven vulnerability identification tools (E.g. Claude Mythos) has introduced new dimensions of risks for Regulated Entities," SEBI said in the circular.
The regulator warned that such AI tools could increase cybersecurity risks by enabling "identification and potential exploitation of existing vulnerabilities using speed and scale."
SEBI further said these tools may also create concerns related to "data confidentiality, application integrity and reliability of outputs."
Highlighting the interconnected nature of India's securities market infrastructure, the regulator said a coordinated approach was necessary to avoid wider systemic impact in case of cyber incidents.
"Due to the interconnectedness and interdependency of market participants in the Securities Market Ecosystem, a periodic coordinated approach for vulnerability management, information sharing and monitoring/assessment is required to prevent a cascading impact," the circular said.
According to SEBI, the newly constituted task force "cyber-suraksha.ai" includes representatives from Market Infrastructure Institutions (MIIs), Qualified Registrar and Transfer Agents (QRTAs), regulated entities and other stakeholders.
The regulator said the task force will "closely examine the cybersecurity risks posed by AI based models and devise a uniform mitigation strategy against the risks posed by such models."
SEBI added that the group will also facilitate "sharing of threat intelligence, best practices on vulnerability management, use cases and playbooks to respond to the threat vector."
Further, the regulator directed market entities to report cyber incidents, malicious activities and information on vulnerabilities "on a priority basis" to strengthen the cybersecurity posture of securities markets.
As part of the advisory, SEBI asked regulated entities to immediately update operating systems and applications with the latest security patches to address known vulnerabilities.
The regulator also directed entities to conduct regular vulnerability assessments and security audits, including the use of AI-based tools "where possible."
SEBI further emphasised strengthening API security, implementing stronger monitoring systems and accelerating onboarding to Market Security Operations Centres (M-SOC) established by stock exchanges, the National Stock Exchange of India and BSE, for real-time cyber threat monitoring.
The regulator also asked institutions to prepare long-term plans for the use of AI in cyber threat detection and mitigation.