The Securities & Exchange Board of India has published a circular advising regulated entities across the securities market on cyber risks arising from emerging advanced artificial intelligence tools for vulnerability detection, such as Mythos. It also constituted a task force called cyber-suraksha.ai to support a coordinated market response, reflecting concerns that such tools can accelerate the identification and potential exploitation of vulnerabilities and create additional risks around data confidentiality, application integrity, and reliability of outputs. The task force comprises representatives from MIIs, QRTAs, all QREs and other stakeholders. Its mandate is to examine cybersecurity risks posed by AI based models, develop a uniform mitigation strategy, facilitate sharing of threat intelligence, best practices, use cases and response playbooks, report cyber incidents, malicious activity, significant attack vectors and vulnerability information on a priority basis, and review the cyber security posture of third party application service providers including empaneled vendors. SEBI said the advisory in Annexure A was prepared following a task force meeting with MIIs and QRTAs on risks from AI platforms such as Mythos. The advisory calls for immediate patching of operating systems and applications, with virtual patching as an interim measure where patches are unavailable, alongside regular vulnerability assessments and security audits under SEBI's cybersecurity and cyber resilience framework. It also sets expectations on vendor patching and risk reviews, documented change management, API inventory and access controls, stronger SOC monitoring including low priority alerts, SOAR playbooks integrated with SIEM where feasible, and expedited onboarding to the market SOC operated by NSE and BSE for eligible regulated entities not yet connected. Additional measures include scenario based risk assessments that incorporate AI related threats, system hardening, periodic updates to asset inventories and software bills of materials, guidance from IT committees, and long term plans for the use of AI in detection and autonomous or agentic mitigation.
Securities & Exchange Board of India 2026-05-05
Securities & Exchange Board of India issues advisory on AI led vulnerability detection risks and creates cyber-suraksha.ai task force
The Securities & Exchange Board of India has warned securities market intermediaries about cyber risks from advanced AI tools and created a cyber-suraksha.ai task force for a coordinated response. The task force will assess AI-driven cybersecurity risks, develop a uniform mitigation strategy, facilitate threat intelligence sharing, and review third-party providers. SEBI’s advisory sets expectations for immediate and virtual patching, enhanced vulnerability assessments and SOC monitoring, stronger vendor and API controls, and longer-term plans for AI-based detection and mitigation.