SEBI to Issue AI Vulnerability Advisory as Mythos Rattles Financial Markets

Markets regulator SEBI is preparing to issue an advisory on artificial intelligence-related vulnerabilities in financial markets, Chairman Tuhin Kanta Pandey announced at the IMC Capital Markets conference. This comes as concerns mount over the implications of next-generation AI models for market stability and cybersecurity.

Pandey warned that while advanced AI tools can help detect weaknesses in financial systems faster, they can also exploit those vulnerabilities at speed and scale. He specifically referenced Anthropic's Claude Mythos AI model, noting that it and similar tools are actively testing the resilience of India's securities markets.

"In an interconnected securities market, a single weak link can create wider risks," he said, adding that regulated entities must stay ahead through stronger cyber resilience, continuous monitoring, and faster remediation. SEBI, he noted, remains in constant engagement with market participants and relevant stakeholders on this front.

Advisory Incoming

The regulator will shortly issue a formal advisory directing market participants on how to stay alert to AI-related vulnerabilities and take a proactive role in addressing them, Pandey confirmed.

The move reflects growing urgency across India's financial sector. Public sector banks are already preparing to significantly step up IT spending to protect customer data and safeguard financial resources in light of Mythos' advanced coding capabilities, which have raised alarms for their potential to detect and exploit cybersecurity weaknesses. Finance Minister Nirmala Sitharaman has also urged banks to take pre-emptive measures to secure their IT systems following Mythos' demonstration of its ability to identify vulnerabilities and potentially launch cyberattacks.

Pandey was careful to frame risk alongside opportunity. He pointed to a range of market innovations, including digital onboarding, faster settlement, online bond platforms, REITs, INVITs, AIFs, green bonds and commodity derivatives, as examples of how technology has deepened markets, widened access and improved risk management. But he stressed that innovation must not outpace the guardrails around it.

Beyond cybersecurity, Pandey outlined a broader shift in SEBI's philosophy, from investor protection to investor empowerment. He noted that India has seen a sharp rise in participation through mutual funds, digital platforms, and younger investors, but stressed that access must be matched with awareness and choice with suitability.

Investor education, he said, must be simple, practical, and continuous, with risks, costs, and grievance mechanisms explained clearly and upfront. Empowerment, he added, must also include protection from fraud, ensuring investors know who is regulated and how to verify intermediaries.