The RBI has asked banks and regulated entities to complete board-approved AI gap assessments and prepare time-bound action plans by month-end.
The move comes amid growing concerns over frontier AI models that can identify software vulnerabilities, including zero-day security flaws.
Banks are also evaluating the cybersecurity, data localisation, and operational risks associated with deploying advanced AI tools across financial services.
The Reserve Bank of India (RBI) has directed banks and other regulated entities to conduct a board-approved gap assessment of their artificial intelligence preparedness and submit a time-bound action plan by the end of this month, according to a report by Business Standard.
The move is part of the central bank's broader efforts to strengthen the financial sector's resilience against emerging risks posed by increasingly sophisticated artificial intelligence systems.
1 June 2026
Get the latest issue of Outlook Business
According to the report, banks and regulated entities will be required to establish structured cybersecurity frameworks, conduct AI-focused risk assessments, identify vulnerabilities within their systems, and implement mitigation measures where necessary.
Why Is RBI Concerned?
The directive comes as financial institutions across the world grapple with the rapid rise of frontier AI models, advanced artificial intelligence systems capable of performing complex tasks across a wide range of applications.
These models are trained on vast datasets and can analyse large volumes of information, generate content, write code, and identify vulnerabilities in software systems.
One such model, Mythos, was highlighted by Finance Minister Nirmala Sitharaman in April as an emerging challenge for the financial sector.
Developed by US-based artificial intelligence firm Anthropic, Mythos is designed to detect software vulnerabilities and cybersecurity weaknesses. The model has demonstrated the ability to identify potential security flaws before they are discovered by malicious actors.
A particular concern is its ability to uncover so-called "zero-day vulnerabilities" — previously unknown software flaws that have not yet been patched by developers.
Banks Evaluating AI Risks
The report said financial institutions are currently assessing how advanced AI models could be used across their operations while also evaluating potential risks related to cybersecurity, data protection, and compliance with India's data localisation requirements.
Although access to some frontier AI systems remains restricted globally, Anthropic has expanded the availability of its Mythos models to more than 15 countries, including India.
Industry experts cited in the report said firms are increasingly examining whether the use of advanced AI systems could expose internal architectures, sensitive information, or critical infrastructure to new forms of cyber risk.
At the latest Monetary Policy Committee meeting, the RBI said it remains "fully prepared" to address cybersecurity threats arising from advanced AI technologies and has already issued advisories to regulated entities on preparedness measures.
In April, Finance Minister Nirmala Sitharaman urged banks to proactively secure IT systems, protect customer data, and strengthen safeguards around financial resources.
She also advised financial institutions to promptly report suspicious cyber incidents to relevant authorities, including the government's cybersecurity agency CERT-In, and maintain close coordination with other agencies to address emerging threats.
