India’s insurance regulator, IRDAI, has asked insurance firms to report on the measures taken to improve their AI cyber readiness by May 22. The directive calls for an immediate review of existing cybersecurity postures and a thorough assessment of risks posed by emerging frontier AI-driven attacks that are becoming more difficult to identify and counter using conventional defence systems. 

The regulator has instructed insurance companies to clearly outline their prevention, threat detection, and cyber response capabilities in the action taken report, highlighting the steps being taken to enhance protection against emerging AI-driven cyber risks. Insurers have additionally been advised to evaluate vulnerabilities associated with advanced AI technologies and put adequate safeguards in place to protect critical and sensitive data infrastructure. 

According to sources, IRDAI flagged vulnerabilities in older IT infrastructure, warning insurers that legacy systems may not be sufficiently prepared to handle the growing cyber risks emerging from fast-paced technological advancements and evolving digital threat landscapes. 

Similar warnings by CERT-in and SEBI  

CERT-In and SEBI have issued alerts regarding new AI-driven cyber risks linked to Anthropic’s Claude Mythos, warning that evolving artificial intelligence technologies could introduce sophisticated threats capable of impacting critical digital and financial ecosystems. 

CERT-In, in its April 26 advisory, warned organisations that critical security flaws should be treated as immediately exploitable, directing them to implement patches within a 24-hour window. The advisory further called for strict monitoring of employees’ use of third-party AI tools and continuous tracking of software as well as AI-related components throughout organisational networks. 

SEBI’s May 5 circular instructed all regulated securities market participants to immediately strengthen their cyber defences amid rising AI-driven threats. The regulator cautioned that AI-powered systems have the capability to exploit weaknesses rapidly and on a large scale, while also requiring organisations to implement ongoing AI-based vulnerability testing, stricter vendor monitoring, and enhanced API security and change management controls.