Citing fears of a potential wave of cyber incidents linked to Anthropic’s Mythos vulnerability-discovery AI, India’s Securities and Exchange Board has asked stakeholders in the equities sector to immediately review and strengthen their cybersecurity defenses. 

Often compared to the Securities and Exchange Commission in the United States and the Financial Conduct Authority in the UK, India’s market regulator issued a fresh advisory, 

The rapid evolution of emerging technologies including AI-driven vulnerability identification tools (E.g. Claude Mythos) has introduced new dimensions of risks for Regulated Entities. Such tools may give rise to heightened risk exposure by enabling identification and potential exploitation of existing vulnerabilities using speed and scale. It may also introduce concerns relating to data confidentiality, application integrity and reliability of outputs.  

In an effort to strengthen defenses against emerging AI-driven cyber risks, the Board has set up a specialized taskforce tasked with evaluating threats posed by systems like Mythos. The initiative will also oversee incident reporting, facilitate threat intelligence sharing, and launch cybersecurity assessments of external software suppliers connected to the regulator and regulated entities. 

Alongside its warning, the advisory provides key infosec recommendations, including timely patch management, vulnerability assessments, and comprehensive tracking and protection of APIs. Organizations are also encouraged to maintain a strong SOC capable of monitoring threats and guiding response efforts, while strengthening infrastructure security by adopting zero-trust principles and disabling unnecessary services. 

As part of its advisory, the regulator instructed equities market participants to task their IT committees with developing frameworks to mitigate threats posed by AI-driven vulnerability discovery models. It also encouraged firms to establish plans for deploying AI technologies as part of their broader information security arsenal. 

“Also, undertake other measures including recalibration of risks for AI accelerated threats, AI-augmented SOC transformation, and continuous vulnerability management using AI tools,” the advisory states. 

The regulator directed its cybersecurity guidance at a broad spectrum of 19 different classes of companies tied to India’s equities markets. These ranged from venture capitalists and mutual funds to merchant bankers, stock exchanges, and even niche organizations that manage and store KYC information.