New Delhi, May 5 (PTI) Markets regulator Sebi on Tuesday issued an advisory cautioning regulated entities against emerging risks from advanced artificial intelligence (AI) tools used for vulnerability detection, including Anthropic's AI model Mythos.

To address these concerns, Sebi has constituted a task force named cyber-suraksha.ai, comprising representatives from market infrastructure institutions (MIIs), qualified registrar and transfer agents (QRTAs), regulated entities and other stakeholders.

In a circular, Sebi said the rapid evolution of AI-driven tools capable of identifying system vulnerabilities at scale could expose financial institutions to heightened cybersecurity risks, including potential exploitation of weaknesses, data confidentiality concerns and issues related to the reliability of outputs.

"Due to the interconnectedness and interdependency of market participants in the securities market ecosystem, a periodic coordinated approach for vulnerability management, information sharing and monitoring/assessment is required to prevent a cascading impact," Sebi said.

The task force will examine cybersecurity risks arising from AI-based models, develop mitigation strategies, facilitate sharing of threat intelligence and best practices, and ensure timely reporting of cyber incidents and vulnerabilities, the regulator added.

The task force will also review the cybersecurity posture of third-party service providers and vendors.

The regulator said a meeting of the task force has already been held to assess risks posed by AI platforms like Mythos and to discuss mitigation measures.

Based on these deliberations, Sebi has issued a detailed advisory outlining steps for strengthening cybersecurity frameworks.

These include regular vulnerability assessments using both conventional and AI-based tools, timely patching of systems, enhanced monitoring through security operations centres, strengthening API security, periodic risk assessments and adoption of measures, such as zero-trust architecture, to minimise attack surfaces.

Sebi has also asked market participants to closely coordinate with third-party vendors to ensure the timely deployment of security updates and undertake comprehensive risk assessments related to AI-led systems.

The regulator further directed eligible entities to onboard the Market Security Operations Centre (M-SOC) set up by exchanges for real-time monitoring and threat detection, in view of the rising risks from AI-driven cyber threats. PTI SP BAL BAL

Cybersecurity risk management for AI tools drives Sebi's advisory, task force, and strengthened market monitoring framework. Sebi has cautioned regulated entities against cybersecurity risks from advanced AI-based vulnerability detection tools and highlighted concerns over exploitation of weaknesses, data confidentiality and the reliability of outputs. It has constituted the cyber-suraksha.ai task force to examine AI-related risks, develop mitigation strategies, share threat intelligence and best practices, and review third-party cybersecurity posture. Sebi has also advised regular vulnerability assessments, timely patching, enhanced monitoring, stronger API security, zero-trust architecture, vendor coordination and onboarding of the Market Security Operations Centre.