India’s Securities and Exchange Board has advised domestic securities industry players to immediately review their information security systems and practices, in case Anthropic’s Mythos bug-hunting AI triggers a wave of cyberattacks.
The Council is the Indian equivalent of the Securities and Exchange Commission of the United States or the Financial Conduct Authority of the United Kingdom. On Tuesday, the Indian regulator published an advisory which opened with the following observation:
In response to these threats, the Council has established a working group that will examine the risks posed by models like Mythos, share threat intelligence, report incidents, and launch a review of cybersecurity at third-party software vendors that supply the regulator and the entities it oversees.
The advisory then offers some basic information security advice: ensure patches are up to date, conduct audits for potential vulnerabilities, perform API inventories and secure them, run a serious SOC and follow its advice, and harden systems by adopting principles such as zero trust networking and running only essential services.
The regulator also asked Indian stock market participants to ask their IT committees to issue guidance on how to mitigate risks created by AI-based vulnerability detection models and then develop a plan to use AI as part of their IT security arsenal.
“Also undertake other measures, including risk recalibration for AI-accelerated threats, AI-augmented SOC transformation, and continuous vulnerability management using AI tools,” the advisory said.
The Council addressed the above advice to 19 different categories of businesses, ranging from venture capitalists to investment bankers, mutual funds, stock exchanges and even niche providers such as agencies that store information about your customers.
Other regulators around the world have also recognized the risks Mythos poses. US Treasury Secretary Scott Bessent called an emergency meeting with the country’s banks a few weeks ago. Singaporean regulators did the same yesterday. Australian regulators have reminded local banks that they must develop AI strategies that take into account the risks created by the technology. The Hong Kong Monetary Authority is working on new IT security guidelines for the age of myth.
India’s approach is notable for effectively putting the entities it regulates on alert of an imminent threat and directing them to take steps to prevent problems. ®