Here’s what DFS Secretary Nagaraju says about banks’ preparedness for emerging AI risks

At a time when the usage of artificial intelligence is growing rapidly, and newer models like Claude Mythos are evolving stronger, M Nagaraju, Secretary, Department of Financial Services, has called upon banks to be prepared to face these challenges and urged them to constantly test their resilience and invest in beefing up their cyber capabilities.
 
Anthropic’s Claude Mythos has rung alarm bells globally, given the claims that its advanced capabilities help analyse and exploit software vulnerabilities and previously unknown security flaws in legacy code on a massive scale. The company hasn’t released it in the market yet, only giving access to select tech companies as a preview. Amid fears of severe consequences for economies, bad actors should get access to it.
 
“I hope the banking community is prepared well in case Mythos is released publicly in the country,” Nagaraju said on Thursday at an Indian Banks Association event.
 
He pointed out one successful cyber-attack could have a cascading effect across markets. He said banks and financial institutions were most vulnerable given the high interconnectedness and the dependence on legacy IT systems. He, therefore, felt that in an era of global uncertainty, risk management must be embedded in the culture of every bank.
 
“Banks must continuously test their resilience, strengthen incident response, invest in cyber capabilities and ensure that business continuity planning is practical, updated and regularly exercised,” said Nagaraju.
 
AI, and Claude Mythos in particular, has been a discussion point for governments and regulators globally due to its advanced capabilities. Finance Minister Nirmala Sitharaman had also recently held discussions with top banks around growing AI challenges.
 
Earlier this week, the Securities and Exchange Board of India (Sebi) announced a new taskforce that would closely examine the cybersecurity risks posed by AI-based models and devise a uniform mitigation strategy against the risks posed by them.   
 
The market regulator also issued a lengthy advisory for regulated entities, which, among many other things, called for regular security audits and for all operating systems and applications to be updated with the latest patches on an immediate basis to mitigate any vulnerabilities that have already been identified.
 
Nagaraju noted that interdependencies with fintechs, payment systems, capital markets, and global finance flows meant that risks could travel quickly, and this called for better preparedness and coordination. He also stressed the need for customer protection as banks were becoming more digital and fraud patterns were also becoming more sophisticated.
 
The cybersecurity-related risks apart, Nagaraju pointed out that Indian banks have strong balance sheets now, they have improved asset quality, and enhanced governance standards.