Indian banks are accelerating investments in cybersecurity, AI-led monitoring systems and software upgrades as regulators and global agencies warn that advanced artificial intelligence models such as Anthropic’s Claude Mythos could dramatically increase the scale and speed of cyberattacks on the financial system.

The growing concern follows warnings from the International Monetary Fund (IMF), the finance ministry and banking regulators globally that AI-powered cyber tools could expose vulnerabilities in banking software, payment systems and critical infrastructure faster than institutions can patch them. The IMF last week said advanced AI models can “dramatically reduce the time and cost needed to identify and exploit vulnerabilities”, increasing the risk of simultaneous attacks across financial institutions and shared infrastructure.

Indian banks, particularly large private lenders and state-run banks, are now strengthening real-time threat detection, shortening software patch cycles, increasing AI-driven monitoring and reassessing vulnerabilities across legacy systems, industry executives and cybersecurity firms said.

The concern has intensified after Anthropic’s controlled release of Claude Mythos Preview, an advanced AI model that reportedly demonstrated the ability to identify vulnerabilities across major operating systems and browsers, even when used by non-experts. The model was released only to a limited group of enterprises and cybersecurity organisations in the United States because of fears that its capabilities could be misused.

The IMF warned that cyber risks are becoming systemic because the financial sector relies on deeply interconnected digital infrastructure, including cloud services, payment networks and widely used software platforms. It said AI-driven attacks could trigger funding strains, payment disruptions, solvency concerns and wider market instability if multiple institutions are affected simultaneously.

The finance ministry has already flagged the issue internally, with Finance Minister Nirmala Sitharaman urging banks to adopt more versatile cybersecurity measures, assess investment requirements and increase collaboration under the aegis of the Indian Banks’ Association to tackle emerging AI-led threats.

Senior banking executives have increasingly acknowledged that cyber risks are changing fundamentally as attacks move from “human speed” to “machine speed”, forcing lenders to rethink traditional defence mechanisms built around slower detection and remediation cycles.

Industry experts said the biggest vulnerability for Indian banks lies in legacy technology infrastructure, particularly systems dependent on older programming languages such as COBOL, fragmented software stacks and multi-layered vendor ecosystems. Many lenders continue to operate core banking systems that require lengthy maintenance windows and quarterly patch cycles, while AI-powered attack tools can identify and exploit vulnerabilities within hours.

Cybersecurity firms working with banks said institutions are now focusing on reducing patch timelines, implementing continuous vulnerability scanning, increasing segmentation of critical systems and expanding cyber-resilience testing. Banks are also increasing spending on behavioural analytics, AI-based fraud detection and automated incident-response systems to improve reaction times against machine-driven attacks.

The banking industry is also preparing for tighter regulatory oversight. Officials in the Department of Financial Services and the Reserve Bank of India are understood to be evaluating sector-wide cyber resilience measures, scenario analysis and supervisory frameworks focused on systemic cyber risks.

Globally, regulators are issuing similar warnings. Britain’s Prudential Regulation Authority said this week that advanced AI models could create “quite significant disruption” for the financial industry as firms struggle to keep pace with vulnerabilities discovered by AI systems. The Australian Securities and Investments Commission has also advised financial firms to strengthen cyber defences against emerging AI-led threats.

The IMF has called for a “resilience-first policy framework”, urging regulators and financial institutions to prioritise cyber stress testing, rapid recovery systems, board-level oversight and international coordination. It warned that traditional cybersecurity approaches are no longer sufficient in an environment where AI tools can scale attacks rapidly across interconnected sectors including finance, telecom and energy.

The risks

Cybersecurity researchers said the democratisation of sophisticated attack capabilities is now a major concern because AI models lower the technical expertise previously required to exploit vulnerabilities. This could increase risks from criminal groups, nation-state proxies and smaller malicious actors capable of launching high-impact attacks using relatively simple prompts.

While many global technology companies and large international banks have received limited access to Mythos for defensive testing and vulnerability patching under Anthropic’s “Project Glasswing” initiative, most Indian financial institutions currently lack such access, potentially widening the preparedness gap between developed and emerging markets.

The IMF has said cyber risk can no longer be treated merely as a technology or operational issue, warning that AI-enabled attacks could evolve into a macro-financial threat capable of disrupting payments, liquidity and market confidence

Join the community of 2M+ industry professionals.

Subscribe to Newsletter to get latest insights & analysis in your inbox.

All about ETCISO industry right on your smartphone!