📣 Send us your press release
Site updates every 15 minutes
Technology

Digital Threat Report flags AI asymmetry as key risk to India's BFSI sector

India's CERT-In has identified AI asymmetry as a critical risk to the BFSI and payments ecosystem, warning that AI capabilities are outpacing regulatory and defensive frameworks.

15 July 2026
Digital Threat Report flags AI asymmetry as key risk to India's BFSI sector
Image is an AI-generated illustration

India's Computer Emergency Response Team (CERT-In) has identified an "AI asymmetry" as a primary risk to the nation's Banking, Financial Services, and Insurance (BFSI) and payments sector in its Digital Threat Report 2025-26. The agency warned that the offensive capabilities of advanced AI models are scaling faster than the regulatory, defensive, and operational frameworks designed to contain them.

The report detailed that India's BFSI sector experienced 2.9 million cyberattacks in 2025, more than double the 1.4 million recorded in 2021. It highlighted two incidents over the past year where AI tools significantly automated cyber threats. In November 2025, a Chinese-linked group used Anthropic's Claude AI to target 30 companies, with AI performing up to 90% of the operation. In April 2026, Claude Mythos Preview autonomously discovered over 23,000 vulnerabilities across more than 1,000 open-source projects.

CERT-In previously issued advisories on AI threats in 2023, noting AI's potential to generate malicious code and phishing content. The report emphasizes that AI is transforming adversaries from manual attackers to automated ones, industrializing vulnerability discovery, exploit chaining, and payload delivery. This shift also reduces the economic barriers for launching targeted campaigns, making such attacks more likely.

The report outlines three types of AI-driven attacks impacting the BFSI sector: parallel multi-vector campaigns, a shrinking discovery-to-exploit timeline, and hijacking of software development pipelines. To combat these threats, the report recommends BFSI institutions implement real-time asset tracking, remove sensitive credentials from code, automate security checks within the development lifecycle, patch vulnerabilities immediately, and adopt a zero-trust operating model. These recommendations come shortly after CERT-In released a blueprint in May on defending against AI-assisted cyber threats.

Original source: medianama.com