SEBI's May 2026 AI Vulnerability Detection Advisory: What Every Regulated Entity Must Do Now

On 5 May 2026, the Securities and Exchange Board of India (SEBI) issued circular HO/13/19/12(1)2026-ITD-1_CIMGI/10873/2026 — an "Advisory on Emerging Advanced Artificial Intelligence (AI) Tools for Vulnerability Detection (like Mythos)." The document is short, but it is the most consequential piece of SEBI cyber guidance since the Cybersecurity and Cyber Resilience Framework (CSCRF) itself.

This piece walks through what the advisory actually says, who is in scope, the ten Annexure-A directives and how to interpret them, where it goes beyond CSCRF, and a pragmatic 90-day path to readiness.

What SEBI just said (and why it matters)

The advisory opens with a single, important observation:

"The rapid evolution of emerging technologies including AI-driven vulnerability identification tools (e.g., Claude Mythos) has introduced new dimensions of risks for Regulated Entities. Such tools may give rise to heightened risk exposure by enabling identification and potential exploitation of existing vulnerabilities using speed and scale."

Three things stand out:

The named threat is a class, not a product. SEBI cites Claude Mythos as a representative example, but the regulator is signalling concern about AI-driven vulnerability tools as a category. Read every reference to "Mythos" as "Mythos-class capability."
The risk model is speed-and-scale. The advisory worries about AI compressing reconnaissance, exploit chaining, and vulnerability identification timelines. The same activity that took an attacker weeks now takes hours.
Output integrity is on the table too. The text explicitly flags "concerns relating to data confidentiality, application integrity and reliability of outputs" — that last phrase is the regulator quietly opening the door to AI/ML system testing, not just AI-augmented attacker testing.

The circular is issued under Section 11(1) of the SEBI Act, 1992 — the same statutory authority CSCRF was issued under — and is explicitly to be read in conjunction with CSCRF "and any subsequent updates issued by SEBI from time to time."

Who must comply

This is not an MII-only advisory. The addressee list covers nineteen distinct categories of regulated entities:

Alternative Investment Funds (AIFs)
Bankers to an Issue (BTI) and Self-Certified Syndicate Banks (SCSBs)
Clearing Corporations
Collective Investment Schemes (CIS)
Credit Rating Agencies (CRAs)
Custodians
Debenture Trustees (DTs)
Depositories
Designated Depository Participants (DDPs)
Depository Participants
Investment Advisors (IAs) / Research Analysts (RAs)
KYC Registration Agencies (KRAs)
Merchant Bankers (MBs)
Mutual Funds (MFs) / Asset Management Companies (AMCs)
Portfolio Managers
Registrar to an Issue and Share Transfer Agents (RTAs)
Stock Brokers
Stock Exchanges
Venture Capital Funds (VCFs)

If you are a regulated participant in the Indian securities market — even a small investment advisor or a research analyst firm — this advisory is addressed to you. The justification, in SEBI's words: "Due to the interconnectedness and interdependency of market participants in the Securities Market Ecosystem, a periodic coordinated approach for vulnerability management, information sharing and monitoring/assessment is required to prevent a cascading impact."

The cyber-suraksha.ai task force

Body section C of the circular constitutes a new task force, cyber-suraksha.ai ([email protected]), comprising representatives from MIIs, QRTAs, all QREs, and other stakeholders. Its mandate has four arms:

Examine cybersecurity risks from AI-based models and devise a uniform mitigation strategy.
Facilitate sharing of threat intelligence, best practices on vulnerability management, use cases, and playbooks.
Report cyber incidents, malicious activities, attack vectors, and vulnerability information on a priority basis.
Review the cyber security posture of third-party application service providers, including empaneled vendors.

This is the standing forum through which subsequent SEBI guidance on AI cyber risk is likely to flow. Track its outputs.

The 10 directives in Annexure-A

The substance of the advisory is the ten directives in Annexure-A. The "advisory" label is misleading — items 3, 6c, and 10 use directive language ("shall"), and several others reference CSCRF requirements that are already binding. Treat the entire annexure as required.

1. Patch immediately + virtual patching

"Update all operating systems and applications with the latest patches on immediate basis... As an interim measure for the vulnerabilities where patches are not available, virtual patching can be considered."

Standard ground. The interesting wrinkle is the explicit endorsement of virtual patching (WAF rules, ModSecurity signatures, network ACLs) where vendor patches are pending — useful given how often AI-discovered zero-days will outpace patch cycles.

2. Vulnerability assessment with AI-based tools

"Conduct Vulnerability Assessment (Using conventional and suitable AI based Vulnerability Assessment Tools where possible) and undertake security audits on a regular/continuous basis in accordance with Cyber Security and Cyber Resilience Framework of SEBI."

This is the headline. SEBI is explicitly endorsing AI-based VA tooling — a regulatory first in India. The "where possible" caveat is permissive on the AI side, but the imperative on the assessment ("Conduct") is mandatory. The right reading: regulated entities should be evaluating AI-based VA tools for adoption, and engaging auditors who already operate AI-driven testing platforms.

3. Third-party + COTS vendor risk

"Engage with the respective RE's third party vendors to release timely patches and deploy them appropriately. Exchanges and Depositaries shall direct their empaneled application vendors (providing COTS solution to respective members) to undertake comprehensive assessment of the risks arising from the use of AI-led vulnerability detection models."

Note the "shall" — and the explicit responsibility placed on Exchanges and Depositories to direct their COTS vendors. This is a supply-chain provision in regulatory clothing.

4. Change management for every change

"Any change in the systems (including minor changes) should encompass full documentation, thorough impact analysis, structured review, rigorous testing and secure deployment."

The phrase "(including minor changes)" is the bite. CSCRF already required change management for material changes; this expands the scope. In practice: pre-prod regression testing, change-driven retests, and impact analysis must be wired into the SDLC, not bolted on at audit time.

5. API security

The five sub-items under API security read like an OWASP API Top 10 summary: inventory, strong authN/Z with least privilege, rate limiting and throttling, and whitelist-based API connections. None of this is new in security best practice — but the regulator now expects evidence of all four.

6. SOC monitoring + SOAR/SIEM + M-SOC onboarding

This is where the advisory leans hardest:

"The Market SOC (M-SOC), established by NSE and BSE, which serves as a centralized security platform, provides 24x7 real-time monitoring and threat detection across digital infrastructure. In the view of enhanced risks posed by AI-driven attacks, all eligible REs (not on boarded with any M-SOC) shall expedite the onboarding."

If your firm is M-SOC-eligible and not yet onboarded, this is your most time-sensitive obligation. MIIs are also separately directed to run "awareness and handholding programs, including periodic workshops" to support member onboarding — meaning Exchanges and Depositories are now formally responsible for the supporting infrastructure.

The other two sub-items (SOC alert examination including low-priority alerts; SOAR playbooks integrated with SIEM) reflect a defender-side acknowledgement that AI-augmented attackers will probe at volumes humans can't triage manually.

7. CSCRF risk assessment with AI-based threat scenarios

"The Cyber Security and Cyber Resilience Framework (CSCRF) of SEBI has mandated periodic Risk Assessment of the REs including their Third Party Service Providers... The capability of AI based models may also be considered as one of the risk scenarios."

Translation: every CSCRF risk assessment going forward should include an AI-augmented attacker scenario. Speed-and-scale exploitation, agentic chain abuse, prompt-injection across customer-facing AI — these are now live items in the risk register, not optional add-ons.

8. Zero Trust + system hardening

ZTNA is named explicitly, alongside CIS-style hardening (secure configurations, disabling unnecessary services and default accounts, least privilege). The advisory frames ZTNA as a baseline expectation, not an aspirational architecture goal.

9. SBOM + asset inventory

"Periodically update Asset Inventory and Software Bill of Materials for all critical applications including open source stack."

The SBOM mandate is significant. India did not have a generalised regulatory SBOM expectation before; this advisory effectively introduces one for the securities sector. CISA and ENISA-style discipline now applies.

10. IT-committee guidance + long-term AI plan

The capstone item:

"MIIs and other Regulated Entities shall seek guidance from their respective IT committees for mitigating risks emanating from AI-led vulnerability detection models. Further, all REs need to prepare a long-term plan for usage of AI in detection and autonomous/agentic mitigation. Also, undertake other measures including recalibration of risks for AI accelerated threats, AI augmented SOC transformation, and continuous vulnerability management using AI tools."

Two binding obligations buried in this paragraph: (a) IT-committee involvement is required, not optional; (b) all REs need to prepare a long-term plan for AI in detection and autonomous/agentic mitigation. That last requirement — a documented strategy for AI in defence, including agentic mitigation — is going to drive more board-level activity than any other line in the advisory.

Where this goes beyond CSCRF

CSCRF mandated periodic VAPT and risk assessment. This advisory adds:

AI-based VA tooling (item 2) — explicitly endorsed for the first time
AI-aware risk scenarios (item 7) — must be in every CSCRF risk assessment going forward
M-SOC onboarding (item 6c) — for all eligible REs
SBOM (item 9) — first sectoral SBOM expectation in India
Long-term AI defence plan (item 10) — IT-committee-level deliverable
Change management for minor changes too (item 4) — broader than CSCRF's material-change framing

Don't treat this as a separate workstream. It is an extension of the CSCRF control set — and the gap-assessment exercise should map every Annexure-A item back to your existing CSCRF posture.

Need this analysis applied to your stack? Request a 2-week SEBI AI Advisory gap assessment → — fixed-scope, no commitment to the full 12-week cycle.

A pragmatic 90-day roadmap

For most regulated entities, 90 days is a reasonable target for first-cycle readiness. The sequence we recommend:

Weeks 1–2 — Gap assessment. Map current cyber posture against the 10 Annexure-A directives plus the CSCRF baseline. Inventory APIs, COTS vendors, AI/ML pipelines, and SOC log sources. Identify M-SOC onboarding eligibility and gaps. Surface the long-term-AI-plan stakeholders early — IT committee, CISO, board sub-committee.

Weeks 3–6 — AI-augmented VAPT cycle. Full pentest covering both AI-augmented attacker scenarios (your stack against Mythos-class capability) and AI-system-defender scenarios (prompt injection, model abuse, training-data leakage on your customer-facing AI surfaces). API inventory delivered. Patch matrix and virtual-patching recommendations issued.

Weeks 7–9 — SOAR / SIEM / M-SOC integration. Design and test SOAR playbooks. Validate SIEM detection coverage against AI-led attack chains. Complete M-SOC onboarding paperwork and log-source readiness for eligible REs.

Weeks 10–12 — AI long-term plan + IT-committee submission. Draft and ratify the Annexure-A item 10 deliverable: long-term plan for AI in detection and autonomous/agentic mitigation. Recalibrate risk register for AI-accelerated threats. Package the submission for the IT committee with evidence against every Annexure-A item.

How Security Brigade helps

We've built B-52 — our AI-powered pentesting and red-teaming platform — for exactly the kind of testing this advisory now expects. B-52 generates structured test plans, maps multi-stage attack chains, verifies exploitability, and benchmarks coverage well above the 40–55% industry baseline. It runs inside every Security Brigade engagement — already deployed across 370+ BFSI engagements before SEBI named it.

Our AI-Resilient VAPT service is built around the advisory: full B-52 powered VAPT plus AI-system-defender testing, an Annexure-A coverage matrix, M-SOC readiness support, and an IT-committee submission package for item 10. We've also published a dedicated compliance breakdown of the advisory with all 10 directives mapped to deliverables.

If you want to discuss scoping, book a call — we'll walk you through the gap assessment and roadmap on a 30-minute call, with no obligation.

FAQ

Is the advisory binding?

The document is titled "Advisory" and the framing has been "early supervisory signal," but several Annexure-A items use directive language ("shall"). Items 3 (vendor risk assessment), 6c (M-SOC onboarding), and 10 (long-term AI plan) are particularly clear. The advisory is also issued under Section 11(1) of the SEBI Act, 1992 — the same authority CSCRF was issued under. Treat it as binding.

Are AI-based VA tools mandatory?

The advisory says "using conventional and suitable AI-based Vulnerability Assessment Tools where possible." Permissive on the AI side, mandatory on the assessment. Regulated entities should be evaluating AI-based VA tooling for adoption — and engaging auditors who already operate AI-driven testing platforms.

What is M-SOC?

The Market SOC, jointly established by NSE and BSE, providing 24x7 real-time monitoring and threat detection. The advisory directs that "all eligible REs (not on boarded with any M-SOC) shall expedite the onboarding."

Why does the advisory name Mythos specifically?

SEBI is using Mythos as a representative example of AI-driven vulnerability identification tools — the named threat is the class of capability, not a singular product. Read it as a signal that the regulator is tracking the entire category and expects regulated entities to recalibrate accordingly.

Published by the Security Brigade Research Team and Yash Kadakia, Founder & CTO. Security Brigade has been CERT-In empanelled since 2008. Read the full advisory analysis →.