Skip to main content
SEBI Annexure-A Item 10 · IT-Committee Template

AI defence roadmap template.

Annexure-A item 10 says all REs need to prepare a long-term plan for AI in detection and autonomous / agentic mitigation. This template gives you the structure — eight sections, each with a guidance prompt, a "what good looks like" benchmark, and a worked example. The IT committee owns ratification; this is the input package.

Need help drafting it?
Item 10
Annexure-A Source
8
Template Sections
IT Committee
Submission Format
You Own It
Ratification Authority

How to use this template

  • This template is structured to mirror the Annexure-A item 10 mandate — current-state through governance.
  • You own ratification. Security Brigade can help you draft the input package; the IT committee must accept it.
  • Pages 1–8 are the slide-equivalent sections. Add a one-page executive summary on top before submission.
  • Use it once. Then revise annually — the AI threat landscape changes faster than CSCRF cadence assumes.
  • Cross-reference with your CSCRF risk register, your CMDB, and your vendor-management programme. The template sits on top of those, not beside them.
01

Current-State Assessment

Guidance prompt

Where does AI already touch your stack — as attacker exposure (AI-driven recon, exploit chaining, agentic abuse against your perimeter) and as defender capability (AI-augmented SOC, AI-driven VA tooling, AI features in vendor products)? Where are the gaps?

What good looks like

A two-column map: every customer-facing AI surface (chatbots, RAG features, agentic workflows) on one side; every defender AI capability on the other. Each entry has owner, deployment date, last review date.

Worked example (illustrative — replace with your own)

Customer-facing: 2x chatbots (CX + KYC), 1x RAG (research-analyst portal), 0x agentic workflows. Defender: SIEM with rule-based correlation only (no AI), SOC alert triage manual, VA tooling traditional Nessus/Qualys (no AI). Gap: zero defender AI; significant customer-facing AI without security testing.

Your text

[Fill in for your entity. Use the prompt above as your structure. Cross-reference your existing CSCRF documentation where relevant.]

02

AI Threat Model

Guidance prompt

Calibrate Mythos-class AI capabilities against your specific threat surface. What changes when an attacker has AI-driven recon, exploit chaining, and agentic execution? Where does speed-and-scale exploitation hurt most?

What good looks like

Five named scenarios mapped to MITRE ATT&CK with AI-acceleration overlay. Each scenario has impact estimate, current control coverage, and a residual-risk score.

Worked example (illustrative — replace with your own)

Scenario 1: AI-driven credential stuffing against retail trading login. Coverage: rate limit, MFA, fraud-system. Residual risk: medium — AI can solve CAPTCHAs faster than our throttling assumes. Scenario 2: Agentic prompt-injection in research-analyst RAG. Coverage: zero. Residual risk: high.

Your text

[Fill in for your entity. Use the prompt above as your structure. Cross-reference your existing CSCRF documentation where relevant.]

03

AI VA Tooling Strategy

Guidance prompt

Annexure-A item 2 says use AI-based VA tools "where possible." What's your evaluation criteria, your shortlist, and your adoption timeline? If you're rejecting AI-based VA, why?

What good looks like

Evaluation framework with 6–10 weighted criteria (false-positive rate, business-logic coverage, integration with existing tooling, IP/data residency, vendor stability, total cost of ownership). Shortlist of 2–3 named vendors. Adoption decision with rationale.

Worked example (illustrative — replace with your own)

Criteria: business-logic coverage (weight 30%), FP rate (20%), integration with existing tooling (15%), data residency in India (15%), TCO (10%), red-team validation (10%). Shortlist: 2-3 vendors that pass criteria. Adoption decision: documented with rationale; in-house buildout deferred or accepted with timeline.

Your text

[Fill in for your entity. Use the prompt above as your structure. Cross-reference your existing CSCRF documentation where relevant.]

04

AI-Augmented SOC Transformation

Guidance prompt

How does AI integrate into your SOC operations over the next 12–24 months? Alert triage, threat-intel enrichment, automated containment — which first, what gates each phase?

What good looks like

A phased roadmap: Phase 1 (months 0–6) — AI-assisted alert triage with human-in-the-loop. Phase 2 (months 6–12) — automated low-risk containment for well-understood patterns. Phase 3 (months 12–24) — agentic response for narrow scenarios with reversibility guarantees.

Worked example (illustrative — replace with your own)

Phase 1: deploy AI triage assistant to L1 analysts; success metric is alert-disposition time reduction. Phase 2: auto-quarantine endpoints flagged by EDR + corroborated by SIEM correlation; gate on 90 days of P1 stable operation. Phase 3: deferred — needs board-level discussion of action authority for autonomous defence.

Your text

[Fill in for your entity. Use the prompt above as your structure. Cross-reference your existing CSCRF documentation where relevant.]

05

Agentic Defence Guardrails

Guidance prompt

Where AI agents will take real-world actions on your customer data or production systems, what are the guardrails? Permission boundaries, action-filter enforcement, audit-trail integrity, human override.

What good looks like

A guardrail framework covering: (1) explicit allow-list of permitted actions, (2) value-of-action thresholds (auto-execute under a defined ₹ impact threshold; human approval above), (3) reversibility requirement, (4) tamper-resistant audit log, (5) kill-switch authority.

Worked example (illustrative — replace with your own)

Agent X (customer-onboarding KYC review) is permitted to auto-approve documents matching pattern Y. Auto-approval is reversible within 24h via supervisor reverse-flow. All decisions logged to hash-chained audit log. Kill-switch: COO + CISO joint authority.

Your text

[Fill in for your entity. Use the prompt above as your structure. Cross-reference your existing CSCRF documentation where relevant.]

06

Risk Recalibration for AI-Accelerated Threats

Guidance prompt

Your existing CSCRF risk register assumed pre-AI attacker capability. What gets re-scored? What new entries appear? What controls become inadequate?

What good looks like

Delta table: every existing risk register entry where attacker-side AI capability changes the threat or detection time. New entries for AI-specific risks (model abuse, training-data poisoning, prompt-injection, agentic chain abuse).

Worked example (illustrative — replace with your own)

Existing entry "credential stuffing" — likelihood up from medium to high (AI bypasses rate limits faster). Existing entry "API enumeration" — likelihood up. New entry "RAG prompt injection in research-portal" — likelihood high, impact medium, no current control. Net: 4 entries re-scored, 6 new entries.

Your text

[Fill in for your entity. Use the prompt above as your structure. Cross-reference your existing CSCRF documentation where relevant.]

07

Continuous Vulnerability Management with AI Tools

Guidance prompt

Annexure-A item 10 explicitly mentions "continuous vulnerability management using AI tools." What's your operating model? Cadence, tool stack, KPI definitions, integration with the broader VA programme.

What good looks like

Operating model: VA cadence (monthly or continuous), tool stack (named platforms), KPI library (mean time to remediate, false-positive rate, coverage drift), integration points with patch management + change management + SIEM.

Worked example (illustrative — replace with your own)

Cadence: monthly comprehensive scan; continuous monitoring of internet-facing assets; quarterly VAPT cycle with a CERT-In empanelled auditor. Illustrative KPIs: MTTR < 14 days for critical, FP rate < 5%, coverage drift < 10% quarter-on-quarter. Integration: VA findings auto-create patch tickets via your ticketing system.

Your text

[Fill in for your entity. Use the prompt above as your structure. Cross-reference your existing CSCRF documentation where relevant.]

08

Governance + IT-Committee Cadence

Guidance prompt

How does the IT committee maintain oversight of this plan over its lifecycle? Reporting cadence, KPI dashboard, escalation criteria, review-and-revise schedule.

What good looks like

Quarterly IT-committee report with named KPIs. Escalation thresholds defined for: AI-related incident, AI tooling FP/FN spike, vendor concentration risk. Annual plan revision with explicit "what changed in the threat landscape" section.

Worked example (illustrative — replace with your own)

Quarterly dashboard sent to IT committee 7 days before each meeting. KPIs: MTTR, AI alert volume, AI false-positive rate, vendor-tool count, agentic-action volume. Escalation: any P0 AI-related incident triggers immediate IT-committee notification + 7-day deep-dive review.

Your text

[Fill in for your entity. Use the prompt above as your structure. Cross-reference your existing CSCRF documentation where relevant.]

Security Brigade · CERT-In empanelled since 2008 · This template is a working artefact. The plan it produces is the RE's deliverable; the IT committee must ratify. Source advisory: SEBI Circular HO/13/19/12(1)2026-ITD-1_CIMGI/10873/2026 (5 May 2026).

Drafting the plan but want a second eye?

We can help draft the input package — current-state assessment, threat model, AI VA tooling evaluation, SOC transformation roadmap. Your IT committee still ratifies; we just shorten the path to a defensible draft.

Talk to a Compliance Specialist