India's SEBI Issues Cybersecurity Advisory Over Anthropic's Mythos Bug-Hunting AI

India's Securities and Exchange Board has issued an urgent advisory to participants in the nation's equities industry, cautioning them to reassess their information security posture in response to risks posed by Anthropic's Mythos bug-finding AI. The regulator, India's equivalent of the U.S. Securities and Exchange Commission, established a dedicated taskforce that will examine threats from models like Mythos, disseminate threat intelligence, track incidents, and conduct reviews of cybersecurity practices at third-party software vendors supplying both the regulator and the entities it oversees.

The advisory outlines specific precautionary measures. Market participants are urged to ensure patches are current, conduct audits of potential vulnerabilities, inventory and secure APIs, maintain robust security operations centers that generate actionable alerts, and harden systems by adopting principle-of-least-privilege frameworks. The guidance comes as regulators globally grapple with the dual-use nature of advanced AI tools capable of identifying software weaknesses—capabilities that could serve defensive purposes or, if accessed by malicious actors, enable sophisticated cyberattacks.

The move places India's financial regulator among the first major market authorities to formally respond to AI-driven bug detection tools with sector-specific guidance. SEBI's focus on third-party vendors reflects broader regulatory anxiety about supply chain vulnerabilities in financial infrastructure. While the advisory stops short of mandating specific actions, it signals heightened scrutiny and establishes a framework for coordinated threat monitoring across India's equities ecosystem. The taskforce's mandate to share intelligence and report incidents suggests ongoing assessment rather than a one-time response, leaving room for future regulatory tightening depending on how the threat landscape evolves.