scorecardresearch
Add as a preferred source on Google
Monday, July 13, 2026
Support Our Journalism
HomeTechGovt-backed report raises alarm—frontier AI models can now attack banks with minimal...

Govt-backed report raises alarm—frontier AI models can now attack banks with minimal human help

For India, report points out that BSFI cyberattacks are running at 1.6 times the global average, incidents have more than doubled between 2021 and 2025.

Follow Us :
Text Size:

New Delhi: Frontier artificial-intelligence (AI) models are now capable of running cyberattacks against financial institutions with minimal human help, and adversaries already have these tools in hand, according to the second edition of the Digital Threat Report 2025-26, launched Monday by Ministry of Electronics and Information Technology (MeitY) Secretary S. Krishnan and CERT-In Director General Sanjay Bahl.

The report, a public-private collaboration between cybersecurity firm SISA, CERT-In and the finance-sector team CSIRT-Fin, focuses on the Banking, Financial Services and Insurance (BFSI) sector and documents what it calls “AI asymmetry” to indicate offensive capability scaling faster than the defensive and regulatory frameworks meant to contain it.

Among its starkest findings: in November 2025, Anthropic disclosed GTG-1002, described as the first reported large-scale AI-orchestrated cyber-espionage campaign. According to the report, this was a Chinese state-linked operation in which the AI executed 80 to 90 percent of the work independently against roughly 30 global targets, including financial institutions. 

The report says the agent fired thousands of requests per second across those organisations, operating from inside the perimeter using credentials it already held.

It adds that the April 2026 disclosure of Claude Mythos Preview, a frontier model that flagged more than 23,000 potential vulnerabilities, of which over a thousand confirmed findings were rated high or critical, “confirmed the trajectory”. In one exercise cited, frontier models produced working attacks against 207 of 405 historical smart-contract exploits, totalling $550 million in simulated stolen funds.

Such attacks, the report warns, “can now be executed at machine speed” by actors with far more modest capability and budget than the specialist teams that once needed weeks. Crucially, it notes, the capability first appeared in smaller, cheaper open models and is “already in adversarial hands”.

For India, the numbers are pointed. Banking, Financial Services, and Insurance (BSFI) cyberattacks in the country are running at 1.6 times the global average, and incidents have more than doubled in four years, from 1.4 million in 2021 to 2.9 million in 2025.

A central claim of this year’s edition is a signal of acceleration: six of the seven forward-looking predictions made in the previous report have already reached full-scale realisation. The only one still pending is quantum risk—though the report notes adversaries are already pursuing “harvest-now, decrypt-later” strategies, stealing encrypted data today to crack once quantum computing matures. 

What AI has given attackers, the authors argue, is four things they lacked before: speed, scale, accuracy and autonomy.

Supply-chain compromise features heavily in the report. It cites a 2025 single-vendor breach that hit more than 70 US banks and credit unions, exposing more than a million customer records, and an April 2026 incident in which two major US banks appeared simultaneously on a ransomware leak site after a shared vendor was compromised. Many ransomware groups, it notes, have abandoned encryption altogether in favour of pure data theft and extortion — “faster, harder to detect, equally coercive”.

Defenders remain slow. The report pegs the mean time to identify and contain a breach at 263 days, even as the zero-day exploit window has compressed from weeks or months to hours.


Also Read: India hedges against US curbs on frontier AI, parses Washington’s access assurance carefully


‘Every breach leaves behind a lesson’

In his written foreword, Krishnan said adversaries are “manipulating trust chains” across biometric identity, AI-driven decisioning engines and real-time payment rails, and flagged that some firms “struggle to translate compliance into real-world resilience,” where controls that pass periodic audits fail under live attack.

At the launch, Krishnan urged organisations to treat cybersecurity as “an enterprise wide systemic risk” demanding constant guard, describing “constant vigilance” as the underlying principle of the discipline. He also framed AI as double-edged, noting it “has the scope of creating the capabilities for defenders to defend” against the kind of attacks adversaries can now mount—and, pointing to the report’s cover illustration of a mechanical Trojan horse, stressed the need to build domestic capacity and “look every proverbial gift horse in the mouth”.

CERT-In Director General Sanjay Bahl said cybersecurity was “evolving into a strategic concept defined by speed, intelligence, and resilience,” and warned that “the race around vulnerability discovery and exploitation has intensified”. 

AI, he added, can be “a major enabler when it is governed, tested, monitored” and folded into resilient security operations, but a source of risk if deployed ahead of adequate controls, model assurance and human oversight. 

He argued the sector must move beyond “periodic and reactive security measures” toward a continuous, intelligence-driven approach.

SISA founder and CEO Dharshan Shanthamurthy struck a similar note, arguing cybersecurity can no longer operate “at the edge of the business”. His firm’s forensic work, he wrote, teaches a simple truth: “every breach leaves behind a lesson.”

To structure its findings, the report introduces a four-layer “anatomy of cyber failure” framework—design, enforcement, signal and response gaps—and walks through four real-world failure chains, from trusted-entry breaches and privilege escalation to business-logic abuse and “invisible” attack chains that operate where telemetry simply does not exist.

It maps threats across six BFSI “operating layers” and offers an 18-month roadmap across three horizons, from foundational controls such as phishing-resistant multi-factor authentication to longer-cycle shifts like passwordless authentication and post-quantum cryptography migration. It also lists supervisory priorities for 2027 and recommendations for policymakers, including adversarial-robustness testing before AI is deployed in consequential financial decisions, and treating AI agents as privileged identities under continuous monitoring.

The overarching message, the authors argue, is not simply that threats are rising but that the boundaries financial institutions have long relied on—inside versus outside, trusted versus untrusted, fraud versus cybersecurity—are dissolving. 

Security, they conclude, must shift “from static control to continuous assurance”.

Last year’s inaugural edition drew about 20,000 downloads and 350 executive briefings and was showcased at the RSA Conference in San Francisco, SISA said at the launch.

(Edited by Amrtansh Arora)


Also Read: Frontier model security risks, an annulled poll, deepfakes—UN report warns AI is outpacing safeguards


 

Subscribe to our channels on YouTube, Telegram & WhatsApp

Support Our Journalism

India needs fair, non-hyphenated and questioning journalism, packed with on-ground reporting. ThePrint – with exceptional reporters, columnists and editors – is doing just that.

Sustaining this needs support from wonderful readers like you.

Whether you live in India or overseas, you can take a paid subscription by clicking here.

Support Our Journalism

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular