SEBI AI Guidelines: What 10k+ Financial Entities Must Do

SEBI’s May 5, 2026, circular (HO/13/19/12(1)2026-ITD-1_CIMGI/10873/2026) is addressed to every category of regulated entity in the Indian securities market — exchanges, depositories, brokers, mutual funds, custodians, credit rating agencies, merchant bankers, portfolio managers, investment advisors, and more. Over 10,000 entities. The subject: AI-driven vulnerability detection tools like “Claude Mythos” and the new risk dimensions they create.

This isn’t a vague advisory about “emerging threats.” SEBI names the technology, forms a dedicated task force (cyber-suraksha.ai), and issues a 10-point Annexure-A directive that reads more like an operational mandate than guidance. And buried within those 10 points is something most readers will miss on first pass: SEBI doesn’t just warn about AI — it explicitly calls for AI adoption in multiple places. That’s the part worth paying attention to.

Every Place SEBI Calls for AI Adoption

Most coverage of this circular focuses on the threat angle. But SEBI is simultaneously telling regulated entities to use AI as a defensive tool. Here’s every point in the advisory where AI is explicitly referenced or recommended:

Annexure-A, Point 2 — “Conduct Vulnerability Assessment (Using conventional and suitable AI-based Vulnerability Assessment Tools where possible) and undertake security audits on a regular/continuous basis.”

SEBI is explicitly recommending AI-based VA tools for continuous security assessment. Not as an option. As the recommended approach, “where possible.”

Annexure-A, Point 3 — “Exchanges and Depositaries shall direct their empaneled application vendors… to undertake comprehensive assessment of the risks arising from the use of AI-led vulnerability detection models.”

Vendors must assess risks from AI-driven vulnerability tools specifically. This makes AI-related risk assessment a supply chain requirement, not just an internal one.

Annexure-A, Point 7 — “Risk assessment shall include comprehensive scenario-based testing for assessing risks… The capability of AI-based models may also be considered as one of the risk scenarios.”

Your risk assessment framework now needs to model an attacker using AI-driven tools. SEBI is saying: if your threat model doesn’t account for AI-speed reconnaissance and exploitation, it’s incomplete.

Annexure-A, Point 10 — “All REs need to prepare a long-term plan for the usage of AI in detection and autonomous/agentic mitigation. Also, undertake other measures, including recalibration of risks for AI-accelerated threats, AI-augmented SOC transformation, and continuous vulnerability management using AI tools.”

This is the most forward-looking item in the entire advisory. SEBI is directing every regulated entity to plan for autonomous AI-driven security operations — not just detection, but “agentic mitigation.” It also calls for AI-augmented SOC transformation and continuous VM using AI tools. Three separate AI adoption mandates in a single point.

Task Force Mandate (Section C.i) — “Closely examine the cybersecurity risks posed by AI-based models and devise a uniform mitigation strategy against the risks posed by such models.”

The cyber-suraksha.ai task force is charged with creating a uniform strategy for AI-related risks across the entire ecosystem.

Count that up: Points 2, 3, 7, and 10 of Annexure-A, plus the task force mandate itself — five distinct places where SEBI either recommends AI adoption, mandates AI risk assessment, or directs long-term AI planning. This isn’t a circular that’s only about defense. It’s a circular that recognizes AI must be on both sides of the equation.

How This Affects Security Programs

The advisory’s 10 points, taken together, demand changes across every major security function. Here’s where existing programs break and what needs to change.

Vulnerability Management goes from periodic to continuous. Points 1 and 2 together eliminate the quarterly VA cycle as sufficient. Point 1 demands immediate patching of all known vulnerabilities. Point 2 demands continuous assessment using AI-based tools. If your current program runs scans every 90 days, the regulator is telling you that’s not enough — AI-speed threats need AI-speed detection.

Third-party risk management gets specific teeth. Points 3 and 4 shift vendor oversight from “do you have a SOC 2?” to “have you assessed risks from AI vulnerability tools, and what’s your patch cadence for what they find?” Change management (Point 4) applies to every system modification including minor ones. If a vendor pushes a minor patch that introduces a new exposure, your change management process needs to catch it.

API security becomes a first-class program. Point 5 reads like a remediation checklist for the API breaches that dominate financial services: maintain a current API inventory (including shadow APIs), enforce authentication and authorization, implement rate limiting, and restrict connections to whitelisted sources. Most entities don’t even have a complete API inventory today.

SOC operations require AI-speed response. Point 6 pushes for enhanced monitoring, SOAR/SIEM integration, and M-SOC onboarding. The subtext is clear — when threats move at machine speed, manual alert triage doesn’t cut it. Low-priority alerts need examination. Automated response playbooks need deployment.

Risk assessment adds a new threat actor. Point 7 mandates scenario-based testing that includes AI-driven attacker models. Your risk register needs to account for an adversary who can discover your entire external attack surface in hours, chain low-severity findings into high-impact paths, and exploit new CVEs within days of disclosure.

Asset management becomes the foundation. Points 8 and 9 — system hardening, Zero Trust, asset inventory, and SBOM maintenance — are the infrastructure everything else depends on. You can’t patch what you don’t know about. You can’t test what isn’t in your inventory. You can’t enforce least privilege without a complete picture of what’s running.

Strategic AI adoption is no longer optional. Point 10 is a directive to plan, not just a suggestion to consider. IT committees are explicitly referenced as the governance body. The plan must cover AI-driven detection, autonomous/agentic mitigation, AI-augmented SOC, and continuous VM using AI tools.

Where Organizations Should Adopt AI to Meet SEBI’s Goals

Based on the five AI references across the advisory, here’s where AI adoption maps to operational needs:

• Continuous vulnerability assessment and pen testing (Points 1, 2). This is the most immediate need. AI-based pen testing platforms can test across the full application portfolio continuously, rather than covering 20% of apps on an annual cycle. They validate findings through actual exploitation — producing proof-of-concept code, HTTP request/response pairs, and reproduction steps — rather than generating unvalidated scanner alerts with 40–70% false positive rates.
• Attack surface management and asset discovery (Points 5, 9). AI-driven ASM discovers what manual inventories miss: shadow APIs, forgotten staging environments, vendor-supplied applications that aren’t in the CMDB, and open-source components with known CVEs. Continuous discovery is the prerequisite for everything else in this advisory.
• AI-augmented SOC operations (Points 6, 10). SOAR playbooks that automatically triage, contain, and escalate — informed by AI-driven threat correlation — are how you match defense speed to attack speed. Point 10 explicitly calls for “AI augmented SOC transformation.”
• Risk assessment with AI-driven threat modeling (Points 7, 10). Simulating AI-speed attackers requires AI-speed testing. Red team exercises that model machine-driven reconnaissance, vulnerability chaining, and rapid exploitation give your risk assessment the realism that manual scenarios lack.
• Autonomous/agentic mitigation (Point 10). This is the furthest horizon. SEBI is telling entities to start planning for AI systems that don’t just detect problems but autonomously remediate them — patching, reconfiguring, isolating — within governed boundaries. Nobody has to deploy this tomorrow, but the planning starts now.

How FireCompass Maps to SEBI’s Requirements

FireCompass is an agentic AI platform for automated pen testing, red teaming, and attack surface management. Here’s how the platform maps to each Annexure-A point — and which requirements it directly addresses:

Coverage: 9 of 10 fully addressed; 1 partial (Point 6 SOC integration supported, M-SOC onboarding is entity-specific).

The governance piece matters as much as the capabilities. SEBI’s advisory implicitly demands auditability — Points 4 (change management), 6 (SOC monitoring), and 7 (risk assessment) all require documentation and traceability. FireCompass delivers this through an AI Firewall architecture (deterministic rule-based guardrails governing non-deterministic LLM output), scope boundary enforcement on every action, safe payload enforcement blocking modify/update/delete by default, credential scope guards preventing cross-environment reuse, and append-only audit logs with cryptographic timestamps that satisfy DORA, PCI DSS 4.0, SOC 2 Type II, and ISO 27001.

Try the free Explorer agent at firecompass.com/explorer to see what an AI-driven assessment finds across your external attack surface — or download the SEBI Compliance Framework whitepaper for the full capability mapping.