Indian banks are tightening oversight of open source dependencies as AI models like Claude Mythos accelerate vulnerability discovery, forcing a shift to continuous, real-time cybersecurity.
Indian banks are moving decisively from periodic compliance cycles to continuous cybersecurity models, with a sharp focus on real-time vulnerability detection, continuous remediation tracking, and exposure monitoring across “crown jewel” systems. A key trigger is the rise of advanced AI models such as Claude Mythos, which are accelerating the speed of vulnerability discovery and exploitation.
“The capability itself isn’t entirely new — the difference lies in orchestration,” said a chief information security officer at a private sector bank.
At the centre of this shift is growing scrutiny of embedded open-source components. Banks are mapping, risk-assessing, and continuously monitoring open-source dependencies to address hidden supply-chain exposures, while exploring stronger governance frameworks and automated dependency tracking.
Operationally, institutions are expanding AI-enabled 24×7 security command centres to monitor traffic, map attack vectors, and isolate threats rapidly. AI-led simulations and red-team exercises are also intensifying. “Now, scenario-building is faster and more complex, pushing us to strengthen layered controls and containment planning,” said a senior risk officer at a private sector bank.
Banks are prioritising critical databases, payment rails, and customer-facing applications, while tightening oversight of third-party APIs and fintech integrations after incidents such as exposed API keys. Continuous vulnerability discovery tools are replacing periodic reviews across cloud and public interfaces, supported by stronger network segmentation.
Despite these advances, risks persist. “The immediate risk areas remain internet-facing applications, remote admin interfaces, cloud consoles, public APIs, staging and test environments, and misconfigured cloud resources,” said Chandra Prakash Suryawanshi, managing director at Alvarez & Marsal.
With frameworks from RBI, SEBI, and CERT-In in place, the shift now is clear: continuous, AI-driven security has become essential.
