IRDAI has given all Indian insurance companies until May 22 to submit action reports on their AI cyber readiness. Regulators fear complex AI-driven threats can bypass existing security frameworks at speed and scale. This deadline follows similar warnings from CERT-In and SEBI on AI-enabled vulnerability exploitation.
How We Got Here
CERT-In issued an advisory on April 26, directing companies to patch critical vulnerabilities within 24 hours. SEBI followed on May 5, mandating continuous AI-based vulnerability assessments for regulated entities.
The Numbers
- IRDAI wants detailed preventive, detection, and response mechanisms for AI-enabled threats.
- Insurers must evaluate their exposure to advanced AI systems and ensure safeguards protect sensitive data assets.
- IRDAI specifically flagged vulnerabilities linked to legacy IT infrastructure as inadequate for emerging cyber risks.
- CERT-In warned against emerging AI-driven cyber threats linked to Anthropic’s Claude Mythos.
- SEBI also mandated stricter vendor oversight and enhanced API and change management controls for regulated entities.
What Happens Next
🇮🇳 Why This Matters for India
For product managers at legacy insurers in Mumbai, upgrading antiquated systems to handle AI-powered threats means significant budget and resource reallocation this year.
The Take
The actual risk isn't from a direct AI-powered attack today; it's the internal operational vulnerabilities created as insurers rush to implement AI tools without adequate internal controls. This will create new vectors for exploitation within the next six months.
Source:
MediaNama ↗