Relevance: GS III (Internal Security – Cyber Security & Science and Technology) | Source: The hindu
1. The Core Issue: Why the Urgent Meeting?
Recently, the Finance Minister held a high-level meeting with top bank chiefs, the Reserve Bank of India (RBI), and the Ministry of Electronics and IT (MeitY).
- The Problem: Highly advanced Artificial Intelligence (AI) models are creating massive new cybersecurity threats for banks.
- The Government’s Message: There is no need for public panic right now. Our banking systems are safe. However, banks must upgrade from a “wait and watch” approach to a proactive “AI-risk management” strategy.
2. The New Threat: Anthropic & “Claude Mythos”
The immediate reason for this crisis meeting was a new AI model called Claude Mythos, created by Anthropic (a top global AI research company).
- Automatic Flaw Detection: Normal AI helps humans write code or text. But reports suggest ‘Mythos’ can work independently. It can automatically and instantly find deep, hidden weaknesses in major computer operating systems. Human hackers usually take months to do this.
- The “Zero-Day” Danger: If malicious hackers use such AI tools to find and attack a banking system’s weakness before the software company even knows about it or issues a fix, it is called a “Zero-Day Exploit.” This can bring down an entire banking network overnight.
3. Major Risks to the Financial Sector
This level of advanced AI poses three major administrative and security challenges:
- System Failures: Core banking runs on standard global operating systems. If an AI independently discovers a basic flaw in these systems, standard bank firewalls become useless.
- Data Theft (Exfiltration): Banks hold highly sensitive personal and financial data. AI-driven cyberattacks can rapidly steal this data and lock the systems, demanding huge ransoms.
- Fake Identities (Social Engineering): Criminals can use AI to create highly realistic fake voices (“Deepfakes”) to bypass voice-passwords, or send highly personalized fake emails (phishing) to steal customer OTPs and credentials.
4. Way Forward
India runs the world’s largest digital payment system (UPI). A cyber-breach in banking is not just a loss of money; it is a direct threat to India’s economic stability. To protect the public, the administration must:
- Use “AI to Fight AI”: The government must make it legally mandatory for banks to use equally advanced “Defensive AI.” This AI will constantly monitor banking networks and fix weaknesses in real-time before hackers can enter.
- Create a “Regulatory Sandbox”: The RBI and MeitY must create a safe, controlled testing environment (a sandbox). Here, they can actively test and stress-check Indian banking infrastructure using the latest AI hacking tools to see how strong our defenses really are.
The TrapÂ
- The “Nodal Agency” Trap: UPSC often tests the exact roles of cyber agencies. An exam statement might claim, “CERT-In is the exclusive agency responsible for protecting India’s Critical Information Infrastructure (CII) like banking networks.” Incorrect. While CERT-In responds to everyday cyber incidents, the specialized statutory body legally mandated to protect critical sectors (where a failure would harm national security) is the National Critical Information Infrastructure Protection Centre (NCIIPC).
UPSC Value Box
| Key Concept / Body | Simple Meaning |
| NCIIPC | National Critical Information Infrastructure Protection Centre. The central agency under the IT Act that protects critical sectors like Banking, Power, and Transport from cyber threats. |
| ReBIT | Reserve Bank Information Technology Pvt Ltd. A special subsidiary of the RBI created specifically to manage the cybersecurity, IT needs, and cyber resilience of the Indian banking sector. |
| The Bletchley Declaration | A landmark global agreement (endorsed by India). It officially recognizes the catastrophic cybersecurity risks created by highly advanced “Frontier AI” models and calls for global safety rules. |
With reference to India’s cybersecurity framework and global AI initiatives, consider the following statements:
- Under the Information Technology Act, 2000, banking and financial networks are classified as Critical Information Infrastructure (CII).
- The National Critical Information Infrastructure Protection Centre (NCIIPC) is the nodal agency for protecting CII in India.
- The globally signed “Bletchley Declaration” primarily focuses on completely banning the use of Artificial Intelligence in the financial sector.
Which of the statements given above is/are correct?
(a) 1 and 2 only
(b) 2 and 3 only
(c) 1 and 3 only
(d) 1, 2 and 3
Correct Answer: (a)
Share This Story, Choose Your Platform!
Start Yours at Ajmal IAS – with Mentorship StrategyDisciplineClarityResults that Drives Success
Your dream deserves this moment — begin it here.