Contact us

      The Reserve Bank of India (RBI) released advisories on AI-Accelerated Cyber Threats and Related Safeguards (AI-ACT&RS) revolving around the threats emanating from deployment of Artificial Intelligence (AI) in the financial sector.

      AI has moved from a support tool to a force multiplier-accelerating both innovation and cyber risk. Regulators are signaling a clear shift: assume adversaries are already using AI and act accordingly.

      Threat actors are now leveraging AI to scale reconnaissance, find vulnerabilities faster, automate malware, and execute more convincing phishing and social engineering. The result is sharper, faster, and more persistent attacks across the entire stack.

      In response, regulated entities must treat this as a resilience gap assessment moment. The priority is to systematically identify and fix weaknesses, especially in critical systems, digital channels, payments, IAM, monitoring, cloud, APIs, and sensitive data stores before they are exploited.

      The advisory’s intent is two fold:

      Harden existing technology stacks against AI-accelerated threats

      Put guardrails around how AI (including generative AI) is adopted, integrated, and sourced

      Our report maps the advisory’s controls to existing tech stack, spanning risk assessment and preparedness, architecture and cyber resilience, vulnerability and patch management, monitoring, detection, response and testing, protection against AI-Enabled social engineering and impersonation, and leveraging AI tools for cybersecurity/IT activities.

      Furthermore, we cover how REs can deploy AI responsibly, with appropriate safeguards to prevent cyber, data protection, and operational resilience risks. 

      We delve into domains like

      • AI governance
      • Classification, ownership and lifecycle management
      • Secure development, integration and configuration
      • Access control and data protection
      • AI-specific threat controls
      • Performance monitoring and output validation
      • AI change management
      • Logging, traceability and forensic readiness
      • Resilience and continuity, AI agents and privileged access
      • Third-party AI risk management
      • Creation of AI usage policy
      • Audit, testing, training and awareness for AI systems

      AI risk is no longer abstract. It is operational, immediate, and requires disciplined strengthening of cyber controls alongside responsible AI deployment.

      RBI advisory on AI-Accelerated Cyber Threats and Related Safeguards (AI-ACT&RS)

      Disciplined strengthening of cyber controls alongside responsible AI deployment

      Download the report (4.9 MB)

      Key Contacts

      Kunal Pande
      Kunal Pande

      National Leader - Cyber, Risk and Compliance Services

      KPMG in India

      Rohan Padhi
      Rohan Padhi

      Partner, National Co-Lead, Digital Risk and Cloud Security

      KPMG in India

      Romharsh Razdan
      Romharsh Razdan

      Partner, Digital Trust

      KPMG in India

      How can KPMG in India help

      Use cyber security to protect your future
      Read more

      Transformation driven by data, enabled by digital technology, and led by business initiatives
      Read more

      New challenges and opportunities are quickly reshaping financial services
      Read more

      Access our latest insights on Apple or Android devices

      kpmg-insights-edge-qr