AI Is Fueling Faster And More Sophisticated Cyberattacks On Banking Sector, MeitY Warns

ai is fueling faster and more sophisticated cyberattacks on banking sector, meity warns

With advanced AI models like Claude Fable 5, Mythos and GPT-5.6 Sol becoming more powerful, governments around the world are worried about how generative AI could also be used by cybercriminals. While AI is helping businesses improve productivity, it is also giving hackers new ways to launch faster and more sophisticated cyberattacks.

Now, the Ministry of Electronics and Information Technology (MeitY) has raised a similar concern.

In the second edition of the ‘Digital Threat Report 2025-26‘, released by government-backed cybersecurity agencies CERT-In (Indian Computer Emergency Response Team) and CSIRT-Fin along with cybersecurity company SISA, the government has warned that generative AI is making cyberattacks more advanced, more sophisticated and harder to stop, especially in the Banking, Financial Services and Insurance (BFSI) sector.

S. Krishnan, Secretary, MeitY, said in the report that the financial sector is going through a major digital transformation. Technologies like cloud computing, artificial intelligence and real-time payment systems have made banking faster and more convenient for customers.

However, he said these technologies have also increased cyber risks by connecting banks with multiple platforms, partners and digital infrastructure.

“As the sector continues to adopt these emerging technologies, cyberattacks are growing faster, more sophisticated and increasingly systemic. Adversaries are no longer merely breaching perimeters; they are manipulating trust chains across biometric identity systems, AI-driven decisioning engines, real-time payment rails and third-party ecosystems,” he said in the report.

According to him, attackers are no longer simply trying to break into computer systems. Instead, they are targeting biometric identity systems, AI-powered decision engines, real-time payment networks and third-party technology partners.

He also warned that a successful cyberattack on a financial institution can damage customer trust and even affect financial stability because banks, fintech companies and payment platforms are closely connected.

“Given the deep interconnections among institutions, such attacks can cascade across the ecosystem, resulting in exponential and often irreversible losses,” the MeitY official said.

“Thus, efficient detection, response and rapid recovery from cyber incidents are essential to limit financial stability risks,” he added.

This helps reduce risks to the country’s financial system. Since banks, regulators, technology partners and customers are all connected, a cyberattack on one organisation can also affect many others, even if they were not directly targeted.

The report released by CERT-In says cyber risks are no longer limited to data theft or isolated security breaches.

Modern attacks now target transaction integrity, customer identities, AI systems, APIs, payment infrastructure and supply chains. In many cases, these attacks appear like normal user activity, approved transactions or usual workflows.

This makes them difficult to detect before the damage has already been done. One of the biggest findings in the report is that six of the seven predictions made in the previous edition have already become reality.

According to the report, this shows how quickly cyber threats are evolving. Earlier, new attack techniques would take time to move from research to real-world attacks.

Today, that gap has become much shorter, giving organisations very little time to prepare.

As per the report, traditional cybersecurity models are struggling to keep pace with the way financial services now operate. As banks increasingly rely on biometric authentication, AI-powered services, cloud platforms, APIs and instant payment systems, the attack surface has expanded significantly.

A single compromised digital identity can now provide attackers access to multiple connected systems. At the same time, AI models themselves are becoming targets, with hackers attempting to manipulate training data, prompts and other inputs to influence their behaviour.

Another major concern is the growing use of generative AI by cybercriminals. As per the report, deepfake impersonation has become more advanced, allowing attackers to create fake executive video calls, AI-generated phishing emails and highly convincing scams.

Business Email Compromise (BEC), credential theft and session hijacking are also becoming more common, it said. The report also revealed that phishing attacks are now making fake messages look almost identical to genuine communication.

“Many organisations continue to focus on meeting compliance requirements, but compliance alone does not guarantee security because modern cybercriminals are using advanced tactics that go beyond traditional security controls,” the report said.

To tackle these emerging threats, the cybersecurity agency recommends continuous monitoring, faster incident detection, real-time threat intelligence sharing and stronger cyber resilience instead of relying only on traditional security measures.

source

Leave a Reply