New Delhi: The Reserve Bank of India (RBI) has identified artificial intelligence (AI)-enabled cyber threats as the most significant emerging risk to the country’s financial system, warning that rapid adoption of AI is exposing banks and financial institutions to increasingly sophisticated cyberattacks.

The warning was issued in the RBI’s June 2026 Financial Stability Report (FSR), which highlights growing concerns over operational, cybersecurity and systemic risks arising from AI adoption across banks, non-banking financial companies (NBFCs) and other regulated financial entities.

AI tops list of emerging cyber risks

According to the RBI’s survey of regulated financial institutions, AI-enabled cyber threats ranked as the biggest cybersecurity concern over the next 12 months.

Respondents placed AI-related risks above ransomware, malware, phishing attacks, third-party supply chain risks and software application vulnerabilities.

The report noted that advances in AI have significantly increased the sophistication, speed and scale of cyber incidents, enabling attackers to launch more convincing and complex attacks.

The RBI observed that while financial institutions are increasingly using generative AI for customer service, fraud detection, lending decisions and internal operations, cybercriminals are also leveraging the same technology to enhance their attacks.

Financial institutions still strengthening preparedness

The report found that many financial institutions are still developing their ability to manage AI-related cyber risks.

Only a small proportion of respondents described their AI cyber preparedness as “Mature”, while most classified themselves in the “Developing” or “Intermediate” stages of integrating AI risks into their cybersecurity frameworks.

The RBI said this highlights the need for stronger governance, improved risk assessment and more robust cybersecurity practices as AI adoption accelerates.

Banks increasing cybersecurity investments

Recognising the growing threat landscape, banks and financial institutions have increased investments in cybersecurity infrastructure and personnel.

According to the report, around 67 per cent of surveyed institutions increased their IT and cybersecurity workforce between March 2025 and March 2026.

Additionally, 71 per cent reported raising cybersecurity spending as a proportion of their overall IT budgets during the past three financial years.

The central bank said global technology spending benchmarks could help institutions strengthen their digital resilience against evolving cyber threats.

Global regulators tightening AI oversight

The RBI noted that financial regulators worldwide are moving beyond viewing AI solely as an innovation tool and are instead developing dedicated supervisory frameworks to address AI-related risks.

The report highlighted that the Financial Stability Board (FSB) has introduced a dedicated AI workstream in its 2026 programme to establish sound practices for AI adoption in financial services.

It also referred to guidance issued by the International Organization of Securities Commissions (IOSCO), which includes recommendations on AI governance, third-party risk management, transparency and reporting.

The Organisation for Economic Co-operation and Development (OECD) has similarly published guidance to assist financial regulators in supervising AI adoption across banking, insurance and capital markets.

According to the RBI, these developments represent a shift from broad AI principles to practical regulatory oversight.

RBI warns of systemic risks

Beyond cybersecurity, the RBI cautioned that AI introduces wider operational and systemic risks.

The report expressed concerns over inadequate model validation, weak data governance, excessive reliance on a limited number of AI providers and concentration risks associated with common cloud infrastructure and AI platforms.

The central bank warned that if multiple financial institutions depend on the same AI models or technology providers, a disruption or compromise affecting a single provider could have cascading effects across the financial system.

It also cautioned that advanced AI models could increase operational disruptions, expose sensitive customer information, result in financial losses and erode public confidence in the banking sector.

Cyber incidents highlight growing concerns

The RBI’s observations come amid increasing global cyber incidents targeting financial institutions.

The report referred to the alleged “Mythos” ransomware campaign, which highlighted how cybercriminals are using advanced automation and AI-assisted techniques to target critical financial infrastructure.

Although no major disruption to India’s banking system was reported, cybersecurity experts have warned that AI is making phishing, malware development, identity theft and financial fraud increasingly difficult to detect.

Stronger AI governance proposed

To address these challenges, the RBI has emphasised the need for stronger AI governance, enhanced cyber resilience and improved third-party risk management across the financial sector.

The report said the proposed Financial Sector Cybersecurity Strategy (FSCSS), being developed by the Financial Stability and Development Council (FSDC), is expected to play an important role in strengthening India’s financial ecosystem against AI-driven threats.

Conclusion

As banks continue adopting AI to improve efficiency and customer services, the RBI has cautioned that robust safeguards must evolve alongside technological advancements. The central bank believes proactive governance, cybersecurity investment and regulatory preparedness will be critical to protecting India’s financial system from emerging AI-powered threats.