Menu
Download Broucher

ADI

Menu

IFSCA Advisory on Heightened Cyber Security Risks arising from Frontier Artificial Intelligence (AI) Models

oVERVIEW

  • The International Financial Services Centres Authority (IFSCA), through a Circular dated 4 June 2026, issued an advisory to all regulated entities (REs) in IFSCs regarding heightened cyber security risks arising from frontier Artificial Intelligence (AI) models.
  • The advisory states that recent developments in AI have significantly enhanced offensive cyber capabilities, enabling analysis of large codebases, identification of known and zero-day vulnerabilities, assessment of exploitability, and generation of working exploits at greater speed, scale, and lower cost.
  • The circular is to be read together with the existing IFSCA cyber security and cyber resilience guidelines applicable to Regulated Entities and Market Infrastructure Institutions in IFSCs.
  • IFSCA has advised REs to proactively strengthen their cyber security posture before such AI capabilities become more widely accessible. REs are expected to reassess their cyber security risks and implement suitable mitigating controls based on the principle of proportionality.

                                  Reason for Issuing the Advisory

  • The circular highlights that the time gap between disclosure of a vulnerability and its exploitation may reduce from weeks to only a few hours.
  • Therefore, regulated entities cannot rely on slow patching or delayed response mechanisms. They are expected to strengthen their cyber security systems in advance.

Key Cyber Security Measures

  • REs should treat newly disclosed critical vulnerabilities as exploitable within hours and prepare for rapid “patch waves” across their technology systems.
  • REs should include Frontier AI-related cyber risks as a specific scenario in their cyber security risk assessments, with periodic review by the Board and, for MIIs, by the Standing Committee on Technology.
  • REs should maintain a Software Bill of Materials (SBOM), including open-source components, to enable quick impact assessment during vulnerability events.
  • REs are encouraged to implement phishing-resistant MFA for internet-facing systems and privileged access, with strong identity verification for enrolment and changes to MFA devices.
  • REs should prioritise patching of vulnerabilities that are most likely to be exploited.
  • REs must maintain a complete inventory of APIs and consuming applications, apply rate-limiting/throttling controls, and restrict API access to authorised entities only.
  • REs should require critical service providers to assess Frontier AI risks and provide evidence of preparedness for faster exploit timelines and timely remediation.
  • REs are encouraged to establish rapid response mechanisms for credential compromise, including automated resets, account lockouts, and continuous monitoring.
  • REs may adopt AI-assisted vulnerability detection tools, provided use is authorised, sensitive data is not shared with unapproved external services, and the AI provider’s data-handling terms are adequate.
  • Where AI or automation is used for vulnerability detection or remediation, REs should ensure human oversight and rigorous security testing before deployment in production systems.
                                                   Conclusion
 
  • IFSCA’s advisory marks an important step in strengthening the cyber resilience of GIFT City’s financial ecosystem.
  •  
  • With frontier AI making cyber threats faster, smarter, and more scalable, Regulated Entities are expected to stay ahead through stronger controls, faster vulnerability response, and robust monitoring systems.
  • The circular reinforces GIFT City’s commitment to maintaining a secure, future-ready, and globally trusted IFSC environment.
  • Overall, it positions cyber preparedness as a key pillar for sustainable growth and investor confidence in GIFT City.
  •  

 

 

Download Brochure