Thales report says bots accounted for more than 53 per cent of web traffic in 2025, with AI driven attacks rising sharply and APIs becoming a key target.
Cyber CrimeFinance & BankingOpinion & ResearchTech Talk

The ‘MYTHOS’ AI Era: Why Banking Must Have Real-Time Vigilance

Sangeeta Patnaik
By Sangeeta Patnaik
5 Min Read

Sophisticated digital attacks are no longer the domain of elite hackers. AI driven tools are making these cheap, fast & widely accessible. Hacking, once considered a labour-intensive process that required scanning codebases, mapping network weaknesses and chaining vulnerabilities into coordinated attacks are now being automated. AI ‘Frontier Models’ can identify vulnerabilities, simulate attacks, and execute multi-stage intrusions with minimal human intervention. They are not just breaking in; they are manipulating to blend into the digital environment and hide their actions in system memory. The result is not just more attacks, but attacks that are scalable, precise, faster and harder to detect.

Cyber defence, especially in regulated sectors like Banking, are still process-heavy and reactive. The question is not “how to stop attacks”. The real question is how to redesign control systems for a world where threats operate at machine speed.

Continuous Verification of Perimeter Security

Traditional banking security leans on perimeter controls like firewalls, VPNs, and trusted internal networks. AI-driven attacks can impersonate users, generate valid-looking credentials, or exploit small misconfigurations. In critical environments such as Core Banking Systems (CBS), Treasury Systems and Payment Gateways, lateral movement of these attacks can be catastrophic.

Zero-trust architecture needs to be operationalised by:

  1. Subjecting every access request (systems, vendors, employees) to continuous verification
  2. Granting time bound privileged accesses and continuously monitoring their behaviour
  3. Segmenting internal systems so that they work in a co-ordinated manner and yet isolate in case of an attack

Behavioural Identity Assurance

Phishing, Vishing, Smishing, and even internal chat simulations are getting far more convincing with AI-impersonation. What is important is that AI-tools will not just attack from outside; they can amplify insider misuse.

Credential security will no longer suffice. Banks must adopt an approach that supports continuous scanning for logins that defy geography, user behaviour that defies history and access that defies authorisation. Systems should flag patterns as they emerge across geographies and accounts.

Banks must switch to an identity assurance model that can:

  1. Monitor impossible travel, anomalous session behaviour, and privilege escalation patterns
  2. Deploy behavioural biometrics like typing patterns, login habits, etc., and then sense and alert these unusual patterns.
  3. Enforce resistant Multi-Factor-Authentication (MFA) such as hardware tokens, app-based push with number matching, etc..
  4. Co-relate events across digital channels, ATMs and branches.

Integrating Analytics into Vigilance

Single large frauds are easy to detect but micro attacks that are high in volume can sneak in undetected. AI-tools can initiate credential-stuffing, generate thousands of low-value phishing attempts and probe many dormant accounts all at once.

Banks should adopt measures to:

  1. Strengthen the monitoring of dormant accounts
  2. Use velocity checks (transactions per minute/hour anomalies)
  3. Correlate seemingly unrelated small incidents to detect intrusions

Prepare for Deepfake and Social Engineering Risks

Targeted Voice-based frauds, fake instructions from officials, deepfake KYC or video verification are real world threats now.

Banks should:

  1. Implement deepfake detection tools in high-risk workflows
  2. Introduce out-of-band verification for sensitive instructions
  3. Train staff to detect fake instructions such as those with an underlying urgency that is combined with authority.

Governance: Make Cyber Risk a Board-Level Issue

AI-driven cyber risk can no longer be dealt with as an isolated IT issue. Board members need to accord cyber risks and data breaches the urgency that it deserves and not wait to take action till “all the facts are found” or  “till we understand”.  Cyber risks pose not just Operational, Financial, and Reputational threats but can become systemic threats within a short span of time.

Banks should take steps at a policy level to:

  1. Integrate cyber risks into enterprise risk management
  2. Conduct AI-attack simulations
  3. Align with evolving Global standards & Regulatory expectations
  4. Escalate incidents to the nodal bodies such as the Indian Computer Emergency Response Team (CERT-in)

In the Mythos AI-driven threat landscape, trust will belong to banks that can see, decide, and act in real time.

📲 Join Our WhatsApp Channel

Stay Connected