AI, identity, real-time payments creating new cyber threat landscape: Report
The Digital Threat Report 2025-26 notes that conventional cybersecurity architectures were designed around centralised systems with clearly defined trust boundaries.
The rapid transformation of banking and financial services is creating a fundamentally new cyber threat landscape, according to a report arguing that traditional security models are no longer sufficient to address today's interconnected ecosystems.
The Digital Threat Report 2025-26, released on Monday, notes that conventional cybersecurity architectures were designed around centralised systems with clearly defined trust boundaries.
Today's financial ecosystem, however, is built around interconnected platforms, embedded finance, AI-driven decision-making and real-time payments, dramatically expanding the attack surface, says the new report by the Ministry of Electronics and Information Technology (MeitY), Indian Computer Emergency Response Team (CERT-In), the Computer Security Incident Response Team in Finance (CSIRT-Fin) and SISA.
"Modern financial attacks are moving from direct compromise to trust-chain manipulation across biometric onboarding, partner apps, AI decisioning, real-time payments, APIs, programmable finance, and third-party ecosystems. Attackers are exploiting the gaps between systems, institutions, and workflows, where no single control owner has full visibility," the report said.
According to the report, this is resulting in a new threat model in which a breach is no longer confined to credentials or transactions but is embedded across identity, AI, APIs, payment logic, and supply chains.
The convergence of real-time irreversibility, AI-driven decisioning, programmable financial logic, continuous identity planes, and ecosystem-dependent operations creates a threat environment in which speed, complexity, and interdependency compound simultaneously.
"Regulatory compliance frameworks are catching up, but they are catching up to an architecture that is itself still evolving," it said.
The lag between structural change and security model adaptation is the "window" that sophisticated threat actors are actively exploiting.
Conventional security architectures were designed for a world where control was centralised, and trust was bounded, it said, but pointed out that such a design does not hold in the current operating environment.
The report warned that as digital services span multiple platforms, fragmented security and identity-based access increase risks, with a single compromised identity potentially enabling persistent, cross-platform access to multiple accounts and services.
"When identity becomes the primary control plane for access and transactions, built on biometrics, continuous authentication signals, and cross-system token chains, a single identity compromise no longer affects one account. It provides broad, persistent, cross-system access," it said.
Compliance monitoring that relies on control signals becomes `weaponisable' because attackers can suppress logs, manipulate alert thresholds, and maintain the appearance of a clean posture while operating within a compromised environment, according to the report.
The threat surface is no longer a perimeter. Instead, it is a distributed, continuous, shifting mesh of relationships across partners, platforms, models, APIs and infrastructure layers. None of which an institution fully owns or controls, said the Digital Threat Report for the banking, financial services and insurance sector.

