If you are a CISO at a bank, an NBFC, or any RBI regulated entity, the AI risk directive has almost certainly consumed your last few weeks. As per the RBI mandate, the board approved gap assessment, the AI led testing, the vulnerability work, the action plan are due by end of June. It’s a heavy technical lift and it’s rightly where your attention has gone.
But there’s a flank that’s easy to leave exposed while you’re focused on the systems. Your workforce. The same AI capabilities the circular is worried about don’t only probe infrastructure. They target people, and they’re now good enough that the staff member at the front desk, in operations, in a branch, or on a call with a customer is as likely to be the way in as any unpatched server.
You can secure the technical assessment and still fail the spirit of the mandate if the human layer is left to chance. This post is about why workforce readiness belongs inside your AI risk posture, not beside it.
What the RBI directive is really asking
The directive asks regulated entities to understand their AI related risk and manage it. Most of the visible effort has gone into the technical interpretation. Testing systems with capable models, finding and closing vulnerabilities, building the cybersecurity framework. That’s correct and necessary.
But a risk assessment that stops at infrastructure is incomplete, and a supervisor reviewing your submission knows it. The Finance Minister flagged a frontier model as a new challenge precisely because these systems can do things at scale that used to take skilled human attackers. One of those things is manufacturing a near perfect deception aimed at a person. If your assessment accounts for how AI attacks your servers but not how it attacks your staff, you’ve mapped half the surface.
Why the human layer just became higher risk
Think about how the costliest incidents at banks actually happen. It’s rarely a clean break through a firewall. It’s far more often a person clicking a link, approving a payment that looked legitimate, or trusting a caller who sounded exactly like a colleague. AI has sharpened every one of those.
The scam messages are now nearly perfect. The old guidance to watch for bad grammar is dead. A model can write a flawless email in a manager’s tone, referencing real projects, asking for something urgent. Every employee who handles email is now a credible target.
The voice on the phone might not be real. Voice cloning from a few seconds of audio is here. A call that sounds like a branch head, a CFO, or a customer pushing for an exception is now a live technique. Operations, payments, and customer facing staff sit right in its path.
Approved or not, AI tools are already inside your perimeter. Staff are pasting drafts, documents, and customer details into public AI tools to move faster. Most don’t realize that data may leave the institution entirely, colliding directly with data protection and localisation obligations you’re accountable for.
Shadow tools are multiplying. When official systems are slow, people improvise with personal devices and unapproved apps, and useful AI tools make that temptation stronger. Each one is a blind spot your controls never see.
None of these are technical hacking problems. They’re human judgment moments, and they live in roles far outside your security team.
A controls based view of the workforce
You already treat your weakest technical link as a priority. The argument here is simply that, in the AI era, the human link has moved up the risk register and deserves the same rigour you apply to everything else.
That means workforce awareness can’t be the annual cybersecurity e-learning module nobody remembers. It has to be a real, measurable control. The institutions that come out of this well will be the ones where staff at every level understand how AI era threats work and know how to respond, and where that understanding is documented and refreshed rather than assumed. A bank with excellent technical defenses and a workforce that will wire money on the strength of a convincing voice note has not managed its risk. It has relocated it.
What you’d want your people to actually do
The goal isn’t to turn staff into security analysts. It’s to install a handful of instincts that hold up against AI accelerated social engineering.
Slow down on urgency. Almost every AI powered scam runs on pressure. Act now, keep it quiet, don’t check with anyone. The most protective habit you can instill is the pause and verify reflex on anything urgent involving money or data.
Verify the person, not the message. Since AI can fake both voice and writing, the message is no longer proof of who sent it. Confirmation has to go through a separately trusted channel.
Treat public AI tools as public. Staff should assume anything typed into a free AI tool could surface outside the institution, and should use only sanctioned tools for anything involving customer or internal data.
Surface the near misses. The odd email someone deleted, the call that felt off. Those signals are early warning, and most go unreported. A culture that flags them strengthens your whole detection posture.
Keep it current. These threats are moving fast enough that last year’s training is already stale. Refreshing it is part of keeping the control effective.
Don’t leave the AI-Powered Cyberattack Security training to chance
Here’s the practical problem. You don’t have the bandwidth to build and run organisation wide AI threat training while you’re also delivering the technical assessment by the deadline. And ad hoc, internally cobbled awareness sessions are exactly the kind of thing that looks fine on paper and fails in practice, which is the opposite of what you want attached to your name in a supervisory review.
This is where structured training earns its place. XLPro’s AI-Powered Cyberattacks: Awareness & Defence e-learning is built for people at every level of an organisation, not just specialists, with a focus on AI and the new generation of threats the RBI mandate is responding to. For a CISO, it’s a way to turn the workforce from your softest entry point into a documented, defensible control, without pulling your own team off the technical work that has to ship first.
The directive made the principle clear. In the AI era, security isn’t contained to a department. The technical assessment protects your systems. Training protects the people the attackers are actually aiming at, and that part is too important to leave to chance.
Want your workforce to be a control rather than a gap? Explore the XLPro’s AI-Powered Cyberattacks: Awareness & Defence e-learning or talk to our team about organisation wide training.
This post refers to the RBI’s June 2026 directive to regulated entities, as reported by Business Standard and RBI publications. For the specific obligations that apply to your institution, refer to official RBI communications.
continue reading
Related Posts
This blog intends to act like a Claude Mythos briefing...
