Financial System Resilience: Sber Deploys an Offensive Cybersecurity Framework

A Self‑Directed Cybersecurity Model

Sberbank has introduced a multi‑agent offensive cybersecurity platform in which one AI agent continuously attacks a controlled banking environment, while another defends against those attacks and learns from them in real time. The goal is to reduce cyber‑threat analysis time, accelerate mitigation development, detect emerging attack types, and improve incident‑response speed.

The initiative signals a broader national trend: Russia is rapidly integrating AI‑driven security systems across critical infrastructure and the financial sector. For the domestic IT market, the launch demonstrates the priority placed on advanced technologies capable of shaping competitive standards and influencing regulatory expectations.

For citizens, these developments indirectly enhance the security of their accounts and financial services. For the country, they strengthen the resilience of critical infrastructure and reduce the risk of large‑scale cyberattacks. If successfully developed and certified, such systems could eventually be exported as cybersecurity technologies.

Scaling Scenarios

The system could be adapted for international markets—particularly CIS nations and countries in the Global South seeking solutions with reduced dependence on Western vendors. Export readiness will depend on certification, commercial maturity, compliance with international standards, and the provider’s ability to support deployments.

“The future of cyber defense lies in multi‑agent systems powered by artificial intelligence. AI agents are already integrated into many of the bank’s protection processes. Now, the company has developed and deployed a multi‑agent defense system that reduces the time required for threat analysis, accelerates mitigation development, identifies new attack types, and increases incident‑response speed. In the future, the system will be able to operate autonomously, without human involvement.”

Sergey Lebed

Sberbank’s Vice President for Cybersecurity

Domestically, the model supports broad scaling across banks, financial institutions, infrastructure operators, and public‑sector systems. Multi‑agent RedTeam + BlueTeam + AI configurations could be adopted in government, industry, and critical infrastructure. Regulatory standards for AI in cybersecurity will need to evolve to support such deployments.

From Discussion to Deployment

As early as 2025, Sber emphasized that AI in cybersecurity will not replace humans but will create new roles: cyber‑avatar operators, model trainers, AI‑agent designers, and knowledge engineers. Cybersecurity management, the bank says, will continue to rely on people, processes, technologies, and data—yet AI will be embedded in each.

In March 2025, Kaspersky Lab and Sber signed a cooperation agreement to co‑develop multi‑agent systems for protecting citizens, businesses, and government entities from escalating cyberthreats. Their work uses Sber’s prototype built on GenAI to automate infrastructure‑security assessments.

By September 2025, the companies announced that multi‑agent AI functionality was being applied to automated vulnerability discovery and management, with commercial rollout slated for 2026. These efforts show that Russia is moving in parallel with international trends, albeit with its own technological focus.

Toward a New Industry Standard

The deployment of a multi‑agent AI system in a major financial institution sets a strong precedent for the market and regulators. It reflects a shift toward proactive cybersecurity grounded in simulated attack environments. This is particularly important for technological sovereignty, as it reduces reliance on foreign vendors in critical sectors.

Within the next two to three years, widespread adoption across Sber’s business lines is expected, alongside similar deployments by other major financial organizations. Russia is likely to establish an industry standard for AI‑driven cybersecurity—and potentially offer these solutions internationally.