Synopsis
CERT-In has issued a high-severity warning about AI-driven cyber threats, noting that new tools make attacks faster, cheaper, and easier. Advanced AI can independently find vulnerabilities and execute complex attacks with minimal human intervention.Listen to this article in summarized format
In its latest advisory titled ‘Defending Against Frontier AI Driven Cyber Risks’, released on April 26, CERT-In said advanced AI systems can independently identify vulnerabilities in widely used software and analyse large volumes of source code.
It added that these tools are capable of executing complex, multi-stage cyberattacks with minimal human intervention. The agency said attackers can combine multiple exploits to break into entire enterprise networks.
The development follows a high-level meeting chaired by Finance Minister Nirmala Sitharaman on Thursday, with commercial banks and other key stakeholders to assess potential cybersecurity risks linked to AI. The government is now stepping up engagement with AI firm Anthropic and the US administration about Mythos to better understand the issue, the Finance minister told ET.
AI accelerating cyberattacks
The agency highlighted that the speed and automation offered by AI are lowering the barrier for cybercriminals. Even less skilled actors can now launch sophisticated attacks. These include credential theft, privilege escalation and movement across systems. In some cases, vulnerabilities can be identified and exploited within hours, it said.
CERT-In also flagged the rise of phishing and impersonation attempts, driven by AI-generated content across languages.
What organisations need to do?
To reduce risk, the agency has asked organisations to closely monitor systems and watch for unusual or rapid activity.
CERT-In has also stressed stronger access controls. It has advised adopting a Zero Trust approach, where every access request is treated as unverified. Multi-factor authentication should be used across critical systems, along with strict access limits, it suggested.
The advisory also emphasised the need for faster patch management, recommending that critical vulnerabilities especially in internet-facing systems be addressed within 24 hours.
Alongside this, CERT-In has emphasised employee awareness. It has asked organisations to train staff to identify AI-driven phishing and scams. Regular cyber drills and updated response plans are also essential, the agency said.
