Outlook Business Desk
CERT-In, (Indian Computer Emergency Response Team), has raised a high-severity alert over the increasing use of artificial intelligence in cyberattacks, warning that new tools are enabling faster, cheaper and more efficient hacking across systems and networks.
In its April 26 advisory titled Defending Against Frontier AI Driven Cyber Risks, CERT-In said advanced AI systems can independently detect weaknesses in widely used software and analyse large volumes of source code to identify potential attack points.
The advisory said AI tools can automate vulnerability detection, speed up exploit development and scan systems, allowing attackers to quickly find entry points and launch targeted cyberattacks with less effort and time.
CERT-In highlighted that the AI tools can execute multi-stage cyberattacks with minimal human input and combine multiple exploits to breach enterprise networks, increasing the scale and impact of cyber incidents across organisations.
The development follows a high-level meeting chaired by Nirmala Sitharaman with banks and stakeholders, where she said the government is engaging with Anthropic and US authorities to assess emerging AI-driven risks.
CERT-In noted AI-driven automation is lowering entry barriers for cybercriminals, allowing even less skilled actors to launch attacks such as credential theft, privilege escalation and lateral movement within hours of identifying vulnerabilities.
The agency also flagged a rise in phishing and impersonation attempts driven by AI-generated content across languages, making fraudulent emails, messages and identities more convincing and harder to detect for organisations and individuals.
CERT-In has asked organisations to monitor systems for unusual activity, adopt a Zero Trust approach, strengthen access controls and implement multi-factor authentication, while ensuring critical vulnerabilities are patched within 24 hours and conducting regular cyber drills.
The agency has urged MSMEs to strengthen threat detection, maintain system logs, track IT assets and review third-party software risks, while individuals must verify suspicious messages, links and calls and stay alert to deepfake-enabled fraud.