AI-driven cyber attacks pose new risks, warns Indian cybersecurity agency
What's the story
India's national cybersecurity agency, the Indian Computer Emergency Response Team (CERT-In), has issued a warning about the growing threat of artificial intelligence (AI)-driven cyber attacks. The advisory highlights how advancements in AI are enabling attackers to automate complex cyber operations, quickly exploit vulnerabilities, and scale attacks across systems and users. It was published on April 26, under the title "Defending Against Frontier AI Driven Cyber Risks."
Automation risk
AI systems can analyze software code to detect vulnerabilities
The CERT-In advisory highlights that emerging AI systems can analyze large volumes of software code to detect known and zero-day vulnerabilities. These systems can also create proof-of-concept exploits, enabling attackers to weaponize vulnerabilities shortly after disclosure. The warning further states that AI can automate reconnaissance across internet-facing infrastructure, including APIs, cloud services, and enterprise systems.
Attack orchestration
AI can orchestrate multi-stage attacks
The advisory also highlights the risk of AI-generated phishing and impersonation. Attackers can now create highly convincing multilingual emails, messages, and even voice or video-based scams to trick users into sharing sensitive information or granting access. The warning also notes that AI systems can orchestrate multi-stage attacks by planning lateral movement within networks, escalating privileges, and adapting attack strategies in real time.
Cybercrime accessibility
Impact of AI on cybercrime
CERT-In has warned that AI is lowering the barrier to entry for cybercriminals, allowing even less-skilled actors to launch sophisticated attacks. These include automated vulnerability exploitation, credential compromise, and large-scale social engineering campaigns. The potential impact of these attacks is wide-ranging, including unauthorized access to systems, disruption of services, data breaches identity theft financial fraud long-term compromise of operational environments.
Cybersecurity measures
CERT-In recommends measures to bolster cybersecurity
CERT-In has recommended a series of measures for organizations to bolster their cybersecurity. These include increasing monitoring of systems, logs, and network activity; reducing internet-exposed attack surfaces by disabling unnecessary services, ports, and protocols; and securing perimeter systems. The advisory also recommends adjusting monitoring tools to detect unusual patterns such as rapid scanning or abnormal access requests.
Security strategy
Advisory highlights importance of adopting Zero Trust approach
The advisory stresses the importance of adopting a Zero Trust approach, where every access request is treated as untrusted by default. Organizations are advised to enforce multi-factor authentication across critical systems, remote access gateways, and cloud environments while implementing least-privilege access controls. Network segmentation is also recommended to limit lateral movement after initial access and review legacy systems often targeted by attackers.
Patch management
On patch management
On patch management, CERT-In has urged organizations to reduce the time taken to apply updates. Critical vulnerabilities should be patched within 24 hours, particularly for internet-facing systems. The agency also recommends automating patching processes, maintaining an inventory of IT assets, and prioritizing fixes based on exposure and exploit likelihood. Organizations are also advised to regularly review open-source components and monitor cloud environments for misconfigurations.
Cyber hygiene
In terms of cyber hygiene
In terms of cyber hygiene, CERT-In recommends enforcing strong password policies, disabling unused services, maintaining secure offline backups, and deploying updated endpoint protection tools. Encryption of data at rest and in transit along with controlled outbound network access is also advised. The advisory further highlights the need for training and preparedness by conducting phishing simulations running red teaming exercises updating incident response plans to handle rapid large-scale attacks.