India’s top cybersecurity agency has sounded a high-severity alert, warning businesses to prepare for a new wave of AI-powered cyberattacks.
The Indian Computer Emergency Response Team has urged organisations and MSMEs to tighten security frameworks as advanced AI systems significantly increase the scale, speed and sophistication of cyber threats.
According to CERT-In, next-generation AI tools such as Claude Mythos developed by Anthropic, along with emerging models like GPT-5.4 Cyber, are making it easier for malicious actors to launch attacks.
These systems can autonomously identify vulnerabilities, generate exploits and execute multi-stage attacks with minimal human intervention.
CERT-In noted that such capabilities drastically reduce the cost and expertise required for cybercrime, enabling even low-skilled actors to mount complex operations.
The advisory highlights a wide range of potential threats:
Unauthorised system access and data breaches
Service disruptions and operational downtime
Financial fraud and identity theft
Data exfiltration and impersonation
Persistent compromise of networks and interconnected systems
The agency warned that organisations lacking robust cyber preparedness could face cascading risks across digital infrastructure.
Global concerns have intensified around Anthropic’s Mythos, an advanced AI model with strong cybersecurity and code-analysis capabilities. Due to potential risks, the model has not been fully released publicly.
Instead, Anthropic has launched a limited-access initiative to test vulnerabilities in controlled environments.
In India, the issue has already reached the highest levels, with Nirmala Sitharaman chairing discussions on potential risks to the banking system. The government is also engaging with AI firms to safeguard critical infrastructure.
CERT-In outlined key capabilities of frontier AI models:
Analyse large codebases to detect known and zero-day vulnerabilities
Accelerate exploit development
Conduct automated reconnaissance of networks and cloud systems
Enable credential theft and privilege escalation
Generate highly convincing phishing campaigns and deepfakes
Execute adaptive, multi-stage cyberattacks
Such tools could disproportionately impact MSMEs, which often lack advanced cybersecurity resources.
CERT-In has recommended urgent measures:
Increase threat detection and log monitoring frequency
Configure systems to flag unusual activity patterns
Enforce multi-factor authentication across all internet-facing systems
Patch critical vulnerabilities within 24 hours
Treat legacy VPNs and outdated software as high-risk
Maintain logs as per regulatory norms and report incidents quickly
Regularly update operating systems and applications
Use strong multi-factor authentication
Avoid deploying unverified AI tools
Conduct employee cybersecurity awareness training
Use strong passwords and secure Wi-Fi networks
Verify urgent financial or sensitive requests before acting
Avoid downloads from untrusted sources
Stay alert to AI-generated phishing, fake websites and deepfakes
CERT-In emphasised that while AI can strengthen cybersecurity, its dual-use nature requires constant vigilance. The advisory aims to bolster cyber resilience as India’s digital economy continues to expand rapidly.