Government issues advisory against AI-driven cyber attacks for MSMEs, organisations and individuals
Last Updated: 2026-04-29 15:07:50
India’s cybersecurity agency Indian Computer Emergency Response Team has released a high-severity advisory on the risks posed by artificial intelligence in cyberattacks. The agency said evolving AI systems are enabling attackers to automate complex operations, identify vulnerabilities, and execute attacks at a scale and speed not seen earlier.
What the advisory highlights
Latest and Popular Mobiles
According to CERT-In, advanced AI tools can scan large software systems to detect known and zero-day vulnerabilities and generate exploit methods. These systems can also automate reconnaissance across internet-facing infrastructure, including APIs, cloud platforms, and enterprise networks.
The advisory highlights the rise of AI-driven phishing and impersonation attacks. Attackers can generate realistic messages, including multilingual content, to deceive users. It also warns about automated credential harvesting and multi-stage attacks, where systems can be compromised, expanded, and controlled in a coordinated manner.
Related Articles
Risk and impact
CERT-In said AI is lowering the barrier for cybercriminals, making it easier to launch sophisticated attacks. Risks include rapid exploitation of vulnerabilities, large-scale social engineering campaigns, and credential compromise.
Potential impacts include unauthorised access, service disruption, data breaches, identity theft, and financial fraud. The agency also warned of cascading effects, where interconnected systems could be affected by a single breach.
Recommendations for organisations
Organisations have been advised to strengthen monitoring, reduce exposed systems, and adopt a Zero Trust approach. CERT-In recommends enforcing multi-factor authentication, segmenting networks, and limiting access based on necessity.
The advisory stresses faster patching, especially for internet-facing systems, and encourages automation in vulnerability management. Organisations are also asked to train employees to identify AI-driven threats and conduct regular security exercises.
Guidance for MSMEs and individuals
For MSMEs, CERT-In suggests enabling automatic updates, using managed security services, and maintaining secure backups. Businesses should avoid unverified AI tools and monitor systems for unusual activity.
Individuals are advised to use strong passwords, enable multi-factor authentication, and remain cautious of suspicious messages and links. CERT-In also highlighted risks from deepfake scams and urged users to verify communications before sharing sensitive information.
CERT-In said AI has both defensive and offensive potential, but its misuse is accelerating cyber risks. The advisory underscores the need for continuous vigilance and updated security practices as AI-driven threats evolve.