Government of India warns of AI-driven cyberattacks, issues advisory for MSMEs

New Delhi, 27 April: The Indian Computer Emergency Response Team (CERT-In) has issued a critical advisory highlighting the rapid escalation of AI-driven cyberattacks. According to the national cybersecurity agency, evolving artificial intelligence systems are no longer just tools for efficiency but are being weaponized to automate complex hacks, discover software vulnerabilities, and launch large-scale phishing campaigns with unprecedented speed.

The Evolution of the Threat

The advisory warns that AI is “democratizing” cybercrime by lowering the technical barrier for attackers. Key emerging risks include:

• Automated Vulnerability Scanning: AI tools can now scan enterprise networks, APIs, and cloud platforms to detect “zero-day” vulnerabilities and automatically generate exploit code.

• Hyper-Realistic Phishing: Using Natural Language Processing (NLP), attackers create highly convincing, multilingual messages and deepfake audio/video to impersonate executives and deceive users.

• Credential Harvesting: Automated systems can coordinate multi-stage attacks to compromise, expand, and control entire networks simultaneously.

Recommendations for Organizations & MSMEs

For small and medium enterprises (MSMEs), which often lack robust dedicated security teams, the advisory stresses a “Zero Trust” architecture:

1. Strict Authentication: Enforce Multi-Factor Authentication (MFA) across all entry points.

2. Rapid Patching: Accelerate the patching of internet-facing systems to close windows of opportunity for AI scanners.

3. Network Segmentation: Limit lateral movement by segmenting internal networks and restricting access based on necessity.

4. Employee Vigilance: Train staff specifically to identify AI-generated content and deepfake scams.

Guidance for Individuals

Individuals are encouraged to adopt “cyber hygiene” practices to protect against automated identity theft:

• Verify Communications: Always use a secondary channel to verify urgent requests for sensitive information or funds, especially if they involve “deepfake” voices or videos.

• Strong Passwords: Use unique, complex passwords for every account.

• Automatic Updates: Enable auto-updates on all personal devices to ensure you have the latest security definitions.

While AI is being used offensively, it is also a powerful defensive tool. Organizations are encouraged to invest in AI-powered threat detection systems that can identify anomalies in milliseconds—often the only way to keep pace with automated attackers.