NEW DELHI — India’s cybersecurity agency has warned that artificial intelligence is rapidly reshaping the global threat landscape, with cybercriminals increasingly using advanced AI tools to carry out faster and more sophisticated attacks.
In its latest cybersecurity blueprint, CERT-In said generative AI, large language models, autonomous agents and AI-powered automation platforms are being used by attackers to speed up reconnaissance, automate vulnerability detection, create targeted phishing campaigns and develop adaptive malware that can evade traditional security systems.
The agency said AI-enabled cyber exploitation has sharply reduced the time attackers need to identify weaknesses in digital infrastructure, including exposed services, insecure APIs and weak digital identities.
“As organisations become increasingly dependent on interconnected digital infrastructure, cloud ecosystems, software supply chains, operational technologies, and AI-enabled platforms, the potential impact of AI-enabled cyber threats continues to increase across sectors,” the blueprint stated.
CERT-In cautioned that traditional perimeter-based cybersecurity strategies are no longer enough in the current threat environment. It urged organizations to adopt more adaptive, resilience-focused security frameworks.
The agency advised companies to regularly scan systems, continuously monitor internet-facing assets, review cloud and API environments and ensure vulnerabilities are fully patched after they are detected.
It also recommended that organizations prioritize risks based on severity and exploitability, particularly when vulnerabilities affect critical infrastructure or publicly accessible systems.
CERT-In proposed strict timelines for addressing security flaws. Critical vulnerabilities affecting important or internet-facing systems should ideally be patched within 12 hours, while other high-risk vulnerabilities should be fixed within one to five days, depending on the level of risk.
When patches are not available, the agency said organizations should temporarily isolate affected systems, restrict access and strengthen monitoring to reduce the risk of compromise.
CERT-In also raised concerns about software and digital supply chain vulnerabilities.
To improve transparency and security, the agency recommended frameworks such as Software Bill of Materials, AI Bill of Materials, Quantum Bill of Materials and Cryptographic Bill of Materials.
The blueprint said those frameworks can help organizations identify software dependencies, verify trusted sources and reduce risks linked to third-party technologies and AI-based tools. (Source: IANS)
