India's cybersecurity watchdog, CERT-In, recently raised alarms about the rapid rise of AI-powered cyber threats, which are transforming the cybersecurity landscape globally. The agency's latest cybersecurity blueprint reveals that cybercriminals are increasingly utilizing advanced artificial intelligence tools to execute more sophisticated and rapid attacks. These technologies, including generative AI and large language models, are being exploited to automate tasks such as reconnaissance, vulnerability detection, and the creation of targeted phishing campaigns.
The report underscores that AI-enabled cyber exploitation has substantially reduced the time attackers need to identify vulnerabilities within digital infrastructures. CERT-In noted that as organizations become more reliant on interconnected systems, cloud ecosystems, and AI-enabled platforms, the risks associated with such threats continue to escalate. The agency emphasized that traditional perimeter-based security measures are inadequate in this evolving threat environment, calling for a shift towards more adaptive and resilient security frameworks.
- AI tools exploited for cyber attacks — increasing sophistication of cybercriminal tactics.
- Need for adaptive security measures — organizations must shift focus to resilience.
- Timely vulnerability management — critical flaws should be patched within 12 hours.
CERT-In has recommended that organizations prioritize security risks based on their impact and exploitability, particularly those affecting critical infrastructure. The agency advocates for regular system scans, continuous monitoring of internet-facing assets, and thorough reviews of cloud and API environments to ensure vulnerabilities are addressed promptly. Its guidelines suggest that critical vulnerabilities should ideally be patched within a 12-hour timeframe, while other high-risk issues should be resolved within one to five days, depending on their severity.
Moreover, in scenarios where patches are not immediately available, CERT-In advises organizations to isolate affected systems and enhance monitoring to mitigate the risk of compromise. The agency also highlighted growing concerns surrounding software and digital supply chain vulnerabilities. To bolster transparency and security, it proposed frameworks like Software Bill of Materials (SBOM) and AI Bill of Materials (AIBOM), which can help organizations identify software dependencies and verify trusted sources.
