India’s cyber security agency, CERT-In, has issued a warning about the increasing use of artificial intelligence by cybercriminals. The agency highlighted that technologies like generative AI and AI-powered automation platforms are being exploited to launch more sophisticated cyber attacks. These advanced AI tools are enabling attackers to speed up reconnaissance, automate vulnerability detection, and develop adaptive malware that can bypass traditional security measures.
The cybersecurity blueprint by CERT-In emphasized that AI-enabled cyber exploitation has significantly reduced the time taken by attackers to identify weaknesses in digital infrastructure. This includes vulnerabilities in services, APIs, and digital identities. As organizations rely more on interconnected digital systems, cloud services, and AI platforms, the risks posed by AI-driven cyber threats are escalating across various sectors.
To combat these evolving threats, CERT-In recommended organizations to move away from traditional perimeter-based security approaches. Instead, they should adopt adaptive and resilience-focused security frameworks. The agency advised companies to conduct regular system scans, monitor internet-facing assets continuously, and promptly patch vulnerabilities once detected.
In response to the growing concerns around software and digital supply chain vulnerabilities, CERT-In proposed the use of frameworks like Software Bill of Materials (SBOM) and AI Bill of Materials (AIBOM). These frameworks aim to enhance transparency, identify software dependencies, and mitigate risks associated with third-party technologies and AI tools.
