New Delhi, May 27 India’s cyber security agency CERT-In has cautioned that the rapid rise of artificial intelligence is fundamentally transforming the global cybersecurity environment, enabling cybercriminals to carry out faster, more complex and highly adaptive attacks.
In its latest cybersecurity blueprint, CERT-In said advanced technologies such as generative AI, large language models (LLMs), autonomous agents and AI-powered automation platforms are increasingly being leveraged by threat actors to strengthen cyber operations.
According to the agency, attackers are using AI tools to accelerate reconnaissance, automate vulnerability discovery, design highly targeted phishing campaigns and create adaptive malware capable of bypassing conventional security defences.
CERT-In noted that AI-enabled cyber exploitation has substantially reduced the time required to identify weaknesses across digital ecosystems, including exposed services, insecure APIs and compromised digital identities.
“As organisations become increasingly dependent on interconnected digital infrastructure, cloud ecosystems, software supply chains, operational technologies, and AI-enabled platforms, the potential impact of AI-enabled cyber threats continues to increase across sectors,” the agency stated in its blueprint.
Need for Adaptive Cybersecurity Frameworks
The agency stressed that traditional perimeter-based cybersecurity strategies are no longer adequate to counter the evolving threat landscape and called for a shift toward adaptive and resilience-focused security models.
CERT-In advised organisations to conduct regular system scans, maintain continuous monitoring of internet-facing assets, review cloud and API environments and ensure identified vulnerabilities are comprehensively patched.
It also recommended that organisations prioritise vulnerabilities based on severity, exploitability and potential impact, particularly when critical infrastructure or public-facing systems are involved.
To strengthen cyber defence preparedness, the agency proposed defined timelines for remediation. Critical vulnerabilities affecting key or internet-facing systems should ideally be patched within 12 hours, while other high-risk vulnerabilities should be resolved within one to five days depending on their risk profile.
Where patches are not immediately available, CERT-In advised organisations to isolate affected systems, restrict access and enhance monitoring mechanisms to minimise exposure.
Focus on Software and Supply Chain Security
The cybersecurity watchdog also flagged growing risks emerging from software and digital supply chains.
To improve transparency and strengthen security assurance, CERT-In recommended adopting frameworks such as Software Bill of Materials (SBOM), AI Bill of Materials (AIBOM), Quantum Bill of Materials (QBOM) and Cryptographic Bill of Materials (CBOM).
According to the agency, these frameworks can help organisations map software dependencies, verify trusted technology sources and reduce risks associated with third-party software components and AI-driven tools.
