Government of India warns on Frontier AI Driven Cyber Risks | Claude Mythos
This advisory details the escalating threat posed by frontier AI models capable of autonomous cyber attacks, including vulnerability discovery, exploit development, and multi-stage attack orchestration, while providing comprehensive defense strategies for organizations, MSMEs, and individuals.
New Delhi, India
Recent advancements in frontier Artificial Intelligence (AI) have significantly increased cyber capabilities. CERT-In has highlighted key risks related to AI which includes:
- Autonomous discovery of zero-day vulnerabilities
- AI-generated phishing, impersonation & deepfakes
- Automated multi-stage attack execution
- Rapid exploit development & weaponization
- Large-scale reconnaissance across cloud & APIs
- The Impact is Faster, scalable, low-cost cyberattacks targeting enterprises and individuals alike
On Flip Side, institutions also use AI for defensive purpose which includes autonomous discovery of software vulnerabilities, source code analysis, and the chaining of multi-stage attacks.
How to Mitigate?
To mitigate these risks, the advisory mandates a multi-layered defense approach: for organizations, this includes heightened monitoring, Zero Trust Network Architecture (ZTNA), accelerated patch management, and robust cyber hygiene.
Small and medium enterprises (MSMEs) are encouraged to use managed services and MFA, while individuals are urged to maintain basic security practices and remain vigilant against AI-enabled phishing, deepfakes, and social engineering. The advisory emphasizes that these dual-use technologies require proactive defensive measures and strong adherence to established security protocols to maintain organizational resilience against automated, AI-driven campaigns.
1. Importance of real time patching
Claude Cyber use case allows users to create exploits based on CVEs. A lot of security researchers and hackers may use this feature to automate vulnerability discovery across the internet and leverage technology to scale up their operations. Hence one utmost important is urgent application of new patches.
2. Upgrading the Scope of Pentest : AI Assisted Penetration testing & Audit
Ai assisted penetration testing on public facing assets and application helps organizations
cater the risk before it is exploited. Vendors may be asked to perform assessments using all possible AI tools available in the market, esp. for Application security and Code Audits. Integration of AI into Burp suite testing must be made mandatory - it is humanly impossible to read through each request and response in any application.
3. Investment in Local Setups
CISO team may invest in setting up a local research team and purchase GPUs - try offline models to automate processes using AI; keeping in mind AI vulnerabilities.
Evolution of AI will keep CISOs and Cyber Warriors on toes for next 5 years till the AI matures.
********