The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity advisory warning that frontier AI systems are rapidly increasing cyber capability maturity and could make it easier to discover vulnerabilities, chain attacks, automate reconnaissance, and launch highly convincing phishing campaigns at scale. In Advisory CIAD-2026-0020, titled Defending Against Frontier AI Driven Cyber Risks, CERT-In said the latest AI models could lower the barrier for malicious actors and compress attack timelines from weeks to hours.
CERT-In’s advisory, released on April 26, 2026, highlights a broad set of emerging risks, including large-scale software analysis, proof-of-concept exploit generation, automated reconnaissance across APIs and cloud services, credential harvesting, adaptive exploitation workflows, and AI-generated impersonation attacks. The agency said these capabilities are likely to mature further and that both enterprise systems and individual users now face a more automated, low-cost, and scalable threat environment.
Automated Reconnaissance and Multi-Stage Attack Risks
According to CERT-In, frontier AI tools may be able to analyse large codebases for known and zero-day vulnerabilities, rapidly generate exploit proofs, and orchestrate multi-stage attacks that include privilege escalation and lateral movement planning. The advisory says these systems can also automate reconnaissance against internet-facing infrastructure, cloud workloads, APIs, and enterprise attack surfaces, making them attractive to cybercriminals seeking to scale their campaigns.
The risk assessment in the advisory specifically points to automated, multi-stage reconnaissance, vulnerability exploitation, credential compromise, and social-engineering attacks targeting inadequately secured systems, services, and individuals. CERT-In also warns that the impact could include unauthorised access, service disruption, data exfiltration, identity compromise, financial fraud, impersonation, and persistent compromise of operational environments.
CERT-In’s Guidance for Organisations
For organisations, CERT-In has urged heightened vigilance, stronger monitoring, and faster response to newly disclosed vulnerabilities. The advisory recommends reducing internet-exposed attack surfaces, enabling DDoS protection, subscribing to CERT-In threat intelligence feeds, and treating every newly disclosed critical vulnerability as potentially exploitable within hours rather than weeks.
CERT-In also recommends a Zero Trust approach, including MFA across internet-facing assets and cloud consoles, Geo/IP allow-listing, least-privilege access, hardware-based identity, and advanced micro-segmentation. It further advises organisations to sharpen patch-management timelines, aim to apply critical patches within 24 hours where possible, and maintain a current inventory of IT assets, software dependencies, and BOM tracking across software, hardware, AI, quantum computing, and cryptography requirements.
Cyber Hygiene, Readiness, and Response Planning
Beyond infrastructure controls, the advisory stresses cyber hygiene, workforce training, and incident-response preparedness. CERT-In has asked organisations to conduct regular phishing awareness exercises, train teams to recognise AI-augmented attack patterns, run AI-red-team simulations, and review Incident Response and Cyber Crisis Management plans for rapid containment scenarios.
The advisory also reiterates that organisations must preserve logs under CERT-In Directions 2022 and report suspicious activity with relevant logs to CERT-In. For MSMEs, CERT-In recommends cost-effective controls such as automatic patching, MFA, managed security services, email filtering, encrypted data handling, and regular backup restoration tests. For individuals, the advisory calls for strong passwords, MFA, caution around deepfakes and phishing, verified downloads, secure Wi-Fi usage, and continuous awareness of emerging AI-enabled threats.
