{"id":206213,"date":"2026-04-27T03:44:00","date_gmt":"2026-04-27T07:44:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/04\/27\/cert-in-outlines-safeguards-for-indian-orgs-msmes-amid-mythos-ai-cybersecurity-risk-concerns-technology-news\/"},"modified":"2026-04-27T04:45:13","modified_gmt":"2026-04-27T08:45:13","slug":"cert-in-outlines-safeguards-for-indian-orgs-msmes-amid-mythos-ai-cybersecurity-risk-concerns-technology-news","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/04\/27\/cert-in-outlines-safeguards-for-indian-orgs-msmes-amid-mythos-ai-cybersecurity-risk-concerns-technology-news\/","title":{"rendered":"CERT-In outlines safeguards for Indian orgs, MSMEs amid Mythos AI cybersecurity risk concerns | Technology News"},"content":{"rendered":"<p><a href=\"https:\/\/indianexpress.com\/article\/technology\/artificial-intelligence\/cert-in-safeguards-msmes-mythos-ai-cybersecurity-risk-10657982\/\">CERT-In outlines safeguards for Indian orgs, MSMEs amid Mythos AI cybersecurity risk concerns | Technology News<\/a><\/p>\n<p><a href=\"https:\/\/indianexpress.com\/article\/technology\/artificial-intelligence\/cert-in-safeguards-msmes-mythos-ai-cybersecurity-risk-10657982\/\">https:\/\/indianexpress.com\/article\/technology\/artificial-intelligence\/cert-in-safeguards-msmes-mythos-ai-cybersecurity-risk-10657982\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-04-27 03:44:00<\/a><\/p>\n<p>Source Domain: <a href=\"indianexpress.com\">indianexpress.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. India\u2019s nodal cybersecurity agency has sounded the alarm on escalating cybersecurity threats driven by recent developments in frontier AI models, urging organisations and MSMEs to step up defenses through stronger threat detection, continuous monitoring, vulnerability disclosures, and rigorous log preservation, among others.The maturing cyber capabilities of frontier AI systems gives them the ability to autonomously discover security vulnerabilities in widely used software, analyse source code, and plan and chain together multi-stage attacks to compromise enterprise networks end-to-end, the Indian Computer Emergency Response Team (CERT-In) said in a new advisory titled \u2018Defending Against Frontier AI Driven Cyber Risks\u2019 issued on Sunday, April 26.<br \/>\nBased on its risk assessment, CERT-In said that AI could potentially enable fast, low-cost, and automated attacks that could aid threat actors in exploiting vulnerabilities, siphoning credentials, and carrying out targeted social engineering attacks against poorly secured systems and users. This may further result in service disruption, data exfiltration, identity compromise, financial fraud, impersonation, etc., according to the agency under the aegis of the IT Ministry.<br \/>\n\u201cThese activities can be performed at a speed and scale that previously required teams of skilled human experts,\u201d CERT-In said. \u201cKeeping pace with frontier AI-driven cyber developments is critical for maintaining cyber resilience. Baseline cybersecurity controls remain critical and should be rigorously enforced,\u201d it added.<br \/>\nThe advisory from CERT-In comes amid growing concern over advanced AI capabilities, with Anthropic\u2019s new AI model \u2018Mythos\u2019 \u2013 considered too risky to be released widely to the public \u2013 serving as a wake-up call of sorts for regulators in India and globally. Last week, Finance Minister Nirmala Sitharaman chaired a high-level meeting over concerns that Mythos could pose significant risks to India\u2019s banking sector. The government is also in conversation with Anthropic\u2019s senior leadership in the US on the issue, The Indian Express reported earlier.<br \/>\nPotential risks identified by CERT-In<br \/>\nAcknowledging the potential application of cybersecurity-focused AI systems in the defence sector, CERT-In said that their duality poses heightened risks to organisations by lowering the entry barrier for malicious actors. It highlighted the following cyber capabilities to watch out for in emerging frontier AI models:<br \/>\n\u2013 Large-scale software analysis for identification of known and zero-day vulnerabilities across extensive codebases.Story continues below this ad<br \/>\n\u2013 Accelerated exploit development, including proof-of-concept generation for newly disclosed vulnerabilities.<br \/>\n\u2013 Automated reconnaissance against internet-facing infrastructure, APIs, cloud services and enterprise attack surfaces.<br \/>\n\u2013 Credential harvesting and attack-path discovery through automated enumeration.<br \/>\n\u2013 AI-generated phishing and impersonation attacks, including highly convincing multilingual social engineering content.<br \/>\n\u2013 Autonomous multi-stage attack orchestration, including privilege escalation and lateral movement planning.<br \/>\n\u2013 Rapid weaponisation of vulnerabilities and adaptive exploitation workflows.Story continues below this ad<br \/>\nOrg-level recommendations by CERT-In<br \/>\nIn light of the cybersecurity risks posed by frontier AI models, CERT-In recommended that organisations should increase the frequency of monitoring, threat detection and review of system logs by their security operations teams. Security monitoring tools should be adjusted to look for unusual activity (such as abnormal patterns of access requests and unfamiliar scripts or commands running on systems) that may indicate an AI-driven attack, the agency said.<br \/>\nOther recommended measures include enabling DDoS protection and enforcing Multi-Factor Authentication (MFA) for all internet-facing assets. \u201cTreat every newly disclosed critical vulnerability in widely deployed software as something that could be exploited within hours, not weeks,\u201d CERT-In said.<br \/>\nIt also highlighted older VPN applications as potential entry points for hackers as such legacy remote-access systems are \u201cparticularly attractive to automated tools.\u201d<\/p>\n<p>Organisations should also look to apply critical patches within 24 hours of their release by adopting automated, risk-based patching along with continuous monitoring of systems across software, systems, and supply chains. \u201cIf any suspicious activity is found, preserve all logs as per CERT-In Directions 2022, take containment measures and report with all relevant logs to CERT-In,\u201d the cybersecurity watchdog said.Story continues below this ad<br \/>\nFor MSMEs, CERT-In recommended more cost-effective measures such as downloading security updates for operating systems, browsers, and applications, enforcing MFA, avoiding unverified AI tools in production environments, and conducting regular cybersecurity training programmes for employees, and more.<br \/>\nHow individual users can stay safe<br \/>\nIn order to protect personal devices, accounts, and user data from AI-driven attacks, CERT-In recommended the following steps:<br \/>\n\u2013 Avoid downloading apps or files from unverified sources.\u2013 Use strong and unique passwords for all online accounts.\u2013 Verify the authenticity of voice calls, video messages, and urgent requests, particularly those involving financial transactions or sensitive information, as AI-generated deepfakes and impersonation attempts may be highly convincing.\u2013 Be cautious of AI-generated phishing content, fake websites and social engineering attempts designed to mimic trusted individuals, organisations or services.\u2013 Use a strong Wi Fi password and WPA3 encryption if available.\u2013 Avoid public Wi Fi for sensitive transactions; use a VPN when necessary.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CERT-In outlines safeguards for Indian orgs, MSMEs amid Mythos AI cybersecurity risk concerns | Technology&#8230;<\/p>\n","protected":false},"author":1,"featured_media":206214,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.indianexpress.com\/2026\/04\/Tech-featured-image205.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24,31,25,27],"class_list":["post-206213","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity","tag-exploit","tag-phishing","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/206213"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=206213"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/206213\/revisions"}],"predecessor-version":[{"id":206215,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/206213\/revisions\/206215"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/206214"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=206213"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=206213"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=206213"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}