The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity advisory cautioning that advanced AI systems are rapidly developing cyberattack capabilities once limited to highly skilled human hackers.
The advisory, dated April 26, 2026, highlights a sharp rise in the cyber capability maturity of emerging AI models. As per the advisory, these systems can now independently identify vulnerabilities in widely used software, analyze source code, plan and execute multi-stage attacks, and even simulate breaches of enterprise networks.
The warning points to an entire class of AI systems that could accelerate nearly every phase of cyber offense. The advisory is issued the leadership of Dr. Sanjay Bahl, DG, CERT-In and it emphasized that such capabilities can now operate at a speed and scale that previously required teams of experts, making automation the core concern.
The advisory informs that these systems may scan large codebases for both known and zero-day vulnerabilities, accelerate exploit development, and automate reconnaissance across cloud platforms, APIs, and enterprise networks. They can also assist in credential theft, attack-path mapping, and coordinated multi-stage intrusions.
A key concern is the rise of AI-driven phishing and impersonation, including highly convincing multilingual social engineering. This lowers the barrier for targeting not just enterprises, but also individuals. The advisory further warns that vulnerabilities could now be weaponized within hours of disclosure, drastically shrinking the response window for defenders.
The agency warns of risks that include automated reconnaissance, credential compromise, service disruption, data theft, financial fraud, impersonation, and cascading failures across interconnected systems. The concern extends beyond breached networks to compromised identities, operational disruptions, and fragile digital ecosystems.
That language matters because it frames frontier AI as a systemic risk rather than a narrow cybersecurity niche. The warning is not only about breached networks. It is also about fraudulent identities, compromised financial systems, deepfake-enabled deception, operational paralysis and the fragility of connected digital ecosystems.
CERT-In appears to be drawing a line between two eras of cyber defense. In the older one, many attacks were still constrained by attacker bandwidth, technical competence and labor. In the newer one, AI may begin to dissolve those constraints. A less skilled actor may gain access to tools that make complex attack chains easier to identify and execute. A sophisticated actor may become dramatically faster.
The advisory acknowledges the dual-use nature of the technology. It notes that such systems hold promise for defensive applications. But it argues that the same capabilities could lower the barrier to entry for malicious cyber actors, accelerate attack execution, automate exploitation workflows and scale campaigns in ways that make existing defensive assumptions obsolete.
CERT-In has issued preventive measures for MSMEs. It said, "Since they have limited resources, MSMEs should use security measures that are affordable but still strong enough to protect their business."
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
