Amid rapid advances in artificial intelligence, CERT-In has issued a high-severity advisory warning that newer “frontier” AI systems are significantly boosting cyberattack capabilities. These systems can identify vulnerabilities, generate exploits and carry out multi-stage attacks with minimal human effort, making threats faster, scalable and harder to detect.
The advisory highlights a new class of tools known as frontier agentic AI models. Unlike earlier systems, these models can plan tasks, take actions and complete complex workflows independently. Examples include GPT-5.5 and systems like Anthropic’s Mythos, which demonstrate advanced autonomous behaviour.
Mythos recently identified 271 previously unknown vulnerabilities in Mozilla Firefox, uncovering issues that had gone unnoticed for years. Unlike traditional tools, it interacts with code, tests inputs and learns continuously, allowing it to detect deeper flaws and confirm whether they can be exploited. These capabilities are being developed under Project Glasswing and are currently limited to select companies in controlled environments.
CERT-In noted that such tools have a dual-use nature. While they help organisations identify and fix security gaps, they can also be misused by attackers to exploit the same weaknesses.
The agency said AI models can now perform tasks that earlier required skilled professionals. These include scanning large codebases, conducting automated system reconnaissance and creating phishing or impersonation content. They can also execute complex attacks involving credential harvesting, privilege escalation and lateral movement across networks at an unprecedented speed and scale.
For everyday users, the risks are growing. AI tools can generate highly convincing phishing emails, fake websites and impersonation attempts. Deepfake voice and video content can also be used to trick users into sharing sensitive information or making urgent financial decisions.
The advisory outlines potential impacts such as unauthorised account access, identity theft, financial fraud, data breaches and service disruptions. It also warns that lower costs and higher automation could increase the frequency of such attacks.
CERT-In has advised users to follow strong cyber hygiene practices. This includes keeping devices and applications updated, using strong and unique passwords, enabling multi-factor authentication and avoiding unverified downloads. Users should remain cautious of unsolicited messages, verify calls and links carefully, and avoid sharing sensitive information through unknown sources.
The agency also recommends using secure Wi-Fi with WPA3 encryption, avoiding public networks for sensitive activities or using a VPN, regularly backing up data and reviewing privacy settings. Staying informed about emerging AI threats is also important.
CERT-In emphasised that both individuals and organisations must adapt to this evolving threat landscape, as AI continues to expand the scope and speed of cyber risks.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
