India’s cyber security agency has issued a high-risk warning about new and fast-growing cyber attacks powered by advanced Artificial Intelligence systems as Claude Mythos. The advisory issued by CERT-In says that new 'emerging AI' tools are becoming powerful enough to carry out complex cyber attacks with almost zero human effort.According to the government agency, these AI systems can automatically scan large amounts of software code to find weaknesses, including unknown or zero-day vulnerabilities. They can also create working attack methods, test them and even plan multi-step cyber attacks without much human input."Recent developments in frontier AI systems indicate a significant increase in cyber capability maturity. Reported capabilities
include the ability to autonomously discover security vulnerabilities in widely used software, analyse source code, plan and chain together multi stage attacks, and carry out simulations of compromising enterprise networks from end to end. These activities can be performed at a speed and scale that previously required teams of skilled human experts," CERT-In said in its advisory.What Is Claude Mythos?Claude Mythos is an experimental AI system developed by Anthropic to test how advanced AI can handle complex tasks like coding and cybersecurity. It is not a regular chatbot like ChatGPT or Gemini for public use, but a research model used in controlled environments. It can analyse software, find security flaws and even simulate cyber attacks with very little human input. This is why CERT-In and other agencies are concerned.
The advisory also warns that AI tools can carry out automated reconnaissance. This means they can scan websites, cloud systems, APIs, and internet-facing infrastructure to find entry points. Once inside, they can attempt to steal login credentials, map internal systems, and move across networks to gain deeper access.Another major concern is the rise of AI-generated phishing and impersonation attacks. These are no longer easy-to-spot scam emails. AI can now create highly convincing messages, voice calls, and even video content that can trick users into sharing sensitive information or transferring money.
RBI Flags Anthropic’s Mythos Menace: Are Banks at Risk? Experts Decode
CERT-In says these tools can make cyber attacks easier and cheaper to carry out. This means more criminals can launch attacks, increasing the risk for both businesses and individuals.According to the cybersecurity researchers, the impact can be serious. These attacks could lead to unauthorised access to systems, data theft, service disruptions, financial fraud, identity misuse and even long-term compromise of business operations. In connected systems, one breach could also affect multiple services.To deal with this growing risk, the government has asked organisations to stay alert and strengthen their cyber security practices. Companies are advised to monitor their systems more closely, look for unusual activity and reduce exposure by removing unnecessary internet-facing services.The advisory also stresses the importance of following a 'Zero Trust' approach. This means not trusting any user or system by default and giving only limited access based on need. Using multi-factor authentication, restricting access by location and dividing networks into smaller secure sections can help reduce risks.
Meet Claude Mythos, This AI Model Could Be Powerful Enough To Pose Major Cyber Security Risk
CERT-In has advised organisations to treat security patches as urgent and apply them quickly. Delays in updates can give attackers an easy opportunity.Basic cyber hygiene is equally important.This includes using strong passwords, disabling unused services, keeping backups, and using updated security software on all devices. "Monitoring network activity and restricting unknown connections can also help prevent attacks," the government agency said.
CERT-In has also issued the preventive measures for MSMEs"Since they have limited resources, MSMEs should use security measures that are affordable but still strong enough to protect their business," the organisation said. - Maintain updated operating systems, browsers and applications by applying security updates regularly. Turn on automatic updates for your operating system, browser, and every application that offers it.- Use managed security services for patching and monitoring.- Consider using multi-factor authentication (MA) to secure accounts.- Avoid unverified AI tools in production environments.- Remove or isolate unmaintained, old, or unused web applications and systems.- Encrypt data during transmission and storage to safeguard against unauthor-ized access.- Configure email filtering to block phishing attempts and malicious attach-ments effectively.- Regularly test backup restoration procedures to ensure data recovery remains reliable.- Continuously analyze log files and network activity for failed login attempts, configuration changes, new device connections or other suspicious behaviour.- Establish a structured response plan to effectively address breaches and cyber incidents.Individual users have also been warned to stay cautious. People should avoid clicking on unknown links, verify calls or messages before sharing information, and be careful of offers that seem too good to be true.- Be cautious of AI-generated phishing content, fake websites and social engineering attempts designed to mimic trusted individuals, organisations or services. - AI can generate highly convincing phishing emails and fake websites. Always verify links before clicking.- Avoid sharing sensitive personal, financial or official information through unverified digital channels.- Use a strong Wi Fi password and andvanced encryption if available. Avoid public Wi Fi for sensitive transactions -- use a VPN when necessary.
/images/ppid_a911dc6a-image-177728604061756186.webp)
/images/ppid_a911dc6a-image-177728468034170276.webp)
/images/ppid_a911dc6a-image-17772846425222303.webp)
