India must bolster AI cyber defences

Advanced AI tools like Mythos escalate cyber risks in India
Small entities like cooperative banks face high fraud risks
Experts urge systemic security upgrades over strict AI bans

Summarized by AI ⓘ

Mastering AI

SEE ALL

LinkedIn News

Financial strategies in AI era needs reimagination

News9

After Anthropic row, Pentagon signs AI deals with OpenAI, Google, SpaceX, NVIDIA, AWS and Microsoft

NewsBytes

Meta launches MCI collecting employee data to train AI models

What is the story about?

India faces growing cyber risks from advanced AI. Discover how to bolster defenses, avoid regulatory pitfalls, and strengthen cybersecurity without stifling innovation.

Bolstering Small Entity Defenses

The emergence of advanced AI tools like Anthropic's Mythos, capable of identifying and simulating cyberattacks, presents a significant escalation in cyber threats.

This necessitates a strategic shift in India's cybersecurity approach, moving beyond traditional methods to address vulnerabilities dynamically. While regulatory bodies like CERT-In and the RBI are acknowledging these risks and issuing advisories, the focus needs to be on practical implementation, especially for smaller entities within critical sectors. These organizations, such as cooperative banks, often lack the resources for robust cybersecurity, making them prime targets. For instance, the Himachal Co-operative Bank lost Rs 11.5 crore in 2025 due to a customer downloading a malicious app. To counter this, instead of imposing more regulations which can be prohibitively expensive, a dual approach of financial support through a government-backed corpus fund and a curated list of trusted vendors is proposed. This ensures smaller entities can afford necessary upgrades and procure reliable security solutions, thereby reducing risks of poor procurement and exploitation by malicious actors.

Regulation's Unintended Consequences

It is imperative that India's regulatory landscape does not inadvertently create new security loopholes while attempting to manage AI. A critical review of existing and proposed legislation is essential to ensure they don't compromise current system integrity. The Draft Digital Competition Bill, for example, highlights this concern. Its provision to prohibit mobile operating system companies from restricting sideloading, while intended to foster competition, could widen the entry points for malware. This issue is not hypothetical; it has tangible consequences, as demonstrated by the Rs 11.5 crore cyber fraud at the Himachal Co-operative Bank in 2025, which stemmed from a compromised application. This incident underscores the direct link between regulatory changes that relax security controls and increased susceptibility to cyberattacks. Therefore, policymakers must meticulously assess the cybersecurity implications of any new digital regulation to prevent unintended vulnerabilities.

Resisting Access Restrictions

While the advancement of frontier AI systems like Mythos poses undeniable risks, the temptation to restrict access to these technologies altogether must be resisted. Such measures would be counterproductive, as malicious actors are unlikely to be deterred by legal frameworks; they will continue to seek and exploit vulnerabilities regardless of regulations. India's AI Governance and Economic Group's mandate to categorize AI use cases into 'deploy,' 'pilot,' and 'defer' suggests a potential inclination towards access-based restrictions. This approach, however, would stifle innovation and hinder the development of AI's beneficial applications. The focus should instead be on enhancing security at a systemic level, understanding that the true challenge lies not in the number of weaknesses, but in the ability of adversaries to exploit them before they are rectified. This requires a proactive, interconnected approach to cybersecurity, recognizing that the nation's defenses are only as strong as its most vulnerable point.