Indian cyberwatchdog warns MSMEs are facing higher AI-driven cyber attack threats

The Indian Computer Emergency Response Team (CERT-In) has released a critical advisory highlighting a paradigm shift in the digital threat landscape. According to the agency, the rapid advancement of frontier AI systems has moved cyberattacks into a new phase of "automation and scale." These AI tools are no longer just assistants but are now capable of autonomously scanning source code, detecting deep-seated vulnerabilities, and executing sophisticated attacks that once required elite human expertise. This technological leap has put India’s Micro, Small, and Medium Enterprises (MSMEs) in the crosshairs, as attackers can now launch high-precision strikes with minimal manual intervention.

Manual hacks to AI-driven automation

Traditionally, breaching a secure corporate network required a high level of specialized skill and hours of manual labor. CERT-In notes that AI has fundamentally changed this dynamic. Modern frontier AI systems can now analyze massive volumes of source code in seconds to find "zero-day" weaknesses. More alarmingly, these systems can "chain" exploits—linking multiple vulnerabilities across different platforms—to compromise an entire enterprise network from end to end. This automation allows attackers to work at a speed and reach that was previously impossible, effectively democratizing high-level cybercrime.

MSMEs are the most vulnerable targets

The advisory specifically points to growing risks for India’s MSME sector. Unlike large corporations, smaller firms often lack the budget for advanced cybersecurity infrastructure or dedicated 24/7 monitoring teams. Because AI tools significantly lower the "barrier to entry" for hackers, even low-skilled attackers can now target smaller businesses with the precision of a professional state-sponsored actor. CERT-In has warned that without immediate upgrades to their digital defenses, these businesses could face devastating data breaches or ransomware attacks that they are ill-equipped to handle.

Urgent security measures

To combat these automated threats, CERT-In has recommended a series of defensive strategies for firms with limited resources. The agency stressed the importance of deploying threat detection tools and maintaining continuous network monitoring. Crucially, the advisory highlights the need for rigorous "patch management." Since AI tools accelerate how quickly hackers can find and exploit unpatched software, any delay in updating systems could leave a business wide open. Businesses are also urged to maintain detailed logs, which are essential for forensic analysis and understanding how an AI-driven breach occurred.

(With TOI inputs)