{"id":19929,"date":"2026-04-28T11:32:50","date_gmt":"2026-04-28T11:32:50","guid":{"rendered":"https:\/\/www.europesays.com\/ai\/19929\/"},"modified":"2026-04-28T11:32:50","modified_gmt":"2026-04-28T11:32:50","slug":"cert-in-warns-msmes-about-anthropics-mythos-and-other-ai-models-that-can-drive-cybercrime-risks","status":"publish","type":"post","link":"https:\/\/www.europesays.com\/ai\/19929\/","title":{"rendered":"Cert-In warns MSMEs about Anthropic’s Mythos and other AI models that can drive cybercrime risks"},"content":{"rendered":" ![\"Cert-In](\"https:\/\/www.europesays.com\/ai\/wp-content\/uploads\/2026\/04\/cert-in-warns-msmes-about-anthropic-mythos-and-other-ai-models-that-can-drive-cybercrime-risks.jpg\" "\\"Representative")
CERT-In has issued a high-severity advisory to Indian MSMEs on cybersecurity risks posed by advanced AI systems, such as Anthropic\u2019s Mythos and similar frontier models. In a recent advisory titled \u201cDefending Against Frontier AI-Driven Cyber Risks\u201d, the Indian cybersecurity watchdog said emerging AI models are now capable of identifying software vulnerabilities, automating reconnaissance, generating phishing content and executing multi-stage cyberattacks at a speed that previously required teams of skilled experts. CERT-In warned that these capabilities could lower the barrier to entry for cybercriminals and increase the risks for businesses with weak security systems.<\/p>\n
What risks Cert-In has flagged about advanced AI models<\/p>\n
According to the advisory, frontier AI models are increasingly capable of carrying out complex cyber operations with minimal human intervention. Cert-In said these systems can perform:Analysis of large-scale software to find known and zero-day vulnerabilitiesFaster exploit development for newly disclosed bugsAutomated Discovery of Internet-exposed infrastructureHarvesting credentials from AI-powered phishing campaignsMulti-stage attack planningFast exploitation workflowsThe agency warned that such tools can be used for defensive cybersecurity tasks but may also be misused by threat actors.\u201cIt is likely that AI systems with such advanced cyber capabilities will continue to emerge and mature in near future,\u201d the advisory notedCERT-In added that the dual-use nature of these tools could help attackers automate exploitation campaigns and scale attacks.<\/p>\n
What risks do MSMEs face<\/p>\n
The agency said MSMEs remain particularly vulnerable because of limited cybersecurity budgets and smaller security teams. According to CERT-In, businesses may face:Unauthorised accessData theftService disruptionsFinancial fraudIdentity compromiseImpersonation attacksPersistent malware infectionsThe advisory also warned about risks to interconnected systems and supply chains.<\/p>\n
Cert-In asks organisations to improve cyber hygiene<\/p>\n
For businesses, CERT-In recommended stronger monitoring and faster responses to emerging vulnerabilities. The agency advised organisations to:Increase system monitoring frequencyReview logs more frequentlyReduce internet-facing attack surfacesDisable unnecessary ports and servicesEnable DDoS protectionMonitor unusual access activityUse AI-powered defensive security toolsCERT-In also said companies should treat newly disclosed vulnerabilities with urgency.\u201cTreat every newly disclosed critical vulnerability in widely deployed software as something that could be exploited within hours, not weeks,\u201d the advisory added.<\/p>\n
Cert-In recommends Zero Trust security model: What is it<\/p>\n
The advisory also pushed organisations to adopt Zero Trust Network Architecture. CERT-In recommended:Multi-factor authenticationLeast privilege access controlsHardware-based identity verificationNetwork segmentationRestricting production systems from public internet exposureThe agency also warned businesses to review older VPN systems, which are often targeted by attackers.<\/p>\n
Importance of patching vulnerabilities faster<\/p>\n
CERT-In said businesses should significantly reduce patch deployment timelines. It advised companies to:Apply critical patches within 24 hours where possibleAutomate patch managementMaintain updated software inventoriesMonitor open-source software vulnerabilitiesReview third-party vendor security practicesThe advisory even urged organisations to monitor cloud environments for misconfigurations. CERT-In also said that smaller businesses should focus on cost-effective security measures. Recommendations for MSMEs include:Keeping systems updatedTurning on automatic updatesUsing managed security servicesEnabling multi-factor authenticationAvoiding unverified AI toolsEncrypting business dataFiltering phishing emailsTesting backup recovery processesMonitoring suspicious network activityThe agency also urged MSMEs to train employees regularly.\u201cConduct regular cybersecurity training to educate employees on risks of AI-generated content and scams,\u201d Cert-In advisory noted.<\/p>\n
Cert-In\u2019s guidance for individuals<\/p>\n
CERT-In also warned individual users that personal devices can become targets. It advised people to:Use strong passwordsEnable multi-factor authenticationAvoid suspicious linksVerify urgent financial requestsBe cautious of AI-generated scamsAvoid unverified downloadsBack up personal data regularlyThe agency also warned users to remain alert against deepfake scams and impersonation attempts.<\/p>\n
Why Mythos is drawing attention<\/p>\n
Mythos has recently drawn global attention after reports suggested that the AI model can identify software vulnerabilities and assist with cybersecurity testing.Several regulators and financial institutions worldwide have already begun reviewing risks associated with advanced AI cyber capabilities.CERT-In\u2019s latest advisory signals that Indian businesses, especially MSMEs, may also need to prepare for a faster-moving cyber threat landscape as AI capabilities continue evolving.<\/p>\n","protected":false},"excerpt":{"rendered":"CERT-In has issued a high-severity advisory to Indian MSMEs on cybersecurity risks posed by advanced AI systems, such…\n","protected":false},"author":2,"featured_media":19930,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[14116,14120,53,10716,14119,11614,14114,14115,14117,353,14118],"class_list":{"0":"post-19929","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-anthropic","8":"tag-ai-models-and-cybercrime","9":"tag-ai-powered-phishing-campaigns","10":"tag-anthropic","11":"tag-anthropic-mythos","12":"tag-automating-cyberattacks","13":"tag-cert-in","14":"tag-cert-in-advisory","15":"tag-cybersecurity-risks","16":"tag-msmes-cybersecurity","17":"tag-mythos","18":"tag-zero-trust-security-model"},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/posts\/19929","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/comments?post=19929"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/posts\/19929\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/media\/19930"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/media?parent=19929"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/categories?post=19929"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/tags?post=19929"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}